Traceroute

We use the traceroute tool/command to display the path of packets on an IP network, by sending a series of pings. It has helped me find faults in home networks and is the first diagnostic I send to my ISP when filing grievances related to poor routing and packet loss. It will prove to be an invaluable tool to have under your belt, an almost instant way to find the offending node.

As a classic example of demonstration, I will run a traceroute to google.com

~] traceroute google.com
traceroute to google.com (142.250.199.142), 30 hops max, 60 byte packets
 1  _gateway (192.168.0.1)  0.862 ms  0.955 ms  1.187 ms
 2  103.zzz.zzz.6 (103.zzz.zzz.6)  2.290 ms  2.308 ms  2.290 ms
 3  103.zzz.zzz.5 (103.zzz.zzz.5)  3.044 ms  3.241 ms  3.227 ms
 4  * * *
 5  72.14.196.76 (72.14.196.76)  7.163 ms  7.148 ms  7.133 ms
 6  * * *
 7  108.170.248.177 (108.170.248.177)  9.135 ms  7.270 ms 108.170.226.130 (108.170.226.130)  6.070 ms
 8  108.170.248.170 (108.170.248.170)  5.780 ms 108.170.248.178 (108.170.248.178)  7.039 ms 142.251.77.99 (142.251.77.99)  8.169 ms
 9  108.170.248.193 (108.170.248.193)  113.362 ms 108.170.248.209 (108.170.248.209)  8.250 ms 108.170.248.193 (108.170.248.193)  113.344 ms
10  142.251.77.101 (142.251.77.101)  113.267 ms bom07s36-in-f14.1e100.net (142.250.199.142)  5.828 ms 142.251.77.99 (142.251.77.99)  6.505 m

Interpreting the results of a traceroute-

We see that google.com was resolved to 142.250.199.142. The traceroute will terminate when it hits this node or at 30 hops, whichever occurs first.

The first hop is to the default gateway (you can /software/SECverify this by running ip route


The second and third (and possibly fourth) hops are to my ISP's network(has been masked by me)

The fourth hop did not respond in time(it is probably dropping UDP packets), you can always try running it with the --icmp/-I flag to use ICMP ECHO for probes or --tcp/-T to send TCP SYN flags as probes. If you still do not get a response, try increasing the response wait with the --wait/-W flag(the wait isn't the issue usually)

The IP address listed at hop 5 is likely located in Bombay, IN. running a whois on this address shows that the IP block belongs to Google LLC. The remaining hops and corresponding IP addresses will be within Google's network till it reaches the destination IP address. Multiple IP addresses on a single line indicates the different routes taken (load balancing)