Using Traceroute on Linux and Tracert on Windows and Other Great Linux Network Tools

So, you load you website and the browser just spins. You then do a ping and notice that you have data loss. What’s up? Let’s check into the traceroute tool to see how to explain network data loss.

What is Traceroute and Tracert?

Traceroute

In Linux, traceroute is a command-line tool used to trace the path taken by packets from the source computer to a destination server or website on a network. It works by sending packets with varying Time-to-Live (TTL) values to the destination, and as the packets move through each router on the path, the router decrements the TTL value and returns an ICMP “Time Exceeded” message when the TTL reaches zero. The traceroute program then displays the IP address and hostname of the router, along with the round-trip time (RTT) for each packet. This information can be used to identify network connectivity issues and troubleshoot network problems.

What is Tracert?

Tracert (short for Trace Route) is a command-line tool available in Microsoft Windows operating systems that allows users to track the path taken by an IP packet from its source to its destination. Tracert works by sending a series of packets with increasing “time to live” (TTL) values, which are then returned by each subsequent router along the path to their source. This allows the user to identify the route taken by the packet and pinpoint any problems or slowdowns along the way. Tracert can be useful for troubleshooting network issues, identifying network bottlenecks, and diagnosing connectivity problems.

When do you need to use traceroute or tracert?

Traceroute (in Linux) and Tracert (in Windows) are both network diagnostic tools that are used to identify the path taken by data packets between your computer and a particular destination. They both use ICMP packets to track the route and display information about each hop along the way, such as the IP address and round-trip time.

You can use Traceroute or Tracert in a variety of situations, such as:

  • Troubleshooting network connectivity issues: Traceroute and Tracert can be used to identify where data packets are being lost or delayed when trying to connect to a particular website or service.
  • Analyzing network performance: By looking at the round-trip time for each hop, you can identify which hops are causing latency and potential performance issues.
  • Identifying potential security threats: Traceroute and Tracert can also be used to identify potential security threats or attackers by analyzing the path and identifying any unexpected or unknown hops
  • Complete route list. You will see all the routers on the way, with their IP addresses and the time it took. You can better understand the network.
  • Route timing. See how much time does it take to finish the query. Is it ok for you? What can you do to speed it up? You can have a starting point for improvements.
  • Check if you can reach a target. See if there is a connection between your device and the hostname or IP address
  • See problematic slow router. You can see how much time it took in each hop. So you can see a spot that significantly slows your network. You can fix the problem or add more presence in the area.
  • Run when your site is slow for you but not other people.

Overall, you can use Traceroute or Tracert whenever you need to diagnose or troubleshoot network connectivity or performance issues.

Let’s do some checking.

Linux Traceroute

Check to see if Traceroute is installed.

traceroute -V
Modern traceroute for Linux, version 2.0.22
Copyright (c) 2008  Dmitry Butskoy,   License: GPL v2 or any later

If you do not see the above, install by running the following:

Ubuntu/Debian

sudo apt install traceroute

or

sudo apt install iputils

CentOS/Rocky

sudo yum -y install traceroute

Or with DNF.

sudo dnf -y install traceroute

Using traceroute command

The simple command is as follows:

traceroute DomainName

Like below:

traceroute google.com

Output

traceroute to google.com (142.250.138.101), 30 hops max, 60 byte packets
 1  192.168.0.1 (192.168.0.1)  1.657 ms  1.571 ms  1.572 ms
 2  cpe-70-123-176-1.austin.res.rr.com (70.123.176.1)  15.939 ms  16.191 ms  16.316 ms
 3  * * *
 4  lag-19.ausxtxir02r.netops.charter.com (24.93.50.172)  22.514 ms  22.286 ms  22.636 ms
 5  lag-22.rcr01hstqtx02.netops.charter.com (24.175.41.48)  22.924 ms  22.703 ms *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  108.170.228.91 (108.170.228.91)  38.762 ms * *
11  * * *
12  * * *
13  142.250.234.115 (142.250.234.115)  44.963 ms * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  rw-in-f101.1e100.net (142.250.138.101)  28.585 ms  39.137 ms  38.768 ms

Traceroute will send three packets, but you can change this behavior by using -q option.

For example, let’s change the number of packets to 5:

traceroute -q 5 google.com

Here are the options that you can use.

