traceroute(8)
NAME
traceroute - print the route packets take to network host
SYNOPSIS
traceroute [ -dFIlnrvx ] [ -f first_ttl ] [ -g gateway ]
[ -i iface ] [ -m max_ttl ] [ -p port ]
[ -q nqueries ] [ -s src_addr ] [ -t tos ]
[ -w waittime ] [ -z pausemsecs ]
host [ packetlen ]
DESCRIPTION
- The Internet is a large and complex aggregation of network
- hardware, connected together by gateways. Tracking the route
- one's packets follow (or finding the miscreant gateway that's
- discarding your packets) can be difficult. Traceroute utilizes
- the IP protocol `time to live' field and attempts to elicit an
- ICMP TIME_EXCEEDED response from each gateway along the path to
- some host.
- The only mandatory parameter is the destination host name
- or IP number. The default probe datagram length is 40 bytes, but
- this may be increased by specifying a packet length (in bytes)
- after the destination host name.
- Other options are:
- -f Set the initial time-to-live used in the first out
- going probe packet.
- -F Set the "don't fragment" bit.
- -d Enable socket level debugging.
- -g Specify a loose source route gateway (8 maximum).
- -i Specify a network interface to obtain the source IP
- address for outgoing probe packets. This is normally only useful
- on a multi-homed host. (See the -s flag for another way to do
- this.)
- -I Use ICMP ECHO instead of UDP datagrams.
- -l Display the ttl value of the returned packet. This
- is useful for checking for assymetric routing.
- -m Set the max time-to-live (max number of hops) used
- in outgoing probe packets. The default is 30 hops (the same de
- fault used for TCP connections).
- -n Print hop addresses numerically rather than symbol
- ically and numerically (saves a nameserver address-to-name lookup
- for each gateway found on the path).
- -p Set the base UDP port number used in probes (de
- fault is 33434). Traceroute hopes that nothing is listening on
- UDP ports base + 1 to base + nhops at the destination host (so an
- ICMP PORT_UNREACHABLE message will be returned to terminate the
- route tracing). If something is listening on a port in the de
- fault range, this option can be used to pick an unused port
- range.
- -r Bypass the normal routing tables and send directly
- to a host on an attached network. If the host is not on a di
- rectly-attached network, an error is returned. This option can
- be used to ping a local host through an interface that has no
- route through it (e.g., after the interface was dropped by
- routed(8C)).
- -s Use the following IP address (which usually is giv
- en as an IP number, not a hostname) as the source address in out
- going probe packets. On multi-homed hosts (those with more than
- one IP address), this option can be used to force the source ad
- dress to be something other than the IP address of the interface
- the probe packet is sent on. This option can only be used by the
- super-user. (See the -i flag for another way to do this.)
- -t Set the type-of-service in probe packets to the
- following value (default zero). The value must be a decimal in
- teger in the range 0 to 255. This option can be used to see if
- different types-of-service result in different paths. (If you
- are not running 4.4bsd, this may be academic since the normal
- network services like telnet and ftp don't let you control the
- TOS). Not all values of TOS are legal or meaningful - see the IP
- spec for definitions. Useful values are probably `-t 16' (low
- delay) and `-t 8' (high throughput).
- -v Verbose output. Received ICMP packets other than
- TIME_EXCEEDED and UNREACHABLEs are listed.
- -w Set the time (in seconds) to wait for a response to
- a probe (default 5 sec.).
- -x Toggle ip checksums. Normally, this prevents
- traceroute from calculating ip checksums. In some cases, the op
- erating system can overwrite parts of the outgoing packet but not
- recalculate the checksum (so in some cases the default is to not
- calculate checksums and using -x causes them to be calcualted).
- Note that checksums are usually required for the last hop when
- using ICMP ECHO probes (-I). So they are always calculated when
- using ICMP.
- -z Set the time (in milliseconds) to pause between
- probes (default 0). Some systems such as Solaris and routers
- such as Ciscos rate limit icmp messages. A good value to use with
- this this is 500 (e.g. 1/2 second).
- This program attempts to trace the route an IP packet
- would follow to some internet host by launching UDP probe packets
- with a small ttl (time to live) then listening for an ICMP "time
- exceeded" reply from a gateway. We start our probes with a ttl
- of one and increase by one until we get an ICMP "port unreach
- able" (which means we got to "host") or hit a max (which defaults
- to 30 hops & can be changed with the -m flag). Three probes
- (change with -q flag) are sent at each ttl setting and a line is
- printed showing the ttl, address of the gateway and round trip
- time of each probe. If the probe answers come from different
- gateways, the address of each responding system will be printed.
- If there is no response within a 5 sec. timeout interval (changed
- with the -w flag), a "*" is printed for that probe.
