How to use the traceroute command on Linux

You can use the Linux traceroute Command to detect the slow portion of a network packet’s journey and to resolve sluggish network connections. We’ll show you how!

This is how traceroute works

If you appreciate how traceroute works, it makes understanding the results a lot easier. The more complicated the route a Network package the more difficult it is to pinpoint where delays could occur.

A small organization local network (LAN) could be relatively simple. It will likely have at least one server and a router or two. The complexity increases to a Wide area network (WAN) that communicates between different locations or over the Internet. Your network packet then hits (and is forwarded and routed) a lot of hardware, such as routers and Gateways.

The headers of metadata on data packets describe their length, where they come from, where they are going, the protocol used and so on. The specification of the protocol defines the header. If you can identify the log, you can determine the beginning and end of each field in the header and read the metadata.

traceroute uses the TCP / IP Set of logs and sends User Datagram Protocol Packages. The header contains the time to live (TTL) field containing an 8-bit integer value. Contrary to what the name suggests, it stands for a count, not a duration.


A packet travels from its origin to its destination via a router. Every time the packet arrives at a router, the TTL counter is decremented. If the TTL value ever reaches one, the router receiving the packet will decrease the value and find that it is now zero. The packet is then discarded and not forwarded to the next hop on its journey because it has “timed out”.

The router sends a Internet Message Control Protocol (ICMP) Timed out Message back to the origin of the packet to inform it that the packet has timed out. The Time Exceeded message contains the original header and the first 64 bits of data from the original packet. This is on page 6 of. Are defined Request for comments 792.

So if traceroute sends out a packet, but then sets the TTL value to one, the packet only comes to the first router before it is discarded. It receives an ICMP timeout message from the router and can record the time for the round trip.

It then repeats the exercise with TTL set to 2, which fails after two jumps. traceroute increases the TTL to three and tries again. This process repeats until the goal is reached or the maximum number of hops (30 by default) is tested.

Some routers don’t play well

Some routers have bugs. You are trying to forward packets with a TTL of zero instead of discarding them and triggering an ICMP timeout message.

Corresponding Cisco, some Internet Service Providers (ISPs) limit the number of ICMP messages their routers forward.


Some devices are configured so that they never send ICMP packets. This is often used to ensure that the device does not unknowingly participate in a distributed denial of service, as a Smurf attack.

traceroute has a default response timeout of five seconds. If it does not receive a response within five seconds, the attempt will be aborted. This means that responses from very slow routers will be ignored.

Install traceroute

traceroute was already installed on Fedora 31, but must be installed on Manjaro 18.1 and Ubuntu 18.04. To install traceroute On Manjaro, use the following command:

sudo pacman -Sy traceroute

To install traceroute On Ubuntu, use the following command:

sudo apt-get install traceroute

Use traceroute

As we described above, traceroute's The purpose is to get a response from the router on every hop from your computer to the destination. Some may be taciturn and not giving away anything, while others will likely spill the beans without hesitation.

as example, we’re running in traceroute to the Blarney Castle Site in Ireland, home of the famous Blarney Stone. Legend has it that if you kiss the Blarney Stone, you will be blessed with the “gift of ramblings”. Let’s hope that the routers we encounter along the way are correspondingly chatty.

We enter the following command:

traceroute www.blarneycastle.ie

The first line gives us the following information:

  • The destination and its IP address.
  • The number of hops traceroute I’ll try before you give up
  • The size of the UDP packets we are sending.

All other lines contain information about one of the hops. Before we get into the details, however, we can see that there are 11 jumps between our computer and the Blarney Castle website. Hop 11 also tells us that we have achieved our goal.

The format of each hop line is as follows:

  • The name of the device or, if the device does not identify itself, the IP address.
  • The IP address.
  • The time it took to complete each of the three tests. If there is an asterisk here, it means that this test was not answered. If the device does not respond at all, you will see three asterisks and no device name or IP address.

