Provided by: traceroute-nanog_6.3.10-2_i386 bug


       traceroute - print route IP packets follow going to a remote host


       traceroute [ options ] host [ size ]


       Traceroute  attempts  to  trace  the route an IP packet follows to some
       internet host.  It finds  out  intermediate  hops  by  launching  probe
       packets  with a small time-to-live (TTL) value, and then listens for an
       ICMP reply of time exceeded from an  intermediate  router.   Traceroute
       starts  probing  with a TTL of one, and increments by one until an ICMP
       port unreachable reply is received.  This means the  probe  either  got
       through to host, or hit the maximum TTL.

       host  is  the only mandatory argument, and specifies the target system,
       either as an IP address, or as a host name.  Parameter size  determines
       the size of the probe packets in bytes.


       -a     Abort after 10 consecutive hops without an answer.

       -d     Turn  on  socket level debugging.  This option is only available
              to the super-user (root).

       -m max_ttl
              Set the maximum time-to-live (TTL) value that will be  used  for
              probing.  Hosts that are farther than max_ttl hops away will not
              be traced (default 30).

       -n     Report only IP addresses, but no hostnames.

       -p port
              Start  probing  at  an  alternate  UDP  port  (default   33434).
              Traceroute by default sends out UDP packets with increasing port
              numbers starting at port, and listens for ICMP  errors  returned
              from  remote  hosts.  This scheme only works if there are no UDP
              servers listening on the probed hosts in the range from port  to
              port + max_ttl.

       -q n   Send  out  n  queries  for  each  TTL  (each  intermediate host)
              (default 3).

       -r     Set Dont Route option, advising routers to drop the packets.  In
              other words, only probe within the local subnet.

       -s addr
              Set  source address of outgoing packets to addr, given either as
              numeric IP address, or as hostname.

       -t tos Set  the  type-of-service  field  in  the  outgoing  IP  packets
              (default 0).  tos is valid in the range of 0 to 255.

       -u     Use microsecond timestamps.

       -v     Turn on verbose output.

       -w wait
              Set  timeout for replies to wait seconds (default 5 sec).  If no
              ICMP reply is received within wait after a packet has been  sent
              out, the probe is considered as failed.

       -A     Report  the Autonomous System Number (ASN) at each hop.  Roughly
              speaking, the ASN tells which administration a router is subject
              to.   See  RFC 1930 for all the details, and section ENVIRONMENT
              below on how to fine tune the lookup.

       -I proto
              Send out probe packets using IP protocol proto, given either  as
              name  or  numerical  value  (default  UDP).   Some features like
              parallel probing are only available when using UDP.

       -M     Determine the maximum transfer unit (MTU) along the  path.   See
              RFC 1191 for details.

       -O     At each hop, perform a DNS lookup and report the owner as listed
              in the SOA record.

       -P     Send out multiple probes in  parallel.   The  default  behaviour
              probes  each  hop  in turn, starting from the nearest.  Parallel
              mode is faster, but less reliable.  Many routers rate limit ICMP
              packets  from a single host, so dropouts are much more likely in
              parallel mode, and need not indicate a networking problem.

       -Q     Report detailed statistics on the round trip times at  each  hop
              (minimum / average +- standard deviation / maximum).  The values
              are given in milli seconds.

       -S min_ttl
              Set the time-to-live (TTL) value in the first packet sent out to
              min_ttl (default 1).  This option determines the first (nearest)
              host that will show up in the trace.

       -T t   End each line with t instead of a newline.  This comes in handy,
              for example, when including traceroute’s output in an HTML page.

       -U     Move on to probing the next hop as soon as the first  successful
              probe arrives.

       -$     Send  out  nothing  but a single ping with a very large time-to-


       Usually the round trip time is printed for  each  probe  at  each  hop.
       Special symbols denote when something went wrong:

       *      No reply received within wait seconds.

       !      Reply arrived with a time-to-live value of one or lower.

       !H     Received   a   reply   telling  that  the  destination  host  is

       !N     Received  a  reply  telling  that  the  destination  network  is

       !P     Received   a   reply   telling  that  the  desired  protocol  is

       !S     Received a reply telling that  source  routing  failed.   Should
              never occur--unless the probed gateway is screwed.

       !F     Received  a  reply telling that fragmentation is needed.  Should
              never occur--unless the probed gateway is screwed.