- We don't want the destination host to process the UDP
- probe packets so the destination port is set to an unlikely value
- (if some clod on the destination is using that value, it can be
- changed with the -p flag).
- A sample use and output might be:
[yak 71]% traceroute nis.nsf.net.
traceroute to nis.nsf.net (35.1.1.48), 30 hops max,- 38 byte packet
1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms39 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39ms 40 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms
8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80ms
9 129.140.71.6 (129.140.71.6) 139 ms 239 ms319 ms - 10 129.140.81.7 (129.140.81.7) 220 ms 199 ms
- 199 ms
11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 - ms
- Note that lines 2 & 3 are the same. This is due to a bug
- gy kernel on the 2nd hop system - lbl-csam.arpa - that forwards
- packets with a zero ttl (a bug in the distributed version of
- 4.3BSD). Note that you have to guess what path the packets are
- taking cross-country since the NSFNet (129.140) doesn't supply
- address-to-name translations for its NSSes.
- A more interesting example is:
[yak 72]% traceroute allspice.lcs.mit.edu.
traceroute to allspice.lcs.mit.edu (18.26.0.115),- 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms159 ms - 10 129.140.81.7 (129.140.81.7) 199 ms 180 ms
- 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms - 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms - 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 - ms 279 ms
- Note that the gateways 12, 14, 15, 16 & 17 hops away ei
- ther don't send ICMP "time exceeded" messages or send them with a
- ttl too small to reach us. 14 - 17 are running the MIT C Gateway
- code that doesn't send "time exceeded"s. God only knows what's
- going on with 12.
- The silent gateway 12 in the above may be the result of a
- bug in the 4.[23]BSD network code (and its derivatives): 4.x (x
- <= 3) sends an unreachable message using whatever ttl remains in
- the original datagram. Since, for gateways, the remaining ttl is
- zero, the ICMP "time exceeded" is guaranteed to not make it back
- to us. The behavior of this bug is slightly more interesting
- when it appears on the destination system:
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0- ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms - 19 ms 39 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms - 39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 - ms 40 ms 19 ms
5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms - 39 ms 39 ms
6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 - ms 39 ms
7 * * *
8 * * *
9 * * * - 10 * * *
11 * * *
12 * * *
13 rip.Berkeley.EDU (128.32.131.22) 59 ms ! 39 - ms ! 39 ms !
- Notice that there are 12 "gateways" (13 is the final des
- tination) and exactly the last half of them are "missing".
- What's really happening is that rip (a Sun-3 running Sun OS3.5)
- is using the ttl from our arriving datagram as the ttl in its
- ICMP reply. So, the reply will time out on the return path (with
- no notice sent to anyone since ICMP's aren't sent for ICMP's) un
- til we probe with a ttl that's at least twice the path length.
- I.e., rip is really only 7 hops away. A reply that returns with
- a ttl of 1 is a clue this problem exists. Traceroute prints a
- "!" after the time if the ttl is <= 1. Since vendors ship a lot
- of obsolete (DEC's Ultrix, Sun 3.x) or non-standard (HPUX) soft
- ware, expect to see this problem frequently and/or take care
- picking the target host of your probes.
- Other possible annotations after the time are !H, !N, or
- !P (host, network or protocol unreachable), !A, !C (access to the
- network or host, respectively, is prohibited), !S (source route
- failed), !F-<pmtu> (fragmentation needed - the RFC1191 Path MTU
- Discovery value is displayed), !X (communication administratively
- prohibited), !V (host precedence violation), !C (precedence cut
- off in effect), or !<num> (ICMP unreachable code <num>). These
- are defined by RFC1812 (which supersedes RFC1716). If almost all
- the probes result in some kind of unreachable, traceroute will
- give up and exit.
- This program is intended for use in network testing, mea
- surement and management. It should be used primarily for manual
- fault isolation. Because of the load it could impose on the net
- work, it is unwise to use traceroute during normal operations or
- from automated scripts.
DIAGNOSTICS
- If your kernel does not support rtnetlink (routing mes
- sages), you will get a warning of the form
- traceroute: Warning: findsaddr: error sending
- netlink message: <reason>
traceroute: Warning: ip checksums disabled - This is harmless as IP checksums will be provided by the
- kernel, and UDP checksums (which are also disabled when rtnetlink
- is unavailable) are optional.
SEE ALSO
pathchar(8), netstat(1), ping(8)
AUTHOR
- Implemented by Van Jacobson from a suggestion by Steve
- Deering. Debugged by a cast of thousands with particularly co
- gent suggestions or fixes from C. Philip Wood, Tim Seaver and Ken
- Adelman.
- The current version is available via anonymous ftp:
ftp://ftp.ee.lbl.gov/traceroute.tar.gz
BUGS
- Please send bug reports to traceroute@ee.lbl.gov.
- 4.3 Berkeley Distribution 21 September 2000