Network diagnostics is an essential part of any Network/System Administrator’s job, which includes analysis and troubleshooting different types of network problems.
Knowing the path that an IP packet traverses between two points in a network throws in a lot of useful information for the trained eyes.
One such popular and commonly used cross-platform tool that helps in network path-related analysis and troubleshooting is traceroute.
In simple terms, traceroute tracks the path of an IP packet between source and destination by sending probe packets (likely ICMP ECHO or TCP SYN) and then listening to their ICMP “time exceeded” responses. TTL of these packets are intentionally kept as one and is increased by one until we get ICMP “port unreachable”, which means we got to the host or hit maximum value (by default as 30 hops).
An example traceroute output looks something like:
$ traceroute google.com
traceroute to google.com (172.217.169.14), 30 hops max, 60 byte packets
1 140.91.200.22 (140.91.200.22) 0.129 ms 140.91.200.19 (140.91.200.19) 0.151 ms 140.91.200.77 (140.91.200.77) 0.114 ms
2 linxbgp1.iwscloud.com (195.66.226.34) 0.735 ms 0.701 ms 1.024 ms
3 195.66.224.125 (195.66.224.125) 0.603 ms 0.591 ms 0.591 ms
4 108.170.246.129 (108.170.246.129) 0.583 ms 0.745 ms 0.714 ms
5 209.85.241.95 (209.85.241.95) 1.576 ms 209.85.241.93 (209.85.241.93) 1.545 ms 209.85.241.95 (209.85.241.95) 1.520 ms
6 lhr25s26-in-f14.1e100.net (172.217.169.14) 0.584 ms 0.547 ms 0.507 ms
$Default traceroute output, as shown above, shows TTL (Time To Live) or round-trip time of three packets, maximum hop number and packet size in bytes, and IP address and resolved domain name, when possible.
Traceroute is very useful for determining response delays and routing between two nodes. Further, it helps determine failure points in a route to the destination. Many firewalls and routers block traceroute messages on Internet, so its output may not always be correct.
There are workarounds possible to some extent by changing probe messages type, but it can only help up to an extent to circumvent this issue. So one must keep this in mind while using this utility.
Some options in traceroute require elevated superuser privileges that enable modification to raw packets.
tracepath Command
Red Hat Enterprise Linux or RHEL 8 and its derived Linux distributions do not come with traceroute command installed by default. This can seem like a significant change to those who are used to traceroute utility on previous versions of Red Hat Linux or CentOS.
But there’s an equally capable command available by default on RHEL8 called tracepath which has similar capabilities as its counterpart tracepath and is ready for use with OS installation.
In addition tracepath supports MTU option, which allows detecting of MTU or Maximum Transmission Unit value, which is the largest packet that tracepath can send over the network.
Sample tracepath output is shown below for reference:
$ tracepath 131.153.76.66
1?: [LOCALHOST] pmtu 9000
1: 140.91.200.23 0.416ms asymm 2
1: 140.91.200.23 0.239ms asymm 2
2: 140.91.200.74 0.194ms pmtu 1500
2: oracle-svc071175-lag003322.ip.twelve99-cust.net 1.344ms
3: ldn-b7-link.ip.twelve99.net 19.996ms asymm 2
4: ldn-bb1-link.ip.twelve99.net 0.803ms asymm 5
5: prs-bb1-link.ip.twelve99.net 8.548ms asymm 6
6: mei-b5-link.ip.twelve99.net 18.111ms asymm 5
7: no reply
8: phoenix-svc071932-ic358857.ip.twelve99-cust.net 179.691ms asymm 7
9: 131.153.47.139 163.358ms asymm 8
10: no reply
11: 131.153.76.66 159.071ms !H
Resume: pmtu 1500
$Default tracepath output, as shown above, shows TTL (Time To Live) or round-trip time of a packet, MTU (Maximum Transmission Unit) that can be sent over the network by tracepath and resolved domain name wherever possible.
