命令行大全

traceroute

rose1 发表于 2020-08-03 16:14浏览次数:

在类似Unix的操作系统上,traceroute命令显示数据包到达网络主机的路由。 本文档介绍了Linux版本的traceroute。

查看英文版

目录:

1 traceroute 运行系统环境

2 traceroute 说明

3 traceroute 语法

4 traceroute 例子

traceroute 运行系统环境

Linux

traceroute 说明

互联网是由网关连接在一起的大型且复杂的网络硬件集合。跟踪数据包遵循的路由(或找到丢弃数据包的网关)可能很困难。 traceroute命令利用IP协议的“生存时间”字段,并尝试从每个网关到某个主机的路径中引发ICMP TIME_EXCEEDED响应。

唯一必需的参数是目标主机名或IP号。默认的探测数据报长度为40个字节,但是可以通过在目标主机名之后指定一个数据包大小(以字节为单位)来增加长度。

traceroute尝试通过启动具有较小ttl(生存时间)的探测数据包,然后侦听来自网关的ICMP“超时”答复,来跟踪IP数据包将遵循的路由到某些Internet主机的路由。它以1的ttl开始其探测,并将其增加1,直到获得ICMP“端口不可达”(或TCP重置),这意味着我们到达了“主机”,或者达到了最大值(默认为30跳)。 。在每个ttl设置中发送三个探针(默认情况下),并打印一行以显示ttl,网关地址和每个探针的往返时间。要求时,地址后可以有其他信息。如果探测答案来自不同的网关,则将打印每个响应系统的地址。如果在5.0秒内(默认)没有响应,则为该探针打印一个“ *”(星号)。

在行程时间之后,可以打印一些其他注释:!H,!N!P(主机,网络或协议不可访问)、! S(源路由失败)、! F(需要分段)、! X(管理性通信)禁止)、! V(违反主机优先级)、! C(有效优先级截止)或(ICMP无法访问代码)。如果几乎所有的探测导致某种无法到达的情况,traceroute都会放弃并退出。

您不希望目标主机处理UDP探测数据包,因此目标端口设置为不太可能的值(可以使用-p标志进行更改)。对于ICMP或TCP跟踪路由,没有这样的问题(对于TCP,我们使用半开放技术,这可以防止目标主机上的应用程序看到我们的探针)。

在现代网络环境中,由于防火墙的广泛使用,传统的traceroute方法不能总是适用。这样的防火墙过滤“不太可能”的UDP端口,甚至ICMP回声。为了解决这个问题,实现了一些其他的跟踪方法(包括tcp)。请参阅下面的可用方法列表。此类方法尝试使用特定的协议和源/目标端口来绕过防火墙(防火墙将其视为允许的网络会话类型的开始)。

The Internet is a large and complex aggregation of network hardware, connected together by gateways. Tracking the route your packets follow (or finding a gateway that's discarding your packets) can be difficult. The traceroute command utilizes the IP protocol "time to live" field and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway along the path to some host.

The only mandatory parameter is the destination hostname or IP number. The default probe datagram length is 40 bytes, but this may be increased by specifying a packet size (in bytes) after the destination hostname.

traceroute attempts to trace the route an IP packet would follow to some Internet host by launching probe packets with a small ttl (time to live) then listening for an ICMP "time exceeded" reply from a gateway. It start its probes with a ttl of one and increases this by one until it gets an ICMP "port unreachable" (or TCP reset), which means we got to the "host", or hit a max (which defaults to 30 hops). Three probes (by default) are sent at each ttl setting and a line is printed showing the ttl, address of the gateway and round trip time of each probe. The address can be followed by additional information when requested. If the probe answers come from different gateways, the address of each responding system will be printed. If there is no response within a 5.0 seconds (default), an "*" (asterisk) is printed for that probe.

After the trip time, some additional annotation can be printed: !H!N, or !P (host, network or protocol unreachable), !S (source route failed), !F (fragmentation needed), !X (communication administratively prohibited), !V (host precedence violation), !C (precedence cutoff in effect), or !<num> (ICMP unreachable code <num>). If almost all the probes result in some kind of unreachable, traceroute gives up and exit.

