Use Traceroute and MTR to Diagnose Network Issues

Introduction

There are a few tools that are simple to use, but valuable to know. In this guide, we will discuss how to use a tool called traceroute to diagnose where a network issue may be happening.

We will also look at a utility called mtr which combines much of the functionality of ping and traceroute into one interface.

How To Use Traceroute

Traceroute is a simple tool to show the pathway to a remote server. This can be anything from a website that you are attempting to visit, to a printer on your local network.

We simply need to provide a website or IP address that we would like to explore:

traceroute google.com
traceroute to google.com (172.217.17.142), 30 hops max, 60 byte packets
 1 185.101.107.254 (185.101.107.254) 0.358 ms 0.308 ms 0.309 ms
 2 109.99.150.45 (109.99.150.45) 1.516 ms 1.505 ms 1.477 ms
 3 10.0.245.85 (10.0.245.85) 7.266 ms 8.193 ms 8.188 ms
 4 10.0.225.213 (10.0.225.213) 24.181 ms 10.0.245.209 (10.0.245.209) 31.146 ms 30.961 ms
 5 10.0.200.138 (10.0.200.138) 24.082 ms 10.0.240.238 (10.0.240.238) 24.695 ms 10.0.200.138 (10.0.200.138) 24.202 ms
 6 de-cix10.net.google.com (80.81.192.108) 57.190 ms 37.673 ms 38.467 ms
 7 216.239.57.113 (216.239.57.113) 36.138 ms 216.239.47.84 (216.239.47.84) 33.650 ms 216.239.46.94 (216.239.46.94) 31.870 ms
 8 216.239.57.145 (216.239.57.145) 32.690 ms 33.653 ms 216.239.57.184 (216.239.57.184) 36.496 ms
 9 66.249.95.39 (66.249.95.39) 38.573 ms 108.170.232.77 (108.170.232.77) 36.371 ms 209.85.143.26 (209.85.143.26) 35.615 ms
10 216.239.54.206 (216.239.54.206) 33.579 ms 216.239.54.196 (216.239.54.196) 29.542 ms 216.239.54.206 (216.239.54.206) 33.848 ms
11 209.85.253.243 (209.85.253.243) 34.279 ms 34.329 ms 216.239.47.101 (216.239.47.101) 31.252 ms
12 108.170.241.161 (108.170.241.161) 32.455 ms 33.430 ms 32.353 ms
13 108.170.236.225 (108.170.236.225) 33.379 ms 33.444 ms 32.313 ms
14 ams15s30-in-f14.1e100.net (172.217.17.142) 34.456 ms 34.270 ms 33.308 ms

How To Read Traceroute’s Output

The first line tells us the conditions that traceroute is operating under:

traceroute to google.com (172.217.17.142), 30 hops max, 60 byte packets

It gives the specified host, the IP address that DNS returns for that domain, the maximum number of hops to check, and the size of the packet that will be used.

The maximum number of hops can be adjusted with the -m flag. If the host you are trying to route to is over 30 hops away, you may need to specify a larger value here. The maximum value you can set is 255.

traceroute -m 255 zetservers.com

You can adjust the size of the packet that is sent to each hop by giving the integer after the hostname:

traceroute zetservers.com 70
traceroute to zetservers.com (104.25.84.5), 30 hops max, 70 byte packets
 1 185.101.107.254 (185.101.107.254) 1.482 ms 1.435 ms 1.435 ms
 2 109.99.150.45 (109.99.150.45) 7.072 ms 6.895 ms 7.048 ms
 3 10.0.245.85 (10.0.245.85) 10.291 ms 9.879 ms 9.972 ms
 4 10.0.245.201 (10.0.245.201) 29.215 ms 10.0.225.213 (10.0.225.213) 27.028 ms 10.0.225.229 (10.0.225.229) 26.793 ms
 5 10.0.240.238 (10.0.240.238) 24.976 ms 10.0.200.138 (10.0.200.138) 28.215 ms 10.0.240.238 (10.0.240.238) 24.958 ms
 6 de-cix-frankfurt.as13335.net (80.81.194.180) 24.546 ms 24.981 ms 24.151 ms
 7 104.25.84.5 (104.25.84.5) 24.119 ms 23.728 ms 24.757 ms

After the first line, each subsequent line represents a “hop”, or intermediate host that your traffic must pass through to reach the computer represented by the host you specified.

