linuxvstheworld 08-30-2012 01:13 PM

What exactly does traceroute do?
I'm reading an instructional Linux book and I came across a command named 'traceroute'. From what the book says it seems that it might be the same command as ping. Is it? Or does it do something different?

rknichols 08-30-2012 02:11 PM

traceroute does a lot more than ping. traceroute attempts to elicit a response from each of the routers in the path to a destination. It does this by sending packets with a limited TTL (Time To Live), starting with a limit of 1 (by default -- can be overridden) and then successively larger by an increment of 1. Each router in the path decrements the TTL by 1 and returns an ICMP type 11 ("TTL equals zero") error if the result is zero. The source IP address of each of the returned ICMP packets reveals the addresses of the routers involved.

You don't always get a response from every router in the path. Constructing and returning those ICMP TTL limit messages is often made a low-priority job, so you might not get a response if the router is busy, or the router might be configured to rate-limit such responses, or not to send them at all. Even if a given router does not send a response itself, you can still get responses from routers further down the path.

MensaWater 08-30-2012 02:19 PM

ping simply checks to see if it can reach the given IP and get an ICMP packet returned.

traceroute tries to show you all the intermediate hops that were taken to get to the IP (or alternatively the last hop it got to if it can NOT get to the IP. It is often used for debugging connections that are broken. (That is if you can't ping it then doing a traceroute might help identify where in the chain it is stopping.)

So for example:

$ ping
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=241 time=78.808 ms
64 bytes from icmp_seq=1 ttl=241 time=79.752 ms
^C PING Statistics----
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 78.808/79.280/79.752/0.668 ms

$ traceroute
traceroute to (, 64 hops max, 52 byte packets
1 ( 0.362 ms 0.367 ms 0.250 ms
2 ( 0.215 ms 0.242 ms 0.249 ms
3 ( 0.950 ms 1.124 ms 0.996 ms
4 ( 0.632 ms 0.667 ms 0.686 ms
5 ( 79.378 ms ( 78.704 ms ( 79.482 ms
6 ( 78.648 ms 78.148 ms 78.081 ms
7 ( 78.389 ms 79.030 ms 78.312 ms
8 ( 80.240 ms 80.335 ms 80.329 ms
9 ( 79.727 ms 79.785 ms 80.660 ms
10 ( 80.439 ms 77.527 ms 77.619 ms
11 ( 78.462 ms 78.908 ms 79.022 ms

Both end up showing as the IP for (even though they don't resolve to that name in the end) but with traceroute you can see every device it went through to get there.

On UNIX/Linux you can find manual pages for most commands so if you type "man traceroute" you can get more detail for it and "man ping" will give you more detail for it. Additionally on Linux there are info pages that may give even more information.

linuxvstheworld 08-30-2012 08:50 PM

Wow, great explanations, thanks!