You don't want the destination host to process the UDP probe packets, so the destination port is set to an unlikely value (you can change it with the -p flag). There is no such a problem for ICMP or TCP tracerouting (for TCP we use half-open technique, which prevents our probes to be seen by applications on the destination host).

In the modern network environment the traditional traceroute methods can not be always applicable, because of widespread use of firewalls. Such firewalls filter the "unlikely" UDP ports, or even ICMP echoes. To solve this, some additional tracerouting methods are implemented (including tcp); see LIST OF AVAILABLE METHODS below. Such methods try to use particular protocol and source/destination port, to bypass firewalls (to be seen by firewalls just as a start of allowed type of a network session).

查看英文版

查看中文版

traceroute 语法

traceroute [-46dFITUnreAV] [-f first_ttl] [-g gate,...] [-i device] 
           [-m max_ttl] [-p port] [-s src_addr] [-q nqueries] 
           [-N squeries] [-t tos] [-l flow_label] [-w waittime] 
           [-z sendwait] [-UL] [-D] [-P proto] [--sport=port] [-M method] 
           [-O mod_options] [--mtu] [--back] host [packet_len]

选件

--help 显示帮助消息,然后退出。
-4-6 明确强制使用IPv4或IPv6跟踪。默认情况下,程序将尝试解析给定的名称,并自动选择适当的协议。如果解析主机名同时返回IPv4和IPv6地址,则traceroute将使用IPv4。
-I 使用ICMP ECHO作为探针。
-T 对探针使用TCP SYN。
-d 启用套接字级别的调试(如果内核支持)。
-F 不要对探测数据包进行分段。(对于IPv4,它还会设置DF位,该位告诉中间路由器也不要进行远程分段)。

通过packet_len 命令行参数更改探测数据包的大小,您可以手动获取有关各个网络跃点的MTU的信息。该--mtu选项(见下文)会尝试自动执行此操作。

请注意,仅从 Linux内核2.6.22开始,非碎片化功能(例如-F--mtu)才能正常工作。在该版本之前,IPv6始终是零散的,IPv4只能使用一次(从路由缓存中)发现的最终mtu ,它可能小于设备的实际mtu。
-f first_ttl 指定以哪个TTL开始。默认为1。
-g gateway 告诉traceroute向传出数据包添加IP源路由选项,该选项告诉网络通过指定网关路由数据包(出于安全原因,大多数路由器已禁用源路由)。通常,允许指定多个网关(以逗号分隔的列表)。对于IPv6,允许使用num ,addr ,addr ... 的形式,其中num是路由报头类型(默认为类型2)。(注意:根据rfc 5095 ,现在不赞成使用0型路由头)。
-i interface 指定traceroute应该通过其发送数据包的接口。缺省情况下,接口是根据路由表选择的。
-m max_ttl 指定traceroute探测的最大跳数(最大生存时间值)。默认值为30。
-N squeries 指定同时发送的探测报文数。同时发送多个探针可以大大提高跟踪路由的速度。默认值为16。请注意,某些路由器和主机可以使用ICMP速率限制。在这种情况下,指定太大的数字可能会导致某些响应丢失。
-n 显示IP地址时不要尝试将它们映射到主机名。
-p port 对于UDP跟踪,指定将使用的目标端口基本traceroute(目标端口号将随每个探针递增)。对于ICMP跟踪,指定初始ICMP序列值(每个探测器也递增)。对于TCP和其他协议,仅指定要连接的(恒定)目标端口。使用tcptraceroute包装程序时,-p指定源端口。
-t tos 对于IPv4,设置服务类型(TOS)和优先级值。有用的值为16(低延迟)和8(高吞吐量)。请注意,要使用某些TOS优先级值,您必须是superuser。对于IPv6,设置流量控制值。
-l flow_label 对IPv6数据包使用指定的flow_label。
-w waittime 设置等待探测响应的时间(以秒为单位)(默认为5.0)。
-q nqueries 设置每跳的探测包数。默认值为3。
-r 绕过常规路由表,并直接发送到连接的网络上的主机。如果主机不在直接连接的网络上,则返回错误。此选项可以用来执行ping一个本地主机通过,通过它没有路由的接口。
-s source_addr 选择备用源地址。请注意,您必须选择接口之一的地址。默认情况下,使用传出接口的地址。
-z sendwait 探针之间的最小时间间隔(默认为0)。如果该值大于10,则以毫秒为单位指定一个数字,否则为秒数(也允许使用浮点值)。当某些路由器对ICMP消息使用速率限制时很有用。
-e 显示ICMP扩展名。通用格式为CLASS / TYPE:后跟十六进制转储。解析后的MPLS(多协议标签交换)数据显示为:MPLS:L = 标签,E = exp_use ,S = stack_bottom ,T = TTL(其他对象用斜杠(“ / ”)分隔)。
-A 在路由注册表中执行AS路径查找,并在相应地址后直接打印结果。
-V 打印版本信息,然后退出。