Each line has the following format:

hop_number   host_name   (IP_address)  packet_round_trip_times

Here is an example of a hop you might see:

6 de-cix-frankfurt.as13335.net (80.81.194.180) 24.546 ms 24.981 ms 24.151 ms

Here is what each field means:

  • hop_number: A sequential count of the number of degrees of separation the host is from your computer. Traffic from hosts with higher numbers have to go through more computers to get routed.
  • host_name: This field contains the result of a reverse DNS lookup on the host’s IP address, if available. If no information is returned from the reverse DNS query, the IP address itself is given.
  • IP_address: This field contains the IP address for this network hop.
  • packetroundtrip_times: The remainder of the line gives the round-trip times for a packet to the host and back again. By default, three packets are sent to each host and each attempt is appended to the end of the line.
    • If you would like to change the number of packets that are tested against each host, you can specify a number with the -q option, like this:
      traceroute -q1 zetservers.com
      

If you would like to forgot the reverse DNS lookup to speed up the trace, you can pass the -n flag:

traceroute -n zetservers.com
traceroute to zetservers.com (104.25.84.5), 30 hops max, 60 byte packets
 1 185.101.107.254 0.454 ms 0.420 ms 0.394 ms
 2 109.99.150.45 3.812 ms 3.785 ms 3.175 ms
 3 10.0.245.85 9.387 ms 9.289 ms 9.256 ms

If your traceroute dissolves into some asterisks (*), there is a problem with the route to the host.

 1 185.101.107.254 (185.101.107.254) 0.358 ms 0.308 ms 0.309 ms
 2 109.99.150.45 (109.99.150.45) 1.516 ms 1.505 ms 1.477 ms
 3 10.0.245.85 (10.0.245.85) 7.266 ms 8.193 ms 8.188 ms
 4  * * *
 5  * * *

What Does a Route Issue Mean?

If your traceroute attempt stops at a particular hop or node and cannot find a route to the host, you have a problem.

While the hop where the route fails to return may be the location of the networking issue, it isn’t always that easy to diagnose.

Due to the fact that each ping represents a round-trip packet, and the situation where packets often use different pathways in either direction, it may indicate a problem in a completely different, possibly closer route.

It also may be the case that the problem is with the hop directly after the last hop you see. It is difficult to diagnose the exact location of the problem unless you can get a return traceroute from that specific hop. This is usually not possible outside of your own network.

How To Use MTR

A dynamic alternative to the traceroute program is mtr. Combining the functionality of ping and traceroute, mtr allows you to constantly poll a remote server and see how the latency and performance changes over time.

Unlike traceroute, mtr is not installed by default on most systems. You can get it by typing the following commands.

Ubuntu/Debian:

sudo apt-get install mtr

CentOS/Fedora:

yum install mtr

Arch:

pacman -S mtr

Once it is installed, you can call it by typing:

mtr google.com
 My traceroute [v0.75]
testovi (0.0.0.0) Fri Oct 21 20:02:45 2016
Resolver: Received error response 2. (server failure)er of fields quit
 Packets Pings
 Host Loss% Snt Last Avg Best Wrst StDev
 1. 185.101.107.254 0.0% 6 0.3 0.5 0.2 0.9 0.3
 2. 109.99.150.45 0.0% 6 3.3 4.5 1.2 11.7 3.7
 3. 10.0.245.85 0.0% 6 7.2 7.7 7.0 10.6 1.4
 4. 10.0.225.229 0.0% 6 24.8 26.2 24.8 28.4 1.2
 5. 10.0.200.138 0.0% 6 24.2 24.6 24.2 25.5 0.5
 6. de-cix10.net.google.com 0.0% 6 36.3 36.5 36.2 36.9 0.2

While the output may look similar, the big advantage over traceroute is that the output is constantly updated. This allows you to accumulate trends and averages, and also allows you to see how the network performance varies over time.

If you ran a traceroute, there is a possibility that the packets that were sent to each hop happened to make the trip without incident, even in a situation where the route is suffering from intermittent packet loss. The mtr utility allows you to monitor for this situation by gathering data over a wider range of time.

It is also possible to run mtr with the --report option, which returns the results of sending 10 packets to each hop.

mtr --report google.com
HOST: testovi Loss% Snt Last Avg Best Wrst StDev
 1. 185.101.107.254 0.0% 10 0.7 0.5 0.3 0.8 0.2
 2. 109.99.150.45 0.0% 10 1.3 2.8 1.2 9.0 2.4
 3. 10.0.245.85 0.0% 10 7.1 7.6 6.9 9.7 0.8
 4. 10.0.225.229 0.0% 10 26.2 26.8 24.6 28.2 1.4
 5. 10.0.200.138 0.0% 10 24.9 24.4 24.1 24.9 0.3

This can be useful when you don’t necessarily want to measure in real-time, but you want a greater range of data than traceroute provides.

LEAVE A COMMENT