So, you load you website and the browser just spins. You then do a ping and notice that you have data loss. What’s up? Let’s check into the traceroute tool to see how to explain network data loss.
What is Traceroute and Tracert?
Traceroute
In Linux, traceroute is a command-line tool used to trace the path taken by packets from the source computer to a destination server or website on a network. It works by sending packets with varying Time-to-Live (TTL) values to the destination, and as the packets move through each router on the path, the router decrements the TTL value and returns an ICMP “Time Exceeded” message when the TTL reaches zero. The traceroute program then displays the IP address and hostname of the router, along with the round-trip time (RTT) for each packet. This information can be used to identify network connectivity issues and troubleshoot network problems.
What is Tracert?
Tracert (short for Trace Route) is a command-line tool available in Microsoft Windows operating systems that allows users to track the path taken by an IP packet from its source to its destination. Tracert works by sending a series of packets with increasing “time to live” (TTL) values, which are then returned by each subsequent router along the path to their source. This allows the user to identify the route taken by the packet and pinpoint any problems or slowdowns along the way. Tracert can be useful for troubleshooting network issues, identifying network bottlenecks, and diagnosing connectivity problems.
When do you need to use traceroute or tracert?
Traceroute (in Linux) and Tracert (in Windows) are both network diagnostic tools that are used to identify the path taken by data packets between your computer and a particular destination. They both use ICMP packets to track the route and display information about each hop along the way, such as the IP address and round-trip time.
You can use Traceroute or Tracert in a variety of situations, such as:
- Troubleshooting network connectivity issues: Traceroute and Tracert can be used to identify where data packets are being lost or delayed when trying to connect to a particular website or service.
- Analyzing network performance: By looking at the round-trip time for each hop, you can identify which hops are causing latency and potential performance issues.
- Identifying potential security threats: Traceroute and Tracert can also be used to identify potential security threats or attackers by analyzing the path and identifying any unexpected or unknown hops
- Complete route list. You will see all the routers on the way, with their IP addresses and the time it took. You can better understand the network.
- Route timing. See how much time does it take to finish the query. Is it ok for you? What can you do to speed it up? You can have a starting point for improvements.
- Check if you can reach a target. See if there is a connection between your device and the hostname or IP address
- See problematic slow router. You can see how much time it took in each hop. So you can see a spot that significantly slows your network. You can fix the problem or add more presence in the area.
- Run when your site is slow for you but not other people.
Overall, you can use Traceroute or Tracert whenever you need to diagnose or troubleshoot network connectivity or performance issues.
Let’s do some checking.
Linux Traceroute
Check to see if Traceroute is installed.
traceroute -V
Modern traceroute for Linux, version 2.0.22
Copyright (c) 2008 Dmitry Butskoy, License: GPL v2 or any later
If you do not see the above, install by running the following:
Ubuntu/Debian
sudo apt install traceroute
or
sudo apt install iputils
CentOS/Rocky
sudo yum -y install traceroute
Or with DNF.
sudo dnf -y install traceroute
Using traceroute command
The simple command is as follows:
traceroute DomainName
Like below:
traceroute google.com
Output
traceroute to google.com (142.250.138.101), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 1.657 ms 1.571 ms 1.572 ms
2 cpe-70-123-176-1.austin.res.rr.com (70.123.176.1) 15.939 ms 16.191 ms 16.316 ms
3 * * *
4 lag-19.ausxtxir02r.netops.charter.com (24.93.50.172) 22.514 ms 22.286 ms 22.636 ms
5 lag-22.rcr01hstqtx02.netops.charter.com (24.175.41.48) 22.924 ms 22.703 ms *
6 * * *
7 * * *
8 * * *
9 * * *
10 108.170.228.91 (108.170.228.91) 38.762 ms * *
11 * * *
12 * * *
13 142.250.234.115 (142.250.234.115) 44.963 ms * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 rw-in-f101.1e100.net (142.250.138.101) 28.585 ms 39.137 ms 38.768 ms
Traceroute will send three packets, but you can change this behavior by using -q option.
For example, let’s change the number of packets to 5:
traceroute -q 5 google.com
Here are the options that you can use.
Options:
-4 Use IPv4
-6 Use IPv6
-d --debug Enable socket level debugging
-F --dont-fragment Do not fragment packets
-f first_ttl --first=first_ttl
Start from the first_ttl hop (instead from 1)
-g gate,... --gateway=gate,...
Route packets through the specified gateway
(maximum 8 for IPv4 and 127 for IPv6)
-I --icmp Use ICMP ECHO for tracerouting
-T --tcp Use TCP SYN for tracerouting (default port is 80)
-i device --interface=device
Specify a network interface to operate with
-m max_ttl --max-hops=max_ttl
Set the max number of hops (max TTL to be
reached). Default is 30
-N squeries --sim-queries=squeries
Set the number of probes to be tried
simultaneously (default is 16)
-n Do not resolve IP addresses to their domain names
-p port --port=port Set the destination port to use. It is either
initial udp port value for "default" method
(incremented by each probe, default is 33434), or
initial seq for "icmp" (incremented as well,
default from 1), or some constant destination
port for other methods (with default of 80 for
"tcp", 53 for "udp", etc.)
