traceroute attempts to trace the route which an IP packet would follow to some Internet host by launching UDP probe packets with a small ``ttl'' (time-to-live) value, and then listening for an ICMP TIME_EXCEEDED reply from a gateway. The probes will be started with a ``ttl'' of one, and then increased by one until an ICMP PORT_UNREACHABLE message is received, or until the maximum number of probes has been sent.
If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within 3 seconds, a ``*'' will be printed for that probe.
The host argument is the destination host name or the IP number of the host to reach; the packetsize argument is the packet size (in bytes) of the probe datagram. Note that packetsize defaults to 38 bytes.
traceroute hopes that nothing is listening on UDP ports base to base+nhop at the destination host so that an ICMP PORT_UNREACHABLE message will be returned to terminate the route tracing process. If something is listening on a port in the default range, this option can be used to pick an unused port range.
If the IP address is not one of this machine's interface addresses, an error will be returned and nothing will be sent.
Not all values of tos will be valid or meaningful; see the IP specification for definitions. Probably the useful values will be -t 16 (low delay) and -t 8 (high throughput).
[yak 71]% traceroute nis.nsf.net.
traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 56 byte packet
1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms
8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms
9 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms
10 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms
11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms
Note that lines 2 and 3 are the same. This is due to an error in the kernel on the 2nd hop system lbl-csam.arpa that forwards packets with a zero ``ttl''. This was an error in the distributed version of 4.3BSD.
A more interesting example is:
[yak 72]% traceroute allspice.lcs.mit.edu.
traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
Note that the gateways 12, 14, 15, 16 and 17 either do not send ICMP TIME_EXCEEDED messages, or send them with a ``ttl'' too small to reach us. Gateways 14-17 are running the MIT C Gateway code that does not send ICMP TIME_EXCEEDED packets.
The silent gateway 12 in the above example may be the result of a bug in the 4.2BSD and 4.3BSD network code (and its derivatives): This code will send an unreachable message using whatever ``ttl'' remains in the original datagram. Since, for gateways, the remaining ``ttl'' is zero, the ICMP TIME_EXCEEDED is guaranteed to not make it back to the sending host.
The behavior of this particular bug is slightly more interesting when it appears on the destination system:
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms 2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms 3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms 4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms 5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms 6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 rip.Berkeley.EDU (128.32.131.22) 59 ms ! 39 ms ! 39 ms !
Notice that there are 12 ``gateways'' (13 is the final destination) and that exactly the last half of them are ``missing''. What is really happening here is that rip (a Sun-3 running SunOS 3.5) is using the ``ttl'' from the arriving datagram as the ``ttl'' in its ICMP reply. Therefore, the reply will time out on the return path until a probe with a ``ttl'' that is at least twice the path length is sent. rip is really only 7 hops away. A reply that returns with a ``ttl'' of 1 is an indication that this problem exists. Note that traceroute will print a ``!'' after the time if the ``ttl'' is less than or equal to 1.
The possible annotations after the time are: