CLI Magic: Introduction to traceroute


Author: JT Smith

How can you possibly follow the path a packet takes to get from your computer to another one in the maze of networks that make up the Internet? Surprisingly, it’s easy, even for a complete beginner. Just visit your friendly command line and use the traceroute command.Traceroute allows you to view the path between your host and any other host connected to the Internet. Here’s an example. Enter the following at the CLI:


On my machine, that command produces this:

traceroute to (, 30 hops max, 40 byte packets
 1  gigagate1 (  0.477 ms  0.264 ms  0.344 ms
 2  vgate1 (  0.327 ms  0.293 ms  0.346 ms
 3 (  1.781 ms  1.338 ms  1.065 ms
 4 (  2.332 ms  3.402 ms  2.716 ms
 5 (  2.828 ms  2.158 ms  2.606 ms
 6 (  3.768 ms  2.759 ms  2.
795 ms
 7 (  4.844 ms  5.329 ms  5.422 ms
 8 (  70.587 ms  70.420 ms  73.267
 9 (  73.751 ms ge-11-0.ipcol (  70.005 ms  73.885 ms
10 (  81.389 ms  76.899 ms  77.248 ms
11 (  78.963 ms  78.603 ms  75.690 ms
12 (  76.572 ms  76.438 ms  78.522 ms
13 (  76.750 ms  76.689 ms  78.9
72 ms
14 (  79.243 ms  77.040 ms  77.714 ms

15 (  77.626 ms  78.572 ms  78.06
9 ms

The output looks confusing at first, but if you break it down, it’s really simple.
It shows each hop between the start and end points of the connection, the name of the host at the
end of each hop, its IP address, and the time taken to get to that point and return.
Actually, there are 3 times (in milliseconds) shown for each hop, because 3 sets of data
(or probes) are sent to each hop.

In the example above, you can see that there is a large delay between hops 7 and 8.
It took about 5 ms to do the trip to the seventh hop, but 70 ms to the eighth. The reason?
The names give it away: hop 7 is in New York while 8 is in London. The data
takes 64 ms to get across the Atlantic Ocean and back again.

Knowing how packets move around the Internet makes it easier to understand how
traceroute works, so let’s take a look. The Internet runs a communications protocol called TCP (Transmission Control Protocol), which splits
data into small packets prior to sending. At the far end,
TCP reassembles the data back into its original form.

Along the way, special-purpose computers called routers decide which way each packet should go to continue on its journey. Each packet contains a header — which contains information about its source and destination — as well as data. Each router uses an internal table to tell it where to send the packet next, based on the destination address in the packet header.

The packet header contains a field called TTL (Time-to-Live). This field tells the router how many hops the packet is allowed to make. Each router that handles the packet reduces the TTL by 1. If the TTL becomes 0 prior to reaching its intended destination, the router will discard the packet and notify the originating host that it has done so by sending it a TIME_EXCEEDED message. This prevents packets from causing infinite loops.

Traceroute works by sending IP packets as probes along the way to the final host. It sends out the first probe with a TTL of 1. The first router in the path sets the TTL to zero, then returns a TIME_EXCEEDED message. Then traceroute sends a packet with a TTL of 2. The first router decreases the TTL to 1, and passes it on. The second router sets the TTL to 0, then returns the TIME_EXCEEDED message. If no response is received from a router, traceroute displays an asterisk.

Traceroute continues increasing the the TTL and sending out packets until either the destination host is reached, or the maximum number of hops is exceeded. The default maximum is 30. If the host is reached, traceroute attempts to access an unused port. This results in a PORT_UNREACHABLE message being sent back to the originator. That’s how traceroute builds a complete picture of the path between the start host and the final destination.

Of course, traceroute is tweakable. Here are a few of the command line arguments you can use to alter its operation.

  • -f x Set intitial TTL to value of x
  • -d Enable debugging
  • -i Specify an alternate network interface
  • -l Display TTL for returned packet
  • -m x Set the maximum TTL
  • -n Print the IP address of each router rather than its name
  • -p x Use port number x on the destination host rather than the default (33434)
  • -w x Set the time in seconds to wait for a response from each router

That’s enough to get you started, but there are plenty of other options to experiment with. For example, the -m option may be of use if there are an excessive number of hops or if you already know the number. And -w may be of use if you think that a problem is being caused by a particularly slow router.

In summary, traceroute is a simple but effective network tool, and well worth the time and effort to learn. As always, peruse the man pages in addition to what you’ve learned here.