-t tos --tos=tos Set the TOS (IPv4 type of service) or TC (IPv6
traffic class) value for outgoing packets
-l flow_label --flowlabel=flow_label
Use specified flow_label for IPv6 packets
-w MAX,HERE,NEAR --wait=MAX,HERE,NEAR
Wait for a probe no more than HERE (default 3)
times longer than a response from the same hop,
or no more than NEAR (default 10) times than some
next hop, or MAX (default 5.0) seconds (float
point values allowed too)
-q nqueries --queries=nqueries
Set the number of probes per each hop. Default is
3
-r Bypass the normal routing and send directly to a
host on an attached network
-s src_addr --source=src_addr
Use source src_addr for outgoing packets
-z sendwait --sendwait=sendwait
Minimal time interval between probes (default 0).
If the value is more than 10, then it specifies a
number in milliseconds, else it is a number of
seconds (float point values allowed too)
-e --extensions Show ICMP extensions (if present), including MPLS
-A --as-path-lookups Perform AS path lookups in routing registries and
print results directly after the corresponding
addresses
-M name --module=name Use specified module (either builtin or external)
for traceroute operations. Most methods have
their shortcuts (`-I' means `-M icmp' etc.)
-O OPTS,... --options=OPTS,...
Use module-specific option OPTS for the
traceroute module. Several OPTS allowed,
separated by comma. If OPTS is "help", print info
about available options
--sport=num Use source port num for outgoing packets. Implies
`-N 1'
--fwmark=num Set firewall mark for outgoing packets
-U --udp Use UDP to particular port for tracerouting
(instead of increasing the port per each probe),
default port is 53
-UL Use UDPLITE for tracerouting (default dest port
is 53)
-D --dccp Use DCCP Request for tracerouting (default port
is 33434)
-P prot --protocol=prot Use raw packet of protocol prot for tracerouting
--mtu Discover MTU along the path being traced. Implies
`-F -N 1'
--back Guess the number of hops in the backward path and
print if it differs
-V --version Print version info and exit
--help Read this help and exit
How to read traceroute
The first line gives us the following info. The destination and its IP address. The number of hops traceroute will try before giving up. The size of the UDP packets we’re sending.
traceroute to google.com (142.250.114.102), 30 hops max, 60 byte packets
All of the other lines contain information about the hops.
cpe-70-123-176-1.austin.res.rr.com (70.123.176.1) 15.939 ms 16.191 ms 16.316 ms
The format of each hop line is as follows. The name of the device or the IP address.
cpe-70-112-176-1.austin.res.rr.com
The IP address.
(70.112.176.1)
The time it took round trip for each of the three tests.
28.585 ms 39.137 ms 38.768 ms
If an asterisk is here, it means there wasn’t a response for that test.
lag-22.rcr01hstqtx02.netops.charter.com (24.175.41.48) 22.924 ms 22.703 ms *
If the device doesn’t respond at all, you’ll see three asterisks, and no device name or IP address.
7 * * *
Let’s dig in for a deep dive
Hop 1: The first hop is the gateway of the Router on the local network. This is how our UDP packets leave the local network and get on the internet.
Hop 2: This is the gateway for the ISP connection.
Hop 3: This device didn’t respond. Perhaps it was configured never to send ICMP packets. Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.
Hop 4: We get the hostname, IP and all 3 tests are successful
Hop 5: We get the hostname, IP and only 2 tests are successful. This could indicate packet loss.
Hop 6-9: These devices didn’t respond. Perhaps it was configured never to send ICMP packets (Anonymous). Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.
Hop 10: We get the hostname, IP and only 1 test is successful. This could indicate packet loss.
Hop 11-12: These devices didn’t respond (Anonymous). Perhaps it was configured never to send ICMP packets. Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.
Hop 13: We get the hostname, IP and only 1 test is successful. This could indicate packet loss.
Hop 14-22: These devices didn’t respond. Perhaps it was configured never to send ICMP packets (Anonymous). Or, perhaps it did respond but was too slow, so traceroute timed out. You can check again to see if there is reply.
Hop 23: We reached our destination.
Summary. Mixed signals as we we able to reach the destination in 23 Hops. The time was in 3 results as 28.585 ms 39.137 ms 38.768 ms.
Tracert in Windows
To run Tracert in Windows, Hit the Windows key + R and type cmd – Hit enter.
