dark mode light mode Search Menu
Search

Traceroute

Honza Soukop on Flickr

There is a simple way to see traffic jump from one computer to another on the internet: traceroute. It’s a command you type into a command line interface (CLI) software tool to see how your data travels from your computer to a locations you define.

For example, you can see how data travels from your computer to yahoo.com, nytimes.com, bbc.co.uk, or any computer connected to the internet.

Data sent is a packet, a small message that requests information from other computers. Based on responses, your data navigates its way from your computer to your destination. Kind of like climbing up a rock wall one handhold at a time.

At each stop, your data asks some number of computers if they’re connected to your destination. If the answer is yes, traceroute sends your data that way. Responses from each computer upstream is reported back to you in your command line software.

How to Use traceroute

All you need is a computer with keyboard and an internet connection. Most perhaps all computer operating systems include command line software. Terminal is included with Macs. Windows has the command prompt. And you can download iTerm and other software to use. Look in your applications folder. On Windows, the command prompt might be in a Utilities folder and sometimes is called Run.

Once you start your command line software, type:

traceroute <your-domain-to-find>

Here is what came back when I used traceroute on Long Island, NY to find the New York Times website (nytimes.com):

traceroute output
iTerm output of traceroute to New York Times Website

There’s lots of interesting data in here. My traceroute data packet landed in Seattle, for example, at some computer there. I expected to see a server closer here to New York. However, if you look closely, the sixth to thirteenth stops are at the same Level3 data center and begin in New York. However, the Level3 servers routed traffic in their internal networks, from New York through Chicago and Denver to Seattle. The ae prefix for those lines hint these might be computers on Amazon’s Elastic Cloud service with web servers in data centers all over the world.

Also notice these first lines:

traceroute: Warning: nytimes.com has multiple addresses; using 170.149.172.130
traceroute to nytimes.com (170.149.172.130), 64 hops max, 52 byte packets

The first line is traceroute reporting back it has found multiple computer addresses for nytimes.com and is using only one. The second line is traceroute telling me the parameters it plans to use: it will try to find the nytimes.com at the computer address 170.149.172.130), it will take no more than 64 hops (steps) between my computer and nytimes.com, and the data packet it will send is only 52 bytes in size.

The output also follows a specific structure:

3 g1-5-5-3.nycmny-lcr-22.verizon-gni.net (130.81.190.226) 15.121 ms 12.662 ms 9.818 ms

  • The number 3 is the third step or hop.
  • g1-5-5-3.nycmny-lcr-22.verizon-gni.net is the computer that responded at this step. verizon-gni suggests it is a computer Verizon owns in one of their data centers.
  • (130.81.190.226) is the computer address for the computer named g1-5-5-3.nycmny-lcr-22.verizon-gni.net.
  • 15.121 ms 12.662 ms 9.818 ms is the round trip time, in milliseconds, it took for this computer to respond back to my computer. traceroute makes three trips for each step.

Finally, look at the last step, line 13. See the !X? That indicates the computer has been told (configured) not to communicate with traceroute, according the man (manual) page for this command.

What Could Go Wrong?

Data packets sent with traceroute include a time to live (TTL) setting to limit the number of connection tries, called hops, from one computer to another. In the example above, traceroute reported back to me it would try “64 hops max.” It’s possible, if you have patience enough, the command could time out.

In some cases, you’ll also see a line with three asterisks (* * *). These are hops where no response come back from computers queried to see if they have a path to the computer you want to reach. It’s as if the traceroute data packet has climbed up a rock wall, half way up, and cannot find the next hand hold.

When traceroute does get lost, with too many * * * lines reported, you should hold down the Ctrl and C keys on your keyboard to close or cancel the command. This stops sending data packets. The * * * indicates you have a hit a dead end. Sometimes this indicates a firewall has blocked your data packets. Or the internet could be slow. Or the computer you want to reach exists but it doesn’t respond to ICMP messages, the format used to send your data packets.

It’s also true traceroute requests look like commands hackers send in search of vulnerable openings (ports) on a computer system. Limit your use of this command to trying it out a few times and real diagnostic work. Your internet access provider, for example, might view your hundreds of traceroutes as a sign of malicious activity.

Learn More

traceroute man page

The manual (man) page for traceroute with all the gory details about how to use the command.
http://www.linuxcommand.org/man_pages/traceroute8.html

traceroute (Wikipedia)

http://en.wikipedia.org/wiki/Traceroute

traceroute – The Internet’s Diagnostic Tool

http://www.us.ntt.net/downloads/papers/Traceroute_whitepaper_052006.pdf

Amazon Elastic Cloud

http://aws.amazon.com/ec2/

VisualRoute

Software to provide a more detailed view of traceroute results.
http://www.visualroute.com/