Options:
  -4                          Use IPv4
  -6                          Use IPv6
  -d  --debug                 Enable socket level debugging
  -F  --dont-fragment         Do not fragment packets
  -f first_ttl  --first=first_ttl
                              Start from the first_ttl hop (instead from 1)
  -g gate,...  --gateway=gate,...
                              Route packets through the specified gateway
                              (maximum 8 for IPv4 and 127 for IPv6)
  -I  --icmp                  Use ICMP ECHO for tracerouting
  -T  --tcp                   Use TCP SYN for tracerouting (default port is 80)
  -i device  --interface=device
                              Specify a network interface to operate with
  -m max_ttl  --max-hops=max_ttl
                              Set the max number of hops (max TTL to be
                              reached). Default is 30
  -N squeries  --sim-queries=squeries
                              Set the number of probes to be tried
                              simultaneously (default is 16)
  -n                          Do not resolve IP addresses to their domain names
  -p port  --port=port        Set the destination port to use. It is either
                              initial udp port value for "default" method
                              (incremented by each probe, default is 33434), or
                              initial seq for "icmp" (incremented as well,
                              default from 1), or some constant destination
                              port for other methods (with default of 80 for
                              "tcp", 53 for "udp", etc.)
  -t tos  --tos=tos           Set the TOS (IPv4 type of service) or TC (IPv6
                              traffic class) value for outgoing packets
  -l flow_label  --flowlabel=flow_label
                              Use specified flow_label for IPv6 packets
  -w MAX,HERE,NEAR  --wait=MAX,HERE,NEAR
                              Wait for a probe no more than HERE (default 3)
                              times longer than a response from the same hop,
                              or no more than NEAR (default 10) times than some
                              next hop, or MAX (default 5.0) seconds (float
                              point values allowed too)
  -q nqueries  --queries=nqueries
                              Set the number of probes per each hop. Default is
                              3
  -r                          Bypass the normal routing and send directly to a
                              host on an attached network
  -s src_addr  --source=src_addr
                              Use source src_addr for outgoing packets
  -z sendwait  --sendwait=sendwait
                              Minimal time interval between probes (default 0).
                              If the value is more than 10, then it specifies a
                              number in milliseconds, else it is a number of
                              seconds (float point values allowed too)
  -e  --extensions            Show ICMP extensions (if present), including MPLS
  -A  --as-path-lookups       Perform AS path lookups in routing registries and
                              print results directly after the corresponding
                              addresses
  -M name  --module=name      Use specified module (either builtin or external)
                              for traceroute operations. Most methods have
                              their shortcuts (`-I' means `-M icmp' etc.)
  -O OPTS,...  --options=OPTS,...
                              Use module-specific option OPTS for the
                              traceroute module. Several OPTS allowed,
                              separated by comma. If OPTS is "help", print info
                              about available options
  --sport=num                 Use source port num for outgoing packets. Implies
                              `-N 1'
  --fwmark=num                Set firewall mark for outgoing packets
  -U  --udp                   Use UDP to particular port for tracerouting
                              (instead of increasing the port per each probe),
                              default port is 53
  -UL                         Use UDPLITE for tracerouting (default dest port
                              is 53)
  -D  --dccp                  Use DCCP Request for tracerouting (default port
                              is 33434)
  -P prot  --protocol=prot    Use raw packet of protocol prot for tracerouting
  --mtu                       Discover MTU along the path being traced. Implies
                              `-F -N 1'
  --back                      Guess the number of hops in the backward path and
                              print if it differs
  -V  --version               Print version info and exit
  --help                      Read this help and exit

How to read traceroute

The first line gives us the following info. The destination and its IP address. The number of hops traceroute will try before giving up. The size of the UDP packets we’re sending.

traceroute to google.com (142.250.114.102), 30 hops max, 60 byte packets


All of the other lines contain information about the hops.

cpe-70-123-176-1.austin.res.rr.com (70.123.176.1)  15.939 ms  16.191 ms  16.316 ms

The format of each hop line is as follows. The name of the device or the IP address.

cpe-70-112-176-1.austin.res.rr.com

The IP address.

(70.112.176.1)

The time it took round trip for each of the three tests.

28.585 ms  39.137 ms  38.768 ms

If an asterisk is here, it means there wasn’t a response for that test.

lag-22.rcr01hstqtx02.netops.charter.com (24.175.41.48)  22.924 ms  22.703 ms *

If the device doesn’t respond at all, you’ll see three asterisks, and no device name or IP address.

7  * * *

Let’s dig in for a deep dive

Hop 1: The first hop is the gateway of the Router on the local network. This is how our UDP packets leave the local network and get on the internet.

Hop 2: This is the gateway for the ISP connection.

Hop 3: This device didn’t respond. Perhaps it was configured never to send ICMP packets. Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.

Hop 4: We get the hostname, IP and all 3 tests are successful

Hop 5: We get the hostname, IP and only 2 tests are successful. This could indicate packet loss.

Hop 6-9: These devices didn’t respond. Perhaps it was configured never to send ICMP packets (Anonymous). Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.

Hop 10: We get the hostname, IP and only 1 test is successful. This could indicate packet loss.

Hop 11-12: These devices didn’t respond (Anonymous). Perhaps it was configured never to send ICMP packets. Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.

Hop 13: We get the hostname, IP and only 1 test is successful. This could indicate packet loss.

Hop 14-22: These devices didn’t respond. Perhaps it was configured never to send ICMP packets (Anonymous). Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.

Hop 23: We reached our destination.

Summary. Mixed signals as we we able to reach the destination in 23 Hops. The time was in 3 results as 28.585 ms 39.137 ms 38.768 ms.

Tracert in Windows

To run Tracert in Windows, Hit the Windows key + R and type cmd – Hit enter.

In the command prompt run the following:

tracert google.com

Output

C:\>tracert google.com

Tracing route to google.com [2607:f8b0:4000:80a::200e]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  2603-8081-2301-3b54-0000-0000-0000-0001.res6.spectrum.com [2603:8081:2301:3b54::1]
  2    21 ms    13 ms    18 ms  2605:6000:ffc0:8b::1
  3    11 ms    12 ms    16 ms  lag-63.hcr01rdrktxaz.netops.charter.com [2605:6000:0:4::e:3379]
  4     *        *       13 ms  lag-19.ausutxla01r.netops.charter.com [2605:6000:0:4::c:14a]
  5     *        *        *     Request timed out.
  6    29 ms    38 ms    29 ms  2001:4860:1:1::2458
  7    50 ms    31 ms    28 ms  2607:f8b0:8326::1
  8    28 ms    32 ms    25 ms  2001:4860:0:1::5692
  9    29 ms    28 ms    30 ms  2001:4860:0:11e3::2
 10     *       51 ms     *     2001:4860::c:4001:e559
 11    30 ms    35 ms    29 ms  2001:4860::1:0:c6ea
 12    29 ms    39 ms    27 ms  2001:4860:0:1::5703
 13    30 ms    42 ms    30 ms  dfw25s42-in-x0e.1e100.net [2607:f8b0:4000:80a::200e]

As you can see the Windows Tracert is similar to Linux Traceroute.

The Resutls are printed first with the name of the router listed next

3    11 ms    12 ms    16 ms  lag-63.hcr01rdrktxaz.netops.charter.com

As we can see, Traceroute and Tracert are useful tools that can explain network latency.

Other Tools to consider.

MTR (Linux and macOS).

MTR (My traceroute) is a network diagnostic tool used in Linux operating systems. It combines the functionality of the ‘traceroute’ and ‘ping’ commands to provide a more comprehensive view of the network path between two endpoints. MTR sends packets to the destination host and then reports the statistics of the packets as they traverse each hop in the path.

MTR continuously sends packets to the destination host, making it useful for monitoring network performance over time. It displays information such as the round-trip time (RTT), packet loss, and network hops with details like IP addresses and hostnames. This makes it an effective tool for diagnosing network problems and identifying potential bottlenecks or connectivity issues.

Install Debian/Ubuntu

sudo apt install mtr -y

CentOS/Rocky

sudo yum install mtr -y

Or

sudo dnf install mtr -y

Usage

mtr domain.com

The MTR command is an improved traceroute command that can give more statistics and data for lost packets (percentage).

Dig (Linux and macOS)

‘Dig’ stands for Domain Information Groper. It is a command-line tool in Linux and other Unix-like operating systems used to perform DNS (Domain Name System) lookups. It provides information about DNS records such as A, MX, CNAME, TXT, and NS records, among others.

Install

Install Debian/Ubuntu

sudo apt install dnsutils -y

CentOS/Rocky

sudo yum install bind-utils -y

Or

sudo dnf install bind-utils -y

Usage

dig +trace domain.com

If you already use the Dig command, you can use it for tracing the route too.

Open Visual Traceroute (Linux, macOS, and Windows)
This one is for people who want a visual interface.

Nmap (Linux, macOS, Windows, BSD, and more).

Network Mapper (Nmap) is a free, open-source network security scanning tool. By sending IP packets and analyzing the responses, Nmap can discover information about hosts and services on remote computer networks.

Nmap can also audit the security of a device, identify the vulnerabilities of your network, or perform an inventory check with relative ease.

Install

Install Debian/Ubuntu

sudo apt install nmap -y

CentOS/Rocky

sudo yum install nmap -y

Or

sudo dnf install nmap -y

Usage ***Please use this responsibly! Don not scan IP or domains multiple times.

sudo nmap domain.com

The results are very similar to the traceroute command.

Tracepath

Tracepath is a command-line utility in Linux and other Unix-like operating systems that is used to trace the network path to a destination host. It works by sending packets to the destination host with increasing TTL (time-to-live) values and receiving ICMP (Internet Control Message Protocol) error messages from each hop along the way.

Install

Install Debian/Ubuntu

sudo apt install iputils-tracepath -y

CentOS/Rocky – tracepath is part of the traceroute install

sudo yum install traceroute-y

Or

sudo dnf install traceroute -y

Usage

tracepath domain-name.com

The nslookup command

When managing connectivity issues, DNS name resolution is often a source of headaches. The nslookup utility helps you check and troubleshoot DNS name resolution.

This command is available with the bind-utils package.

Install

Install Debian/Ubuntu

sudo apt install dnsutils -y

CentOS/Rocky – tracepath is part of the traceroute install

sudo yum install bind-utils -y

Or

sudo dnf install bind-utils -y

Usage

nslookup domain.com

I hope you enjoyed this. If you have any questions, let us know via chat.

R. Pringle, AKA “The Geekdecoder,” is a 20 year veteran Systems Administrator and the founder of Geekdecoder.com – a self-help knowledge-base web site for Linux, Web Hosting, Technology and Server Administration.

Leave a Comment