1 | .\" Copyright (c) 1989, 1995, 1996, 1997 |
---|
2 | .\" The Regents of the University of California. All rights reserved. |
---|
3 | .\" |
---|
4 | .\" Redistribution and use in source and binary forms are permitted |
---|
5 | .\" provided that the above copyright notice and this paragraph are |
---|
6 | .\" duplicated in all such forms and that any documentation, |
---|
7 | .\" advertising materials, and other materials related to such |
---|
8 | .\" distribution and use acknowledge that the software was developed |
---|
9 | .\" by the University of California, Berkeley. The name of the |
---|
10 | .\" University may not be used to endorse or promote products derived |
---|
11 | .\" from this software without specific prior written permission. |
---|
12 | .\" THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR |
---|
13 | .\" IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED |
---|
14 | .\" WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE. |
---|
15 | .\" |
---|
16 | .\" $Header: /afs/dev.mit.edu/source/repository/third/traceroute/traceroute.8,v 1.2 2000-09-21 15:03:32 ghudson Exp $ |
---|
17 | .\" |
---|
18 | .TH TRACEROUTE 8 "22 April 1997" |
---|
19 | .UC 6 |
---|
20 | .SH NAME |
---|
21 | traceroute \- print the route packets take to network host |
---|
22 | .SH SYNOPSIS |
---|
23 | .na |
---|
24 | .B traceroute |
---|
25 | [ |
---|
26 | .B \-dFInrvx |
---|
27 | ] [ |
---|
28 | .B \-f |
---|
29 | .I first_ttl |
---|
30 | ] [ |
---|
31 | .B \-g |
---|
32 | .I gateway |
---|
33 | ] [ |
---|
34 | .B \-i |
---|
35 | .I iface |
---|
36 | ] |
---|
37 | .br |
---|
38 | .ti +8 |
---|
39 | [ |
---|
40 | .B \-m |
---|
41 | max_ttl |
---|
42 | ] [ |
---|
43 | .B \-p |
---|
44 | .I port |
---|
45 | ] [ |
---|
46 | .B \-q |
---|
47 | .I nqueries |
---|
48 | ] |
---|
49 | .br |
---|
50 | .ti +8 |
---|
51 | [ |
---|
52 | .B \-s |
---|
53 | .I src_addr |
---|
54 | ] [ |
---|
55 | .B \-t |
---|
56 | .I tos |
---|
57 | ] [ |
---|
58 | .B \-w |
---|
59 | .I waittime |
---|
60 | ] |
---|
61 | .br |
---|
62 | .ti +8 |
---|
63 | .I host |
---|
64 | [ |
---|
65 | .I packetlen |
---|
66 | ] |
---|
67 | .ad |
---|
68 | .SH DESCRIPTION |
---|
69 | The Internet is a large and complex aggregation of |
---|
70 | network hardware, connected together by gateways. |
---|
71 | Tracking the route one's packets follow (or finding the miscreant |
---|
72 | gateway that's discarding your packets) can be difficult. |
---|
73 | .I Traceroute |
---|
74 | utilizes the IP protocol `time to live' field and attempts to elicit an |
---|
75 | ICMP TIME_EXCEEDED response from each gateway along the path to some |
---|
76 | host. |
---|
77 | .PP |
---|
78 | The only mandatory parameter is the destination host name or IP number. |
---|
79 | The default probe datagram length is 40 bytes, but this may be increased |
---|
80 | by specifying a packet length (in bytes) after the destination host |
---|
81 | name. |
---|
82 | .PP |
---|
83 | Other options are: |
---|
84 | .TP |
---|
85 | .B \-f |
---|
86 | Set the initial time-to-live used in the first outgoing probe packet. |
---|
87 | .TP |
---|
88 | .B \-F |
---|
89 | Set the "don't fragment" bit. |
---|
90 | .TP |
---|
91 | .B \-d |
---|
92 | Enable socket level debugging. |
---|
93 | .TP |
---|
94 | .B \-g |
---|
95 | Specify a loose source route gateway (8 maximum). |
---|
96 | .TP |
---|
97 | .B \-i |
---|
98 | Specify a network interface to obtain the source IP address for |
---|
99 | outgoing probe packets. This is normally only useful on a multi-homed |
---|
100 | host. (See the |
---|
101 | .B \-s |
---|
102 | flag for another way to do this.) |
---|
103 | .TP |
---|
104 | .B \-I |
---|
105 | Use ICMP ECHO instead of UDP datagrams. |
---|
106 | .TP |
---|
107 | .B \-m |
---|
108 | Set the max time-to-live (max number of hops) used in outgoing probe |
---|
109 | packets. The default is 30 hops (the same default used for TCP |
---|
110 | connections). |
---|
111 | .TP |