以下选项旨在用于高级用途(其他跟踪方法等):

--sport=port 选择要使用的源端口。表示-N 1。通常,源端口(如果适用)由系统选择。
--fwmark=mark 设置传出数据包的防火墙标记(从Linux内核2.6.25开始)。
-M method 使用指定的方法进行traceroute操作。默认的传统udp方法称为default,并且icmp-I)和tcp-T)分别具有名称icmp和tcp。特定于方法的选项可以由-O传递。大多数方法都有其简单的快捷方式(-I表示-M icmp等)。
-O option 指定一些方法特定的选项。多个选项用逗号分隔(或在命令行上使用多个-O规范)。每种方法可能都有自己的特定选项,或者根本没有。要打印有关可用选项的信息,请使用-O帮助。
-U 使用UDP到特定的目标端口进行路由(而不是增加每个探针的端口)。默认端口是53(dns)。
-UL 使用UDPLITE进行路由(默认端口为53)。
-D 使用DCCP请求进行探测。
-P protocol 使用指定协议的原始数据包进行路由。根据rfc3692,默认协议为253。
--mtu

沿着被跟踪的路径发现MTU。表示-F -N 1。新的mtu在需要达到此mtu的跃点的第一个探针处以F = NUM的形式打印一次。(实际上,通常是由前一跳发送相应的“ frag needed” icmp消息)。

请注意,某些路由器可能会缓存可见的碎片信息。因此,您可以从更近的跃点接收最终的mtu。尝试通过-t指定不寻常的tos ,这可以帮助进行一次尝试(然后也可以将其缓存在该位置)。有关更多信息,请参见-F选项。

--back 当前向方向看起来不一样时,请打印后向跳跃数。这个数字是在假设猜到远程啤酒花发送回复初始TTL组分组要么64,128255(这是一种常见的做法)。它被打印为形式负值“ - NUM ”。

可用方法列表

通常,可能必须通过“ -M name ” 来选择特定的traceroute方法,但是大多数方法都有其简单的命令行开关(如果存在,您可以在方法名之后看到它们)。

default 传统的古代寻迹方法。默认使用。

探测数据包是带有所谓“不太可能”目标端口的udp数据报。第一个探针的“不太可能”端口为33434,然后对于每个下一个探针将其递增1。由于期望端口未使用,因此目标主机通常会返回“ icmp unreach port”作为最终响应。(不过,没人知道当某些应用程序侦听此类端口时会发生什么)。

非特权用户可以使用此方法。
icmp-I ICMP,-I 最常用的方法,它使用icmp echo数据包作为探针。如果您可以ping通目标主机,则icmp tracerouting也适用。

由于内核3.0(仅IPv4)支持新的dgram icmp(或“ ping”)套接字,因此非特权用户可以使用此方法。要允许此类套接字,sysadmin应该提供net / ipv4 / ping_group_range sysctl范围以匹配任何用户组。

选项:
raw 仅使用原始套接字(这是传统方法)。默认情况下会首先尝试使用此方法(出于兼容性原因),然后尝试使用新的dgram icmp套接字作为后备。
dgram 仅使用dgram icmp套接字。
tcp-T 众所周知的现代方法,旨在绕过防火墙。使用恒定的目标端口(默认为80,http)。

如果网络路径中存在一些过滤器,则很可能过滤所有“不太可能”的udp端口(对于默认方法)甚至icmp回声(对于icmp),并且整个跟踪路由都将在这种防火墙处停止。要绕过网络过滤器,我们只能使用允许的协议/端口组合。如果我们跟踪某些邮件服务器,那么-T -p 25更有可能到达它,即使-I也不能。

