Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ traceroute(1M) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

netstat(1M)

ping(1M)

traceroute(1M)                                               traceroute(1M)

NAME
     traceroute - output the route packets take to network host

SYNOPSIS
     traceroute [-m maxttl] [-n] [-p port] [-q nqueries] [-r] [-s srcaddr]
                [-g addr] [-t tos] [-v] [-w waittime] host [packetsize]

DESCRIPTION
     The Internet is a large and complex aggregation of network hardware,
     connected together by gateways. Tracking the route one's packets fol-
     low (or finding the troublesome gateway that is discarding your pack-
     ets) can be difficult. traceroute utilizes the IP protocol ttl (time-
     to-live) field and attempts to elicit an ICMP TIMEEXCEEDED response
     from each gateway along the path to some host.

     Warning:

     This command should be used for diagnostic purposes only.

     The only mandatory parameter is the destination host name or IP
     number. The default probe datagram length is 38 bytes, but this may be
     increased by specifying a packet size (in bytes) after the destination
     host name.

OPTIONS
     -m maxttl
          Set the maximum time-to-live (maximum number of hops) used in
          outgoing probe packets to maxttl hops. The default is 30 hops
          (the same default used for TCP connections).

     -n   Output hop addresses numerically rather than symbolically and
          numerically (saves a nameserver address-to-name lookup for each
          gateway found on the path).

     -p port
          Set the base UDP port number used in probes to port (default is
          33434). traceroute hopes that nothing is listening on UDP ports
          port to port+maxttl-1 at the destination host (so an ICMP
          PORTUNREACHABLE message will be returned to terminate the route
          tracing). If something is listening on a port in the default
          range, this option can be used to pick an unused port range.

     -r   Bypass the normal routing tables and send directly to a host on
          an attached network. If the host is not on a directly-attached
          network, an error is returned. This option can be used to ping a
          local host through an interface that has no route through it
          (e.g., after the interface was dropped by routed).








Page 1                       Reliant UNIX 5.44                Printed 11/98

traceroute(1M)                                               traceroute(1M)

     -s srcaddr
          Use srcaddr as the IP address (which must be given as an IP
          number, not a hostname) as the source address in outgoing probe
          packets. On hosts with more than one IP address, this option can
          be used to force the source address to be something other than
          the IP address of the interface the probe packet is sent on. If
          the IP address is not one of this machine's interface addresses,
          an error is returned and nothing is sent.

     -g addr
          Enable the IP LSRR (Loose Source Record Route) option in addition
          to the TTL tests. This is useful for asking how somebody else, at
          IP address addr, reaches a particular target.

     -t tos
          Set the type-of-service in probe packets to the tos (default
          zero). The value must be a decimal integer in the range 0 to 255.
          This option can be used to see if different types-of-service
          result in different paths.

          Not all values of TOS are legal or meaningful. Useful values are
          -t 16 (low delay) and -t 8 (high throughput).

     -v   Verbose output. Received ICMP packets other than TIMEEXCEEDED
          and UNREACHABLEs are listed.

     -q nqueries
          Changes the number of probe packets (default 3 packets).

     -w waittime
          Set the time to wait for a response to a probe to waittime
          seconds (default 3 seconds).

          This program attempts to trace the route an IP packet would fol-
          low to some Internet host by launching UDP probe packets with a
          small ttl (time-to-live) then listening for an ICMP time exceeded
          reply from a gateway.

          It is advisable to start probes with a ttl of one and increase by
          one until an ICMP port unreachable is returned (which means that
          host has been reached) or a maximum is reached (the maximum
          defaults to 30 hops and can be changed with the -m flag).

          Three probes (changed with the -q flag) are sent at each ttl set-
          ting and a line is output showing the ttl, the address of the
          gateway and the round-trip time of each probe. If the probe
          answers come from different gateways, the address of each
          responding system will be output. If there is no response within
          a 3 second timeout interval (changed with the -w flag), a * is





Page 2                       Reliant UNIX 5.44                Printed 11/98

traceroute(1M)                                               traceroute(1M)

          output for that probe. If the destination host is not to process
          the UDP probe packets, the destination port is set to an unlikely
          value (if something on the destination is using that value, it
          can be changed with the -p flag).

