traceroute(1M) traceroute(1M)
NAME
traceroute - trace the route packets take in order to reach a
network host
SYNOPSIS
traceroute[-dnrv][-wwait][-mmax_ttl][-pport#][-qnqueries][-ttos]
[-ssrc_addr][-ggateway] host[packetsize]
DESCRIPTION
The traceroute command utilizes the ``time-to-live'' field of
the IP protocol to elicit an ICMP TIME_EXCEEDED response from
each gateway along the path to some host.
traceroute attempts to trace the route which an IP packet
would follow to some Internet host by launching UDP probe
packets with a small ``ttl'' (time-to-live) value, and then
listening for an ICMP TIME_EXCEEDED reply from a gateway. The
probes will be started with a ``ttl'' of one, and then
increased by one until an ICMP PORT_UNREACHABLE message is
received, or until the maximum number of probes has been sent.
USAGE
Three probes will be sent at each ``ttl'' setting; a line will
be printed to show:
the ``ttl'' value
the address of the gateway
the round-trip time for each probe
If the probe answers come from different gateways, the address
of each responding system will be printed. If there is no
response within 3 seconds, a ``*'' will be printed for that
probe.
The host argument is the destination host name or the IP
number of the host to reach; the packetsize argument is the
packet size (in bytes) of the probe datagram. Note that
packetsize defaults to 38 bytes.
Options
traceroute takes the following options:
Copyright 1994 Novell, Inc. Page 1
traceroute(1M) traceroute(1M)
-d Turns on socket level debugging. This option is
useful only to a privileged user.
-n Print the hop addresses numerically (rather than
symbolically). This option causes the numeric
lookup procedure to avoid a nameserver address-
to-name lookup for each gateway found along the
path.
-r Bypass the normal Routing Tables and send directly
to a host on an attached network. If the host is
not on a directly-attached network, an error is
returned. This option can be used to ``ping'' a
local host through an interface that has no route
through it [for example, after the interface was
dropped by routed(1M)].
-v Verbose output. Causes received ICMP packets
other than TIME_EXCEEDED and PORT_UNREACHABLE to
be listed.
-w wait Set the time to wait for a response to an outgoing
probe packet to wait seconds. The default value
is 3 seconds.
-m max_ttl Set the maximum time-to-live (that is, the maximum
number of hops) used in outgoing probe packets to
max-ttl hops. The default value is 30 hops (this
is the same default value used for TCP
connections).
-p port Set the base UDP port number used for probe
packets to port. The default value is (decimal)
33434.
traceroute hopes that nothing is listening on UDP
ports base to base+nhop at the destination host so
that an ICMP PORT_UNREACHABLE message will be
returned to terminate the route tracing process.
If something is listening on a port in the default
range, this option can be used to pick an unused
port range.
-q nqueries Set the number of probe packets for each time-to-
live (``ttl'') setting to the value nqueries. The
default value is 3.
Copyright 1994 Novell, Inc. Page 2
traceroute(1M) traceroute(1M)
-s src_addr Use src_addr as the IP address which will serve as
the source address for outgoing probe packets.
Note that src_addr must be specified as an IP
number, not as a hostname. On hosts with more
than one IP address, this option can be used to
force the source address to be something other
than the IP address of the interface on which the
probe packets are being sent.
If the IP address is not one of this machine's
interface addresses, an error will be returned and
nothing will be sent.
-g addr Enable the IP LSRR (Loose Source Record Route)
option in addition to the TTL tests. This is
useful for asking how somebody else (at IP address
addr) can reach a particular target.
-t tos Set the type-of-service (``TOS'') in probe packets
to the value defined below. The default value is
zero. The value must be a decimal integer in the
range from 0 - 255. This option can be used to see
if different type-of-service values will result in
different paths.
Not all values of tos will be valid or meaningful;
see the IP specification for definitions.
Probably the useful values will be ``-t 16'' (low
delay) and ``-t 8'' (high throughput).
Examples
A sample use of traceroute and of its output might be:
[yak 71]% traceroute nis.nsf.net.
traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms
8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms
9 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms
10 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms
11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms
Copyright 1994 Novell, Inc. Page 3
traceroute(1M) traceroute(1M)
Note that lines 2 and 3 are the same. This is due to a buggy
kernel on the 2nd hop system lbl-csam.arpa that forwards
packets with a zero ``ttl.'' This is a bug in the distributed
version of 4.3BSD.
A more interesting example is:
[yak 72]% traceroute allspice.lcs.mit.edu.
traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
Note that the gateways 12, 14, 15, 16 and 17 either do not
send ICMP TIME_EXCEEDED messages, or send them with a ``ttl''
too small to reach us. Gateways 14 - 17 are running the MIT C
Gateway code that does not send ICMP TIME_EXCEEDED packets.
The silent gateway 12 in the above example may be the result
of a bug in the 4.2BSD and 4.3BSD network code (and its
derivatives): This code will send an unreachable message using
whatever ``ttl'' remains in the original datagram. Since, for
gateways, the remaining ``ttl'' is zero, the ICMP
TIME_EXCEEDED is guaranteed to not make it back to the sending
host.
The behavior of this particular bug is slightly more
interesting when it appears on the destination system:
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms
Copyright 1994 Novell, Inc. Page 4
traceroute(1M) traceroute(1M)
5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms
6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 rip.Berkeley.EDU (128.32.131.22) 59 ms ! 39 ms ! 39 ms !
Notice that there are 12 ``gateways'' (13 is the final
destination) and that exactly the last half of them are
``missing.'' What is really happening here is that rip (a
Sun-3 running SunOS 3.5) is using the ``ttl'' from the
arriving datagram as the ``ttl'' in its ICMP reply.
Therefore, the reply will time out on the return path until a
probe with a ``ttl'' that is at least twice the path length is
sent. rip is really only 7 hops away. A reply that returns
with a ``ttl'' of 1 is an indication that this problem exists.
Note that traceroute will print a ``!'' after the time if the
``ttl'' is <= 1.
The possible annotations after the time are:
! The ``ttl'' in return packet is <= 1.
!H An ICMP HOST_UNREACHABLE packet was received.
!N An ICMP NETWORK_UNREACHABLE packet was received.
!P An ICMP PROTOCOL_UNREACHABLE packet was received.
!S An ICMP SOURCE_ROUTE_FAILED packet was received. This
response should never occur. It indicates that the
gateway is broken.
!F An ICMP FRAGMENTATION_NEEDED packet was received. This
response should never occur. It indicates that the
gateway is broken.
Warnings
This program is intended for use in network testing,
measurement, and management. It should be used primarily for
manual fault isolation. Because of the extra load it could
impose on the network, it is recommended that you do not use
traceroute during normal operations or from automated scripts.
Copyright 1994 Novell, Inc. Page 5
traceroute(1M) traceroute(1M)
REFERENCES
netstat(1M), ping(1M)
Copyright 1994 Novell, Inc. Page 6