此方法使用众所周知的“半开放式技术”,这完全阻止了目标主机上的应用程序看到我们的探针。通常情况下,tcp syn已发送。对于未监听的端口,我们会收到tcp reset,所有操作都已完成。对于活动的侦听端口,我们会收到tcp syn + ack,但通过tcp重置(而不是预期的tcp ack)进行应答,这样即使没有通知应用程序,也将丢弃远程tcp会话。

tcp方法可能是以下之一:

syn,ack,fin,rst,psh,urg,ece,cwr 以任意组合设置探测数据包的指定tcp标志。
flags=num 将tcp标头中的flags字段完全设置为num。
ecn 发送带有tcp标志ECE和CWR的syn数据包(用于显式拥塞通知,rfc3168)。
sack,timestamps,window_scaling 在传出的探测数据包中使用相应的tcp标头选项。
sysctl 将当前sysctl(/ proc / sys / net / *)设置用于上述tcp标头选项和ecn。如果没有其他指定,则始终默认设置。
mss=num 将num的值用于maxseg tcp标头选项(当syn时)。
info 到达目标主机后,输出最终tcp答复的tcp标志。允许确定应用程序是否监听端口和其他有用的东西。
缺省的tcp方法是syn,sysctl。
tcpconn 使用简单的connect()调用实现tcp方法,该调用执行完整的tcp会话打开。不建议一般使用,因为目标应用程序始终会受到影响(并且可能会造成混淆)。
udp-U 使用具有恒定目标端口的udp数据报(默认值为53,dns)。旨在绕过防火墙。

请注意,与tcp方法不同,目标主机上的相应应用程序始终会接收您的探针(带有随机数据),并且大多数探针很容易将它们混淆。在大多数情况下,它不会响应您的数据包,因此您将永远不会在跟踪中看到最后一跳。(但是,DNS服务器通常会发出一些愤怒的回复)。

非特权用户可以使用此方法。
udplite-UL

udplite数据报用于探针(具有恒定的目标端口,默认值为 53)。

非特权用户可以使用此方法。

选项:

udplite发送coverage 设置为num。
dccp-D

将DCCP请求数据包用于探针(rfc4340)。

此方法使用与TCP相同的“半开放技术”。默认目标端口为33434。

选项:

将DCCP服务代码设置为num(默认值为1885957735)。
raw-Pproto

发送原始协议原始数据包。不使用特定于协议的标头,仅使用IP标头。表示-N 1。

选项:

协议= 原 使用IP协议原型(默认253)。

笔记

为了加快工作速度,通常会同时发送多个探针。不利的一面是,这会造成“打包风暴”,尤其是在回复方向上。路由器可以限制icmp响应的速率,并且某些回复可能会丢失。为了避免这种情况,请减少同时探测的数量,甚至将其设置为1(如在初始traceroute实施中一样),即-N 1

最终(目标)主机可以丢弃某些同时进行的探测,甚至可能仅回答最新的探测。这可能会导致在最终跃点附近产生额外的“看起来已过期”跃点。traceroute使用一种智能算法来自动检测这种情况,但是,如果无法解决您的问题,请使用-N 1。

为了获得更大的稳定性,您可以使用-z选项降低程序的工作速度。例如,使用-z 0.5在两次探查之间暂停半秒。

如果某些跃点对每种方法都没有报告任何结果,那么获得某些结果的最后机会是将ping命令与-R选项一起使用(IPv4,并且仅用于最近的8个跃点)。

traceroute [-46dFITUnreAV] [-f first_ttl] [-g gate,...] [-i device] 
           [-m max_ttl] [-p port] [-s src_addr] [-q nqueries] 
           [-N squeries] [-t tos] [-l flow_label] [-w waittime] 
           [-z sendwait] [-UL] [-D] [-P proto] [--sport=port] [-M method] 
           [-O mod_options] [--mtu] [--back] host [packet_len]

Options

--help Display a help message, and exit.
-4-6 Explicitly force IPv4 or IPv6 tracerouting. By default, the program will try to resolve the name given, and choose the appropriate protocol automatically. If resolving a hostname returns both IPv4 and IPv6 addresses, traceroute will use IPv4.
-I Use ICMP ECHO for probes.
-T Use TCP SYN for probes.
-d Enable socket level debugging (if the kernel supports it).
-F Do not fragment probe packets. (For IPv4 it also sets DF bit, which tells intermediate routers not to fragment remotely as well).