Let’s take a look at what we have:

  • Hop 1: The first port of call (no pun intended) is the DrayTek Vigor router on the local network. This is how our UDP packets leave the local network and enter the Internet.
  • Hop 2: This device did not respond. Maybe it was configured to never send ICMP packets. Or maybe it reacted but was too slow, so traceroute expired.
  • Hop 3: A device responded, but we didn’t get its name, only the IP address. Notice that there is an asterisk on this line, which means that we did not receive responses to all three requests. This could indicate a packet loss.
  • Hops 4 and 5: More anonymous hops.
  • Jump 6: There’s a lot of text here because each of our three UDP requests was handled by a different remote device. The (rather long) names and IP addresses for each device were printed. This can happen when you come across a “busy” network that has a lot of hardware to handle a lot of traffic. This hop is inside one of the largest ISPs in the UK. So it would be a bit of a miracle if the same remote hardware could handle our three connection requests.
  • Hop 7: This is the hop our UDP packets made when they left the ISP network.
  • Hop 8: Here, too, we get an IP address, but not the device name. All three tests returned successfully.
  • Hops 9 and 10: Two more anonymous jumps.
  • Hop 11: We have arrived at the Blarney Castle website. The castle is in Cork, Ireland, but noisy Geolocation of the IP address, the site is located in London.


So it was a mixed bag. Some devices played along, others responded but did not tell us their name, others remained completely anonymous.

However, we got to the destination, we know it’s 11 hops away, and the round-trip time for the trip was 13,773 and 14,715 milliseconds, respectively.

Hide device names

As we’ve seen, inserting device names sometimes leads to a cluttered display. To make the data easier to view, you can use the -n (no assignment) option.

Plus with our example, let’s enter:

traceroute -n blarneycastle.ie

This makes it easier to pick large numbers for round trip timings that could indicate a bottleneck.

Hop 3 is starting to look suspicious. Last time it only replied twice, and this time it replied only once. In this scenario, of course, it’s out of our control.


However, if you are investigating your corporate network, it is worth digging a little deeper into these nodes.

Set the traceroute timeout value

We may get more responses if we increase the standard timeout period (five seconds). We use the -w (Waiting time) option to change it to seven seconds. (Note that this is a floating point number.)

We enter the following command:

traceroute -w 7.0 blarneycastle.ie

That didn’t make much of a difference, so the answers will likely expire. It is likely that the anonymous hops are kept secret on purpose.

Set the number of tests

By default, traceroute sends three UDP packets to each hop. We can use that -q (Number of queries) option to adjust this up or down.

To speed that up traceroute test, let’s enter the following to reduce the number of UDP test packets we send to one:

traceroute -q 1 blarneycastle.ie

This sends a single sample to each hop.

Set the initial TTL value

We can set the initial value of TTL to something other than one and skip some jumps. Typically the TTL values ​​are set to one for the first test set, two for the next test set, and so on. If we set it to five, the first test tries to get to hop five and skip jumps one through four.


Knowing that the Blarney Castle website is 11 hops away from this computer, to go straight to hop 11, let’s enter the following:

traceroute -f 11 blarneycastle.ie

This gives us a nice, condensed report on the state of the connection to the target.

Be considerate

traceroute is a great tool for studying network routing, checking connection speeds, or identifying bottlenecks. Windows has one too tracert Command that works similarly.

You don’t want to torrent unknown devices from UDP packets, however, and be careful when locking it in traceroute in scripts or unattended jobs.

The charge traceroute being placed on a network can adversely affect its performance. Unless you are in an instant fix situation, you may want to use it outside of normal business hours.

Linux commands
Filestar · pv · cat · tac · chmod · grep · difference · sed · With · man · pushed · popd · fsck · Test disk · seq · fd · pandoc · CD · $ PATH · awk · join · jq · wrinkles · unique · journalctl · tail · stat · ls · fstab · echo · fewer · chgrp · chown · Rev · look · Strings · Type · rename · Postal code · unzip · assemble · ummount · To install · fdisk · mkfs · rm · rmdir · rsync · df · gpg · weather · Nano · mkdir · from · ln · Patch · Convert · rclon · Scraps · srm
Processesalias · screen · above · kind · renice · progress · strace · system · tmux · chsh · story · at · Batch · for free · which · dmesg · chfn · User mod · ps · chroot · xargs · tty · pinkie finger · lsof · vmstat · Time out · Wall · Yes sir · kill · sleep · sudo · it is · Time · groupadd · User mod · groups · lshw · switch off · start anew · Stop · switch off · passwd · lscpu · crontab · date · bg · fg
Networkingnetstat · Ring · Trace route · ip · ss · who is · fail2ban · bmon · she · finger · nmap · ftp · curl · wget · who · who am I · w · iptables · ssh-keygen · ufw

Best Linux Laptops for Developers and Enthusiasts

Related Posts