---|
112 | .B \-n |
---|
113 | Print hop addresses numerically rather than symbolically and numerically |
---|
114 | (saves a nameserver address-to-name lookup for each gateway found on the |
---|
115 | path). |
---|
116 | .TP |
---|
117 | .B \-p |
---|
118 | Set the base UDP port number used in probes (default is 33434). |
---|
119 | Traceroute hopes that nothing is listening on UDP ports |
---|
120 | .I base |
---|
121 | to |
---|
122 | .I base + nhops - 1 |
---|
123 | at the destination host (so an ICMP PORT_UNREACHABLE message will |
---|
124 | be returned to terminate the route tracing). If something is |
---|
125 | listening on a port in the default range, this option can be used |
---|
126 | to pick an unused port range. |
---|
127 | .TP |
---|
128 | .B \-r |
---|
129 | Bypass the normal routing tables and send directly to a host on an attached |
---|
130 | network. |
---|
131 | If the host is not on a directly-attached network, |
---|
132 | an error is returned. |
---|
133 | This option can be used to ping a local host through an interface |
---|
134 | that has no route through it (e.g., after the interface was dropped by |
---|
135 | .IR routed (8C)). |
---|
136 | .TP |
---|
137 | .B \-s |
---|
138 | Use the following IP address (which usually is given as an IP number, not |
---|
139 | a hostname) as the source address in outgoing probe packets. On |
---|
140 | multi-homed hosts (those with more than one IP |
---|
141 | address), this option can be used to |
---|
142 | force the source address to be something other than the IP address |
---|
143 | of the interface the probe packet is sent on. If the IP address |
---|
144 | is not one of this machine's interface addresses, an error is |
---|
145 | returned and nothing is sent. (See the |
---|
146 | .B \-i |
---|
147 | flag for another way to do this.) |
---|
148 | .TP |
---|
149 | .B \-t |
---|
150 | Set the |
---|
151 | .I type-of-service |
---|
152 | in probe packets to the following value (default zero). The value must be |
---|
153 | a decimal integer in the range 0 to 255. This option can be used to |
---|
154 | see if different types-of-service result in different paths. (If you |
---|
155 | are not running 4.4bsd, this may be academic since the normal network |
---|
156 | services like telnet and ftp don't let you control the TOS). |
---|
157 | Not all values of TOS are legal or |
---|
158 | meaningful \- see the IP spec for definitions. Useful values are |
---|
159 | probably |
---|
160 | .RB ` -t |
---|
161 | .IR 16 ' |
---|
162 | (low delay) and |
---|
163 | .RB ` -t |
---|
164 | .IR 8 ' |
---|
165 | (high throughput). |
---|
166 | .TP |
---|
167 | .B \-v |
---|
168 | Verbose output. Received ICMP packets other than TIME_EXCEEDED and |
---|
169 | UNREACHABLEs are listed. |
---|
170 | .TP |
---|
171 | .B \-w |
---|
172 | Set the time (in seconds) to wait for a response to a probe (default 5 |
---|
173 | sec.). |
---|
174 | .TP |
---|
175 | .B \-x |
---|
176 | Toggle checksums. Normally, this prevents traceroute from calculating |
---|
177 | checksums. In some cases, the operating system can overwrite parts of |
---|
178 | the outgoing packet but not recalculate the checksum (so in some cases |
---|
179 | the default is to not calculate checksums and using |
---|
180 | .B \-x |
---|
181 | causes them to be calcualted). Note that ICMP checksums are always |
---|
182 | computed when using ICMP ECHO probes |
---|
183 | .RB ( \-I ). |
---|
184 | .PP |
---|
185 | This program attempts to trace the route an IP packet would follow to some |
---|
186 | internet host by launching UDP probe |
---|
187 | packets with a small ttl (time to live) then listening for an |
---|
188 | ICMP "time exceeded" reply from a gateway. We start our probes |
---|
189 | with a ttl of one and increase by one until we get an ICMP "port |
---|
190 | unreachable" (which means we got to "host") or hit a max (which |
---|
191 | defaults to 30 hops & can be changed with the |