EXAMPLES
     A sample command line and output might be:

     [yak 71]% traceroute nis.nsf.net.

     traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
      1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms
      2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
      3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
      4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms
      5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms
      6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms
      7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms
      8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms
      9 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms
     10 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms
     11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms

     Note that lines 2 and 3 are the same. This is due to a buggy kernel on
     the second hop system (lbl-csam.arpa) that forwards packets with a ttl
     of 0 (a bug in the distributed version of 4.3BSD).

     A more interesting example is:

     [yak 72]% traceroute allspice.lcs.mit.edu.

     traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
      1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
      2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
      3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
      4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
      5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
      6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
      7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
      8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
      9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
     10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
     11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
     12 * * *
     13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
     14 * * *
     15 * * *
     16 * * *
     17 * * *
     18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms




Page 3                       Reliant UNIX 5.44                Printed 11/98

traceroute(1M)                                               traceroute(1M)

     Note that the gateways 12, 14, 15, 16 and 17 hops away either do not
     send ICMP time exceeded messages or send them with a ttl too small to
     get back to the sender. 14 - 17 are running the MIT C Gateway code
     that does not send time exceeded messages. Nobody knows what is wrong
     with 12.

     The silent gateway 12 in the above may be the result of a bug in the
     4.[23]BSD network code (and its derivatives): 4.x#_(x#_<= 3) sends an
     unreachable message using whatever ttl remains in the original
     datagram. Since, for gateways, the remaining ttl is zero, the ICMP
     time exceeded is guaranteed not to make it back to the sender. The
     behavior of this bug is slightly more interesting when it appears on
     the destination system:

      1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
      2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms
      3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms
      4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms
      5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms
      6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms
      7 * * *
      8 * * *
      9 * * *
     10 * * *
     11 * * *
     12 * * *
     13 rip.Berkeley.EDU (128.32.131.22) 59 ms! 39 ms! 39 ms!

     Note that there are 12 gateways (13 is the final destination) and
     exactly the last half of them are missing. What is really happening is
     that rip is using the ttl from our arriving datagram as the ttl in its
     ICMP reply. So, the reply will time out on the return path (with no
     notice sent to anyone since ICMPs are not sent for ICMPs) until we
     probe with a ttl that is at least twice the path length. That means
     that rip is really only 7 hops away. A reply that returns with a ttl
     of 1 is a clue that this problem exists. traceroute outputs a ! after
     the time if the ttl is <= 1. Since vendors often ship obsolete or
     non-standard software, expect to see this problem frequently and/or
     take care picking the target host of your probes.

     Other possible annotations after the time are:

     -  !H, KN, !P

        (received a host, network or protocol unreachable, respectively)

     -  !S or !F

        (source route failed or fragmentation needed - neither of these
        should ever occur and the associated gateway is down if you see
        one)



Page 4                       Reliant UNIX 5.44                Printed 11/98

traceroute(1M)                                               traceroute(1M)

     If almost all the probes result in some kind of unreachable, tra-
     ceroute will give up and exit.

     traceroute-g 10.3.0.5 128.182.0.0

     shows the path from the Cambridge Mailbridge to PSC while

     traceroute-g 192.5.146.4-g 10.3.0.5 35.0.0.0

     on the other hand, shows how the Cambridge Mailbridge reaches Merit,
     by using PSC to reach the Mailbridge.

     This program is intended for use in network testing, measurement and
     management. It should be used primarily for manual fault isolation.

     It is unwise to use traceroute during normal operations or from
     automated scripts due to the load it could impose on the network.

SEE ALSO
     netstat(1M), ping(1M).


































Page 5                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026