Varying the size of the probing packet by the packet_len command-line parameter, you can manually obtain information about the MTU of individual network hops. The --mtu option (see below) tries to do this automatically.

Note, that non-fragmented features (like -F or --mtu) work properly since the Linux kernel 2.6.22 only. Before that version, IPv6 was always fragmented, IPv4 could use the once the discovered final mtu only (from the route cache), which can be less than the actual mtu of a device.
-f first_ttl Specifies with what TTL to start. Defaults to 1.
-g gateway Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway (most routers have disabled source routing for security reasons). In general, specifying multiple gateways is allowed (as a comma-separated list). For IPv6, the form of num,addr,addr... is allowed, where num is a route header type (default is type 2). (Note: the type 0 route header is now deprecated, according to rfc 5095).
-i interface Specifies the interface through which traceroute should send packets. By default, the interface is selected according to the routing table.
-m max_ttl Specifies the maximum number of hops (max time-to-live value) traceroute will probe. The default is 30.
-N squeries Specifies the number of probe packets sent out simultaneously. Sending several probes concurrently can speed up traceroute considerably. The default value is 16. Note that some routers and hosts can use ICMP rate throttling. In such a situation specifying too large number can lead to loss of some responses.
-n Do not try to map IP addresses to hostnames when displaying them.
-p port For UDP tracing, specifies the destination port base traceroute will use (the destination port number will be incremented by each probe). For ICMP tracing, specifies the initial ICMP sequence value (incremented by each probe too). For TCP and others specifies just the (constant) destination port to connect. When using the tcptraceroute wrapper, -p specifies the source port.
-t tos For IPv4, set the Type of Service (TOS) and Precedence value. Useful values are 16 (low delay) and 8 (high throughput). Note that to use some TOS precedence values, you have to be superuser. For IPv6, set the Traffic Control value.
-l flow_label Use specified flow_label for IPv6 packets.
-w waittime Set the time (in seconds) to wait for a response to a probe (default is 5.0).
-q nqueries Sets the number of probe packets per hop. The default is 3.
-r Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ping a local host through an interface that has no route through it.
-s source_addr Chooses an alternative source address. Note that you must select the address of one of the interfaces. By default, the address of the outgoing interface is used.
-z sendwait Minimal time interval between probes (default 0). If the value is more than 10, then it specifies a number in milliseconds, else it is a number of seconds (floating point values allowed too). Useful when some routers use rate-limit for ICMP messages.
-e Show ICMP extensions. The general form is CLASS/TYPE: followed by a hexadecimal dump. The MPLS (Multiprotocol Label Switching) data is shown parsed, in a form: MPLS:L=label,E=exp_use,S=stack_bottom,T=TTL (with any further objects separated by a slash ("/")).
-A Perform AS path lookups in routing registries and print results directly after the corresponding addresses.
-V Print version information, and exit.

The following options are intended for an advanced usage (another trace methods etc.):

--sport=port Chooses the source port to use. Implies -N 1. Normally source ports (if applicable) are chosen by the system.
--fwmark=mark Set the firewall mark for outgoing packets (since Linux kernel 2.6.25).
-M method Use specified method for traceroute operations. Default traditional udp method is called default, and icmp (-I) and tcp (-T) have the names icmp and tcp, respectively. Method-specific options can be passed by -O. Most methods have their simple shortcuts (-I means -M icmp, etc).
-O option Specifies some method-specific option. Several options are separated by comma (or use several -O specifications on the command-line). Each method may have its own specific options, or many not have them at all. To print information about available options, use -O help.
-U Use UDP to particular destination port for tracerouting (instead of increasing the port per each probe). Default port is 53 (dns).
-UL Use UDPLITE for tracerouting (default port is 53).
-D Use DCCP Requests for probes.
-P protocol Use raw packet of specified protocol for tracerouting. Default protocol is 253, as per rfc3692.
--mtu

Discover MTU along the path being traced. Implies -F -N 1. New mtu is printed once in a form of F=NUM at the first probe of a hop which requires such mtu to be reached. (Actually, the correspond "frag needed" icmp message normally is sent by the previous hop).