In the command prompt run the following:
tracert google.com
Output
C:\>tracert google.com
Tracing route to google.com [2607:f8b0:4000:80a::200e]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 2603-8081-2301-3b54-0000-0000-0000-0001.res6.spectrum.com [2603:8081:2301:3b54::1]
2 21 ms 13 ms 18 ms 2605:6000:ffc0:8b::1
3 11 ms 12 ms 16 ms lag-63.hcr01rdrktxaz.netops.charter.com [2605:6000:0:4::e:3379]
4 * * 13 ms lag-19.ausutxla01r.netops.charter.com [2605:6000:0:4::c:14a]
5 * * * Request timed out.
6 29 ms 38 ms 29 ms 2001:4860:1:1::2458
7 50 ms 31 ms 28 ms 2607:f8b0:8326::1
8 28 ms 32 ms 25 ms 2001:4860:0:1::5692
9 29 ms 28 ms 30 ms 2001:4860:0:11e3::2
10 * 51 ms * 2001:4860::c:4001:e559
11 30 ms 35 ms 29 ms 2001:4860::1:0:c6ea
12 29 ms 39 ms 27 ms 2001:4860:0:1::5703
13 30 ms 42 ms 30 ms dfw25s42-in-x0e.1e100.net [2607:f8b0:4000:80a::200e]
As you can see the Windows Tracert is similar to Linux Traceroute.
The Resutls are printed first with the name of the router listed next
3 11 ms 12 ms 16 ms lag-63.hcr01rdrktxaz.netops.charter.com
As we can see, Traceroute and Tracert are useful tools that can explain network latency.
Other Tools to consider.
MTR (Linux and macOS).
MTR (My traceroute) is a network diagnostic tool used in Linux operating systems. It combines the functionality of the ‘traceroute’ and ‘ping’ commands to provide a more comprehensive view of the network path between two endpoints. MTR sends packets to the destination host and then reports the statistics of the packets as they traverse each hop in the path.
MTR continuously sends packets to the destination host, making it useful for monitoring network performance over time. It displays information such as the round-trip time (RTT), packet loss, and network hops with details like IP addresses and hostnames. This makes it an effective tool for diagnosing network problems and identifying potential bottlenecks or connectivity issues.
Install Debian/Ubuntu
sudo apt install mtr -y
CentOS/Rocky
sudo yum install mtr -y
Or
sudo dnf install mtr -y
Usage
mtr domain.com
The MTR command is an improved traceroute command that can give more statistics and data for lost packets (percentage).
Dig (Linux and macOS)
‘Dig’ stands for Domain Information Groper. It is a command-line tool in Linux and other Unix-like operating systems used to perform DNS (Domain Name System) lookups. It provides information about DNS records such as A, MX, CNAME, TXT, and NS records, among others.
Install
Install Debian/Ubuntu
sudo apt install dnsutils -y
CentOS/Rocky
sudo yum install bind-utils -y
Or
sudo dnf install bind-utils -y
Usage
dig +trace domain.com
If you already use the Dig command, you can use it for tracing the route too.
Open Visual Traceroute (Linux, macOS, and Windows)
This one is for people who want a visual interface.
Nmap (Linux, macOS, Windows, BSD, and more).
Network Mapper (Nmap) is a free, open-source network security scanning tool. By sending IP packets and analyzing the responses, Nmap can discover information about hosts and services on remote computer networks.
Nmap can also audit the security of a device, identify the vulnerabilities of your network, or perform an inventory check with relative ease.
Install
Install Debian/Ubuntu
sudo apt install nmap -y
CentOS/Rocky
sudo yum install nmap -y
Or
sudo dnf install nmap -y
Usage ***Please use this responsibly! Don not scan IP or domains multiple times.
sudo nmap domain.com
The results are very similar to the traceroute command.
Tracepath
Tracepath is a command-line utility in Linux and other Unix-like operating systems that is used to trace the network path to a destination host. It works by sending packets to the destination host with increasing TTL (time-to-live) values and receiving ICMP (Internet Control Message Protocol) error messages from each hop along the way.
Install
Install Debian/Ubuntu
sudo apt install iputils-tracepath -y
CentOS/Rocky – tracepath is part of the traceroute install
sudo yum install traceroute-y
Or
sudo dnf install traceroute -y
Usage
tracepath domain-name.com
The nslookup command
When managing connectivity issues, DNS name resolution is often a source of headaches. The nslookup utility helps you check and troubleshoot DNS name resolution.
This command is available with the bind-utils package.
Install
Install Debian/Ubuntu
sudo apt install dnsutils -y
CentOS/Rocky – tracepath is part of the traceroute install
sudo yum install bind-utils -y
Or
sudo dnf install bind-utils -y
Usage
nslookup domain.com
I hope you enjoyed this. If you have any questions, let us know via chat.
R. Pringle, AKA “The Geekdecoder,” is a 20 year veteran Systems Administrator and the founder of Geekdecoder.com – a self-help knowledge-base web site for Linux, Web Hosting, Technology and Server Administration.