tracepath Syntax
tracepath command general usage syntax follows:
$ tracepath <options> <destination DNS or IP>#1. With no flags, tracepath shows path to destination taken as shown below:
$ tracepath 131.153.56.85
1?: [LOCALHOST] pmtu 9000
1: 140.91.200.77 0.226ms asymm 2
1: 140.91.200.79 0.497ms asymm 2
2: 140.91.200.74 0.216ms pmtu 1500
2: oracle-svc071174-lag003319.ip.twelve99-cust.net 0.691ms
3: slou-b1-link.ip.twelve99.net 1.249ms asymm 2
4: ldn-bb4-link.ip.twelve99.net 0.749ms asymm 3
5: nyk-bb1-link.ip.twelve99.net 80.617ms asymm 8
6: rest-bb1-link.ip.twelve99.net 153.250ms asymm 21
7: nyk-bb1-link.ip.twelve99.net 83.084ms asymm 6
8: nash-bb1-link.ip.twelve99.net 280.770ms asymm 9
9: no reply
10: dls-b23-link.ip.twelve99.net 110.820ms asymm 9
11: phx-b1-link.ip.twelve99.net 131.524ms
12: phx-b1-link.ip.twelve99.net 131.632ms asymm 11
13: giglinx-ic305413-phx-b1.ip.twelve99-cust.net 132.583ms asymm 12
14: no reply
15: giglinx-ic305414-phx-b1.ip.twelve99-cust.net 142.685ms asymm 12
16: PHOENIX-NAP.ear3.Chicago2.Level3.net 135.245ms asymm 4
17: no reply
18: no reply
19: speedchi.phoenixnap.com 133.809ms reached
Resume: pmtu 1500 hops 19 back 8
$#2. If you want to print the IP address only, you can use -n flag:
$ tracepath -n 131.153.56.85
1?: [LOCALHOST] pmtu 1500
1: 140.91.200.74 0.393ms asymm 2
1: 140.91.200.21 0.180ms asymm 2
2: 213.248.69.255 0.576ms
3: 213.248.98.246 1.210ms asymm 2
4: 62.115.117.122 1.371ms asymm 3
5: 62.115.133.239 141.920ms asymm 20
6: 62.115.141.244 77.732ms asymm 7
7: no reply
8: 62.115.137.55 881.711ms asymm 9
9: no reply
10: 62.115.137.55 914.855ms asymm 9
11: 62.115.125.97 132.182ms
12: 62.115.125.97 131.686ms asymm 11
13: 62.115.42.6 133.132ms asymm 12
14: no reply
15: 62.115.42.10 143.880ms asymm 12
16: 4.14.13.150 134.869ms asymm 4
17: no reply
18: 4.14.13.150 145.263ms asymm 4
19: 131.153.56.85 133.636ms reached
Resume: pmtu 1500 hops 19 back 8
$#3. To print both hostnames as well as IP addresses, use -b flag:
$ tracepath -b 131.153.56.85
1?: [LOCALHOST] pmtu 1500
1: 140.91.200.19 (140.91.200.19) 0.197ms asymm 2
1: 140.91.200.74 (140.91.200.74) 0.141ms asymm 2
2: oracle-svc071175-lag003322.ip.twelve99-cust.net (213.248.98.247) 1.186ms
3: slou-b1-link.ip.twelve99.net (213.248.98.246) 10.273ms asymm 2
4: ldn-bb4-link.ip.twelve99.net (62.115.141.246) 0.941ms asymm 3
5: prs-bb2-link.ip.twelve99.net (62.115.133.239) 141.858ms asymm 20
6: rest-bb1-link.ip.twelve99.net (62.115.141.244) 76.210ms asymm 7
7: no reply
8: rest-bb1-link.ip.twelve99.net (62.115.141.244) 89.209ms asymm 7
9: no reply
10: dls-b23-link.ip.twelve99.net (62.115.136.119) 110.335ms asymm 9
11: phx-b1-link.ip.twelve99.net (62.115.125.97) 132.091ms
12: phx-b1-link.ip.twelve99.net (62.115.125.97) 131.844ms asymm 11
13: giglinx-ic315451-phx-b1.ip.twelve99-cust.net (80.239.195.78) 142.975ms asymm 14
14: no reply
15: no reply
16: PHOENIX-NAP.ear3.Chicago2.Level3.net (4.14.13.150) 135.233ms asymm 4
17: no reply
18: no reply
19: speedchi.phoenixnap.com (131.153.56.85) 133.871ms reached
Resume: pmtu 1500 hops 19 back 8
$#4. To set a custom value of packet length instead of using tracepath‘s default value, i.e., 65535, specify the value with -l flag:
$ tracepath -l 300 131.153.56.85
1: 140.91.200.77 0.405ms asymm 2