Note, that some routers might cache once the seen information on a fragmentation. Thus you can receive the final mtu from a closer hop. Try to specify an unusual tos by -t, this can help for one attempt (then it can be cached there as well). See -F option for more info.

--back Print the number of backward hops when it seems different with the forward direction. This number is guessed in assumption that remote hops send reply packets with initial ttl set to either 64128 or 255 (which is a common practice). It is printed as a negative value in a form of '-NUM' .

List Of Available Methods

In general, a particular traceroute method may have to be chosen by "-M name", but most of the methods have their simple command-line switches (you can see them after the method name, if present).

default The traditional, ancient method of tracerouting. Used by default.

Probe packets are udp datagrams with so-called "unlikely" destination ports. The "unlikely" port of the first probe is 33434, then for each next probe it is incremented by one. Since the ports are expected to be unused, the destination host normally returns "icmp unreach port" as a final response. (Nobody knows what happens when some application listens for such ports, though).

This method is allowed for unprivileged users.
icmp-I The most commonly-used method, which uses icmp echo packets for probes. If you can ping the destination host, icmp tracerouting is applicable as well.

This method may be allowed for unprivileged users since the kernel 3.0 (IPv4 only), which supports new dgram icmp (or "ping") sockets. To allow such sockets, sysadmin should provide net/ipv4/ping_group_range sysctl range to match any group of the user.

Options:
raw Use only raw sockets (this is the traditional method). This method is tried first by default (for compatibility reasons), then new dgram icmp sockets as fallback.
dgram Use only dgram icmp sockets.
tcp-T Well-known modern method, intended to bypass firewalls. Uses the constant destination port (default is 80, http).

If some filters are present in the network path, then most probably any "unlikely" udp ports (as for default method) or even icmp echoes (as for icmp) are filtered, and whole tracerouting will just stop at such a firewall. To bypass a network filter, we have to use only allowed protocol/port combinations. If we trace for some, say, mailserver, then more likely -T -p 25 can reach it, even when -I cannot.

This method uses well-known "half-open technique", which prevents applications on the destination host from seeing our probes at all. Normally, a tcp syn is sent. For non-listened ports we receive tcp reset, and all is done. For active listening ports we receive tcp syn+ack, but answer by tcp reset (instead of expected tcp ack), this way the remote tcp session is dropped even without the application ever taking notice.

The tcp method may be one of the following:

syn,ack,fin,rst,psh,urg,ece,cwr Sets specified tcp flags for probe packet, in any combination.
flags=num Sets the flags field in the tcp header exactly to num.
ecn Send syn packet with tcp flags ECE and CWR (for Explicit Congestion Notification, rfc3168).
sack,timestamps,window_scaling Use the corresponding tcp header option in the outgoing probe packet.
sysctl Use current sysctl (/proc/sys/net/*) setting for the tcp header options above and ecn. Always set by default, if nothing else specified.
mss=num Use value of num for maxseg tcp header option (when syn).
info Print tcp flags of final tcp replies when the target host is reached. Allows to determine whether an application listens the port and other useful things.
The default tcp method is syn,sysctl.
tcpconn An implementation of the tcp method using a simple connect() call, which performs full tcp session opening. Not recommended for normal use, because a destination application is always affected (and can be confused).
udp-U Use udp datagram with constant destination port (default 53, dns). Intended to bypass firewall as well.

Note, that unlike in tcp method, the corresponding application on the destination host always receive your probes (with random data), and most can easily be confused by them. In most cases it will not respond to your packets, so you will never see the final hop in the trace. (DNS servers usually reply with something angry, however).

This method is allowed for unprivileged users.
udplite-UL

Use udplite datagram for probes (with constant destination port, default 53).

This method is allowed for unprivileged users.

Options:

coverage=num Set udplite send coverage to num.
dccp-D

Use DCCP Request packets for probes (rfc4340).

This method uses the same "half-open technique" as used for TCP. The default destination port is 33434.

Options:

service=num Set DCCP service code to num (default is 1885957735).
raw-Pproto

Send raw packet of protocol proto. No protocol-specific headers are used, just IP header only. Implies -N 1.

Options:

protocol=proto Use IP protocol proto (default 253).

