You can use the Linux
traceroute command to recognize the slow leg of a network package's journey and resolve problems with slow network connections. We show you how!
How traceroute works
When you appreciate how
traceroute works understanding the results becomes much easier. The more complex the route a network package must travel to reach its destination, the harder it is to indicate where any delays may occur.
The LAN (Local Area Network) of a small organization can be relatively simple. It will probably have at least one server and a router or two. The complexity increases on a wide area network (WAN) that communicates between different locations or via the internet. Your network package then meets (and is routed and routed by) a lot of hardware, such as routers and gateways.
The headers of metadata on data packets describe the length, where it comes from, where it goes, the protocol it uses, and so on. The specification of the protocol defines the header. If you can identify the protocol, you can determine the beginning and end of each field in the header and read the metadata.
traceroute uses the TCP / IP series of protocols and sends User Datagram Protocol packets. The header contains the Time to Live (TTL) field, which contains an eight-bit integer. Despite what the name suggests, it represents a count, not an expensive one.
A package travels from its origin to its destination via a router. Every time the package arrives at a router, it lowers the TTL counter. If the TTL value ever reaches one, the router receiving the package lowers the value and notices it is now zero. The package is then discarded and not forwarded to the next hop of its journey because it has a & # 39; timeout & # 39; has achieved.
The router sends a message about Internet Message Control Protocol (ICMP) Time Exceeded back to the origin of the package knowing that the package has a timeout. The Time Exceeded message contains the original header and the first 64 bits of data from the original package. This is defined on page six of Request for Comments 792.
traceroute sends a package, but then sets the TTL value to one, the package will only get as far as the first router before it is thrown away. It receives an ICMP message of time exceeded from the router and can record the time required for the tour.
It then repeats the exercise with TTL set to 2, which fails after two hops.
traceroute raises the TTL to three and tries again. This process is repeated until the destination is reached or the maximum number of hops (standard 30) has been tested.
Some routers do not play nicely
Some routers have bugs. They try to forward packets with a zero TTL instead of throwing them away and exceeding an ICMP message.
According to Cisco, some Internet service providers (ISP & # 39; s) limit the number of ICMP messages that their routers forward. [1
traceroute has a standard five-second answer timeout. If no response is received within those five seconds, the attempt will be stopped. This means that responses from very slow routers are ignored.
traceroute was already installed on Fedora 31 but must be installed on Manjaro 18.1 and Ubuntu 18.04. To install
traceroute on Manjaro, use the following command:
sudo pacman -Sy traceroute
traceroute on Ubuntu, use the following command:
sudo apt-get install traceroute
Use of traceroute
As described above,
traceroute is intended to provide a response to every hop from the router at your computer to the destination. Some may have a tight lip and give nothing away, while others are likely to spill the beans without spilling.
As an example, we will perform a
traceroute to the website of Blarney Castle in Ireland, home of the famous Blarney Stone. The legend says that if you kiss the Blarney Stone, you will be blessed with the & # 39; gift of the job & # 39 ;. Let's hope the routers we encounter along the way are appropriate.
We type the following command:
The first line gives us the following info:
- The destination and the IP address.
- The number of hops
traceroutewill try before it is specified.
- The size of the UDP packages that we ship.
All other lines contain information about one of the hops. However, before we look at the details, we can see that there are 11 hops between our computer and the Blarney Castle website. Hop 11 also tells us that we have reached our destination.
The format of each hop line is as follows:
- The name of the device or, if the device does not identify itself, the IP address.
- The IP address.
- The time it took to travel around for each of the three tests. If there is an asterisk here, it means that there was no response to that test. If the device does not respond at all, you will see three asterisks and no device name or IP address.
Let's see what we have below:
- Hop 1: The first port of call (no pun intended) is the DrayTek Vigor Router on the local network. This is how our UDP packages leave the local network and end up on the internet.
- Hop 2: This device did not respond. Perhaps it was configured to never send ICMP packets. Or maybe it reacted, but it was too slow, so
- Hop 3: A device responded, but we didn't get the name, just the IP address. Please note that there is an asterisk in this line, which means that we have not responded to all three requests. This may indicate package loss.
- Hops 4 and 5: More anonymous hops.
- Hop 6: There is a lot of text here because another external device handled each of our three UDP requests. The (fairly long) names and IP addresses for each device were printed. This can happen when you have a & # 39; richly populated & # 39; network that has a lot of hardware installed to handle large amounts of traffic. This hop belongs to one of the largest internet providers in the UK. So it would be a small miracle if the same external hardware were to handle our three connection requests.
- Hop 7: This is the hop our UDP packages made when they left the ISP network.
- Hop 8: Again, we get an IP address but not the device name. All three tests have returned successfully.
- Hops 9 and 10: Two more anonymous hops.
- Hop 11: We have arrived at the website of Blarney Castle. The castle is in Cork, Ireland, but according to the IP address geolocation, the website is in London.
So it was a mixed bag. Some devices played ball, some responded but did not tell us their names, and others remained completely anonymous.
However, we reached the destination, we know it was 11 hops away, and the journey time for the journey was 13,773 and 14,715 milliseconds.
Hiding device names
As we have seen, recording device names sometimes leads to a messy screen. To make it easier to view the data, you can use the option
-n (no assignment).
To do this with our example, we type the following:
traceroute -n blarneycastle. that is,
This makes it easier to choose large numbers for return times that may indicate a bottleneck.
Hop 3 is starting to look a bit suspicious. Last time it only responded twice, and this time it only responded once. In this scenario, it is of course beyond our control.
However, if you investigate your corporate network, it would be worth digging a little deeper into that node.
Setting the traceroute Timeout value  We may get more answers if we extend the standard timeout period (five seconds). To do this, we use the option
-w (wait time) to change it in seven seconds. (Note: this is a floating-point number.)
We type the following command:
traceroute -w 7.0 blarneycastle.ie
That didn't matter much, so the responses are likely to time out. It is likely that the anonymous hops are deliberately kept secret.
Setting the number of tests
traceroute sends three UDP packets to each hop. We can use the option
-q (number of searches) to adjust this up or down.
To speed up the test
traceroute we type the following to send the number of UDP probe packages to one:
traceroute -q 1 blarneycastle.ie
 This sends a single probe to each hop.
Setting the initial TTL value
We can set the initial value of TTL to something other than one and skip a few hops. Typically, the TTL values are set to one for the first set of tests, two for the next set of tests, and so on. If we set it to five, the first test will try to jump five and skip hop one to four.
Because we know that the Blarney Castle website is 11 hop from this computer, we type the following to go straight to Hop 11:
traceroute -f 11 blarneycastle.ie
 That gives us a nice, short overview of the state of the connection to the destination.
traceroute is a great tool for investigating network routing, checking connection speeds or identifying bottlenecks. Windows also has a
tracert command that works in the same way.
However, you do not want to bomb unknown devices with torrents from UDP packets and be on your guard to include
traceroute in scripts or unattended tasks.
traceroute on a network can adversely affect performance. Unless you are in a fix-it-now situation, you may want to use it outside of normal office hours.