2: oracle-svc071174-lag003319.ip.twelve99-cust.net 0.589ms
3: slou-b1-link.ip.twelve99.net 1.448ms asymm 2
4: ldn-bb4-link.ip.twelve99.net 0.960ms asymm 3
5: nyk-bb1-link.ip.twelve99.net 81.564ms asymm 8
6: rest-bb1-link.ip.twelve99.net 78.414ms asymm 7
7: nyk-bb1-link.ip.twelve99.net 84.286ms asymm 6
8: rest-bb1-link.ip.twelve99.net 87.529ms asymm 7
9: no reply
10: dls-b23-link.ip.twelve99.net 110.534ms asymm 9
11: phx-b1-link.ip.twelve99.net 131.449ms
12: phx-b1-link.ip.twelve99.net 131.303ms asymm 11
13: giglinx-ic315451-phx-b1.ip.twelve99-cust.net 143.059ms asymm 14
14: phx-b1-link.ip.twelve99.net 142.348ms asymm 11
15: giglinx-ic--305416-phx-b1.ip.twelve99-cust.net 143.554ms asymm 12
16: PHOENIX-NAP.ear3.Chicago2.Level3.net 134.790ms asymm 4
17: no reply
18: PHOENIX-NAP.ear3.Chicago2.Level3.net 145.926ms asymm 4
19: speedchi.phoenixnap.com 133.736ms reached
Resume: pmtu 300 hops 19 back 8
$#5. We can also set the initial destination port using -p flag as:
$ tracepath -p 9000 131.153.56.85
1?: [LOCALHOST] pmtu 1500
1: 140.91.200.18 0.160ms asymm 2
1: 140.91.200.74 0.177ms asymm 2
2: oracle-svc071175-lag003322.ip.twelve99-cust.net 1.151ms
3: slou-b1-link.ip.twelve99.net 1.727ms asymm 2
4: no reply
5: nyk-bb1-link.ip.twelve99.net 81.357ms asymm 8
6: rest-bb1-link.ip.twelve99.net 78.325ms asymm 7
7: no reply
8: rest-bb1-link.ip.twelve99.net 87.908ms asymm 7
9: no reply
10: dls-b23-link.ip.twelve99.net 109.797ms asymm 9
11: phx-b1-link.ip.twelve99.net 132.036ms
12: dls-b23-link.ip.twelve99.net 121.404ms asymm 9
13: giglinx-ic315450-phx-b1.ip.twelve99-cust.net 136.322ms asymm 12
14: phx-b1-link.ip.twelve99.net 142.596ms asymm 11
15: no reply
16: PHOENIX-NAP.ear3.Chicago2.Level3.net 135.182ms asymm 4
17: no reply
18: no reply
19: speedchi.phoenixnap.com 133.562ms reached
Resume: pmtu 1500 hops 19 back 8
$#6. Maximum hops, which is by default set as 30 can be customized by using -m flag as shown below:
$ tracepath -m 20 131.153.56.85
1?: [LOCALHOST] pmtu 1500
1: 140.91.200.18 0.175ms asymm 2
1: 140.91.200.77 0.169ms asymm 2
2: oracle-svc071174-lag003319.ip.twelve99-cust.net 0.669ms
3: slou-b1-link.ip.twelve99.net 2.443ms asymm 2
4: no reply
5: prs-bb2-link.ip.twelve99.net 142.778ms asymm 20
6: rest-bb1-link.ip.twelve99.net 76.756ms asymm 7
7: no reply
8: rest-bb1-link.ip.twelve99.net 89.272ms asymm 7
9: no reply
10: dls-b23-link.ip.twelve99.net 110.378ms asymm 9
11: phx-b1-link.ip.twelve99.net 132.582ms
12: phx-b1-link.ip.twelve99.net 132.135ms asymm 11
13: phx-b1-link.ip.twelve99.net 142.154ms asymm 11
14: no reply
15: giglinx-ic305414-phx-b1.ip.twelve99-cust.net 142.298ms asymm 12
16: PHOENIX-NAP.ear3.Chicago2.Level3.net 134.362ms asymm 4
17: no reply
18: no reply
19: speedchi.phoenixnap.com 133.474ms reached
Resume: pmtu 1500 hops 19 back 8
$Note that tracepath does not support elevated superuser privileges like traceroute as it does not support the advanced packet modification feature.
Summary
This article summarized the use of traceroute command, how it is used in network-related troubleshooting, and how we can do the same tasks in RHEL8 systems using tracepath command.
To know more about these commands, use the respective man page of the tool.
$ man traceroute
$ man tracepath