Notes

To speed up work, normally several probes are sent simultaneously. The downside is that this creates a "storm of packages", especially in the reply direction. Routers can throttle the rate of icmp responses, and some of replies can be lost. To avoid this, decrease the number of simultaneous probes, or even set it to 1 (like in initial traceroute implementation), i.e. -N 1

The final (target) host can drop some of the simultaneous probes, and might even answer only the latest ones. It can lead to extra "looks like expired" hops near the final hop. traceroute uses a smart algorithm to auto-detect such a situation, but if it cannot help in your case, just use -N 1.

For even greater stability you can slow down the program's work with the -z option. For example, use -z 0.5 for a half-second pause between probes.

If some hops report nothing for every method, the last chance to obtain something is to use the ping command with the -R option (IPv4, and for nearest 8 hops only).

查看英文版

查看中文版

traceroute 例子

traceroute computerhope.com

使用默认方法(udp数据报,16个同时探测),跟踪数据包在系统与名为computerhope.com的主机之间采取的路由。结果将类似于以下输出:

traceroute to computerhope.com (166.70.10.23), 30 hops max, 60 byte packets
 1  176.221.87.1 (176.221.87.1)  1.474 ms  1.444 ms  1.390 ms
 2  f126.broadband2.quicknet.se (92.43.37.126)  10.047 ms  19.868 ms  23.156 ms
 3  10.5.12.1 (10.5.12.1)  24.098 ms  24.340 ms  25.311 ms
 4  212.247.178.9 (212.247.178.9)  25.777 ms  27.184 ms  27.625 ms
 5  vst-ncore-1.bundle-ether1.tele2.net (130.244.39.46)  30.632 ms  31.610 ms  32.194 ms
 6  kst5-core-1.bundle-ether6.tele2.net (130.244.71.178)  33.608 ms  15.274 ms  16.449 ms
 7  kst5-peer-1.ae0-unit0.tele2.net (130.244.205.125) 252.53 ms 11.169 ms 12.158 ms
 8  avk6-peer-1.ae0-unit0.tele2.net (130.244.64.71)  19.661 ms  25.765 ms  26.730 ms
 9  peer-as3257.avk6.tele2.net (130.244.200.106)  25.390 ms  24.863 ms xe-5-0-0.nyc30.ip4.tinet.net (89.149.181.109)  23.626 ms
10  fortress-gw.ip4.tinet.net (216.221.158.90)  29.943 ms  31.112 ms  29.002 ms
11  208.116.63.254 (208.116.63.254)  32.102 ms  29.862 ms  29.337 ms
traceroute computerhope.com

Trace the route that packets take between your system and the host named computerhope.com, using the default method (udp datagram, 16 simultaneous probes). The results will look similar to the following output:

traceroute to computerhope.com (166.70.10.23), 30 hops max, 60 byte packets
 1  176.221.87.1 (176.221.87.1)  1.474 ms  1.444 ms  1.390 ms
 2  f126.broadband2.quicknet.se (92.43.37.126)  10.047 ms  19.868 ms  23.156 ms
 3  10.5.12.1 (10.5.12.1)  24.098 ms  24.340 ms  25.311 ms
 4  212.247.178.9 (212.247.178.9)  25.777 ms  27.184 ms  27.625 ms
 5  vst-ncore-1.bundle-ether1.tele2.net (130.244.39.46)  30.632 ms  31.610 ms  32.194 ms
 6  kst5-core-1.bundle-ether6.tele2.net (130.244.71.178)  33.608 ms  15.274 ms  16.449 ms
 7  kst5-peer-1.ae0-unit0.tele2.net (130.244.205.125) 252.53 ms 11.169 ms 12.158 ms
 8  avk6-peer-1.ae0-unit0.tele2.net (130.244.64.71)  19.661 ms  25.765 ms  26.730 ms
 9  peer-as3257.avk6.tele2.net (130.244.200.106)  25.390 ms  24.863 ms xe-5-0-0.nyc30.ip4.tinet.net (89.149.181.109)  23.626 ms
10  fortress-gw.ip4.tinet.net (216.221.158.90)  29.943 ms  31.112 ms  29.002 ms
11  208.116.63.254 (208.116.63.254)  32.102 ms  29.862 ms  29.337 ms

查看英文版

查看中文版