---|
192 | .B \-m |
---|
193 | flag). Three |
---|
194 | probes (change with |
---|
195 | .B \-q |
---|
196 | flag) are sent at each ttl setting and a |
---|
197 | line is printed showing the ttl, address of the gateway and |
---|
198 | round trip time of each probe. If the probe answers come from |
---|
199 | different gateways, the address of each responding system will |
---|
200 | be printed. If there is no response within a 5 sec. timeout |
---|
201 | interval (changed with the |
---|
202 | .B \-w |
---|
203 | flag), a "*" is printed for that |
---|
204 | probe. |
---|
205 | .PP |
---|
206 | We don't want the destination |
---|
207 | host to process the UDP probe packets so the destination port is set to an |
---|
208 | unlikely value (if some clod on the destination is using that |
---|
209 | value, it can be changed with the |
---|
210 | .B \-p |
---|
211 | flag). |
---|
212 | .PP |
---|
213 | A sample use and output might be: |
---|
214 | |
---|
215 | .RS |
---|
216 | .nf |
---|
217 | [yak 71]% traceroute nis.nsf.net. |
---|
218 | traceroute to nis.nsf.net (35.1.1.48), 30 hops max, 38 byte packet |
---|
219 | 1 helios.ee.lbl.gov (128.3.112.1) 19 ms 19 ms 0 ms |
---|
220 | 2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms |
---|
221 | 3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 39 ms 19 ms |
---|
222 | 4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 39 ms |
---|
223 | 5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 39 ms 39 ms 39 ms |
---|
224 | 6 128.32.197.4 (128.32.197.4) 40 ms 59 ms 59 ms |
---|
225 | 7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 59 ms |
---|
226 | 8 129.140.70.13 (129.140.70.13) 99 ms 99 ms 80 ms |
---|
227 | 9 129.140.71.6 (129.140.71.6) 139 ms 239 ms 319 ms |
---|
228 | 10 129.140.81.7 (129.140.81.7) 220 ms 199 ms 199 ms |
---|
229 | 11 nic.merit.edu (35.1.1.48) 239 ms 239 ms 239 ms |
---|
230 | .fi |
---|
231 | .RE |
---|
232 | |
---|
233 | Note that lines 2 & 3 are the same. This is due to a buggy |
---|
234 | kernel on the 2nd hop system \- lbl-csam.arpa \- that forwards |
---|
235 | packets with a zero ttl (a bug in the distributed version |
---|
236 | of 4.3BSD). Note that you have to guess what path |
---|
237 | the packets are taking cross-country since the NSFNet (129.140) |
---|
238 | doesn't supply address-to-name translations for its NSSes. |
---|
239 | .PP |
---|
240 | A more interesting example is: |
---|
241 | |
---|
242 | .RS |
---|
243 | .nf |
---|
244 | [yak 72]% traceroute allspice.lcs.mit.edu. |
---|
245 | traceroute to allspice.lcs.mit.edu (18.26.0.115), 30 hops max |
---|
246 | 1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms |
---|
247 | 2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms |
---|
248 | 3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms |
---|
249 | 4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms |
---|
250 | 5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms |
---|
251 | 6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms |
---|
252 | 7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms |
---|
253 | 8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms |
---|
254 | 9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms |
---|
255 | 10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms |
---|
256 | 11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms |
---|
257 | 12 * * * |
---|
258 | 13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms |
---|
259 | 14 * * * |
---|
260 | 15 * * * |
---|
261 | 16 * * * |
---|
262 | 17 * * * |
---|
263 | 18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms |
---|
264 | .fi |
---|
265 | .RE |
---|
266 | |
---|
267 | Note that the gateways 12, 14, 15, 16 & 17 hops away |
---|
268 | either don't send ICMP "time exceeded" messages or send them |
---|
269 | with a ttl too small to reach us. 14 \- 17 are running the |
---|
270 | MIT C Gateway code that doesn't send "time exceeded"s. God |
---|
271 | only knows what's going on with 12. |
---|
272 | .PP |
---|
273 | The silent gateway 12 in the above may be the result of a bug in |
---|
274 | the 4.[23]BSD network code (and its derivatives): 4.x (x <= 3) |
---|
275 | sends an unreachable message using whatever ttl remains in the |
---|
276 | original datagram. Since, for gateways, the remaining ttl is |
---|
277 | zero, the ICMP "time exceeded" is guaranteed to not make it back |
---|
278 | to us. The behavior of this bug is slightly more interesting |
---|
279 | when it appears on the destination system: |
---|
280 | |
---|
281 | .RS |
---|
282 | .nf |
---|
283 | 1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms |
---|
284 | 2 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 39 ms |
---|
285 | 3 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 39 ms 19 ms |
---|
286 | 4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 39 ms 40 ms 19 ms |
---|
287 | 5 ccn-nerif35.Berkeley.EDU (128.32.168.35) 39 ms 39 ms 39 ms |
---|
288 | 6 csgw.Berkeley.EDU (128.32.133.254) 39 ms 59 ms 39 ms |
---|
289 | 7 * * * |
---|
290 | 8 * * * |
---|
291 | 9 * * * |
---|
292 | 10 * * * |
---|
293 | 11 * * * |
---|
294 | 12 * * * |
---|
295 | 13 rip.Berkeley.EDU (128.32.131.22) 59 ms ! 39 ms ! 39 ms ! |
---|
296 | .fi |
---|
297 | .RE |
---|
298 | |
---|
299 | Notice that there are 12 "gateways" (13 is the final |
---|
300 | destination) and exactly the last half of them are "missing". |
---|
301 | What's really happening is that rip (a Sun-3 running Sun OS3.5) |
---|
302 | is using the ttl from our arriving datagram as the ttl in its |
---|
303 | ICMP reply. So, the reply will time out on the return path |
---|
304 | (with no notice sent to anyone since ICMP's aren't sent for |
---|
305 | ICMP's) until we probe with a ttl that's at least twice the path |
---|
306 | length. I.e., rip is really only 7 hops away. A reply that |
---|
307 | returns with a ttl of 1 is a clue this problem exists. |
---|
308 | Traceroute prints a "!" after the time if the ttl is <= 1. |
---|
309 | Since vendors ship a lot of obsolete (DEC's Ultrix, Sun 3.x) or |
---|
310 | non-standard (HPUX) software, expect to see this problem |
---|
311 | frequently and/or take care picking the target host of your |
---|
312 | probes. |
---|
313 | |
---|
314 | Other possible annotations after the time are |
---|
315 | .BR !H , |
---|
316 | .BR !N , |
---|
317 | or |
---|
318 | .B !P |
---|
319 | (got a host, network or protocol unreachable, respectively), |
---|
320 | .B !S |
---|
321 | or |
---|
322 | .B !F |
---|
323 | (source route failed or fragmentation needed \- neither of these should |
---|
324 | ever occur and the associated gateway is busted if you see one), |
---|
325 | .B !X |
---|
326 | (communication administratively prohibited), or |
---|
327 | .B !<N> |
---|
328 | (ICMP unreachable code N). |
---|
329 | If almost all the probes result in some kind of unreachable, traceroute |
---|
330 | will give up and exit. |
---|
331 | .PP |
---|
332 | This program is intended for use in network testing, measurement |
---|
333 | and management. |
---|
334 | It should be used primarily for manual fault isolation. |
---|
335 | Because of the load it could impose on the network, it is unwise to use |
---|
336 | .I traceroute |
---|
337 | during normal operations or from automated scripts. |
---|
338 | .SH SEE ALSO |
---|
339 | pathchar(8), netstat(1), ping(8) |
---|
340 | .SH AUTHOR |
---|
341 | Implemented by Van Jacobson from a suggestion by Steve Deering. Debugged |
---|
342 | by a cast of thousands with particularly cogent suggestions or fixes from |
---|
343 | C. Philip Wood, Tim Seaver and Ken Adelman. |
---|
344 | .LP |
---|
345 | The current version is available via anonymous ftp: |
---|
346 | .LP |
---|
347 | .RS |
---|
348 | .I ftp://ftp.ee.lbl.gov/traceroute.tar.Z |
---|
349 | .RE |
---|
350 | .SH BUGS |
---|
351 | Please send bug reports to traceroute@ee.lbl.gov. |
---|