       (This section is taken almost verbatim from the  documentation  in  the
       traceroute sourcecode.)

              [yak 71]% traceroute
              traceroute to (, 30 hops max, 56 byte packet
               1 (  19 ms  19 ms  0 ms
               2  lilac-dmc.Berkeley.EDU (  39 ms  39 ms  19 ms
               3  lilac-dmc.Berkeley.EDU (  39 ms  39 ms  19 ms
               4  ccngw-ner-cc.Berkeley.EDU (  39 ms  40 ms  39 ms
               5  ccn-nerif22.Berkeley.EDU (  39 ms  39 ms  39 ms
               6 (  40 ms  59 ms  59 ms
               7 (  59 ms  59 ms  59 ms
               8 (  99 ms  99 ms  80 ms
               9 (  139 ms  239 ms  319 ms
              10 (  220 ms  199 ms  199 ms
              11 (  239 ms  239 ms  239 ms

       Note  that  lines 2 & 3 are the same.  This is due to a buggy kernel on
       the 2nd hop system -- -- that  forwards  packets  with  a
       zero TTL.

       A more interesting example is:

              [yak 72]% traceroute
              traceroute to (, 30 hops max
               1 (  0 ms  0 ms  0 ms
               2  lilac-dmc.Berkeley.EDU (  19 ms  19 ms  19 ms
               3  lilac-dmc.Berkeley.EDU (  39 ms  19 ms  19 ms
               4  ccngw-ner-cc.Berkeley.EDU (  19 ms  39 ms  39 ms
               5  ccn-nerif22.Berkeley.EDU (  20 ms  39 ms  39 ms
               6 (  59 ms  119 ms  39 ms
               7 (  59 ms  59 ms  39 ms
               8 (  80 ms  79 ms  99 ms
               9 (  139 ms  139 ms  159 ms
              10 (  199 ms  180 ms  300 ms
              11 (  300 ms  239 ms  239 ms
              12  * * *
              13 (  259 ms  499 ms  279 ms
              14  * * *
              15  * * *
              16  * * *
              17  * * *
              18  ALLSPICE.LCS.MIT.EDU (  339 ms  279 ms  279 ms

       (I start to see why I’m having so much trouble with mail to MIT.)  Note
       that the gateways 12, 14, 15, 16 & 17 hops away either don’t send  ICMP
       "time exceeded" messages or send them with a TTL too small to reach us.
       14 - 17 are running the MIT C Gateway  code  that  doesn’t  send  "time
       exceeded"s.  God only knows what’s going on with 12.

       The  silent  gateway  12 in the above may be the result of a bug in the
       4.[23]BSD network code (and its derivatives):  4.x (x <=  3)  sends  an
       unreachable   message  using  whatever  TTL  remains  in  the  original
       datagram.  Since, for gateways, the remaining TTL  is  zero,  the  icmp
       "time  exceeded" is guaranteed to not make it back to us.  The behavior
       of this bug is  slightly  more  interesting  when  it  appears  on  the
       destination system:

               1 (  0 ms  0 ms  0 ms
               2  lilac-dmc.Berkeley.EDU (  39 ms  19 ms  39 ms
               3  lilac-dmc.Berkeley.EDU (  19 ms  39 ms  19 ms
               4  ccngw-ner-cc.Berkeley.EDU (  39 ms  40 ms  19 ms
               5  ccn-nerif35.Berkeley.EDU (  39 ms  39 ms  39 ms
               6  csgw.Berkeley.EDU (  39 ms  59 ms  39 ms
               7  * * *
               8  * * *
               9  * * *
              10  * * *
              11  * * *
              12  * * *
              13  rip.Berkeley.EDU (  59 ms !  39 ms !  39 ms !

       Notice  that  there are 12 "gateways" (13 is the final destination) and
       exactly the last half of them are "missing".  What’s  really  happening
       is  that  rip  (a  Sun-3  running  Sun OS3.5) is using the TTL from our
       arriving datagram as the TTL in its icmp reply.   So,  the  reply  will
       time  out  on the return path until we probe with a TTL that’s at least
       twice the path length.  I.e., rip is really only 7 hops away.


       The lookup process of Autonomous System Numbers  (ASN,  see  option  -A
       above) can be configured via several environment variables. By default,
       traceroute issues a whois query on the Routing Assets  Database  (RADB)
       at, which should be sufficient in most cases.  Chances are
       that you don’t want to change anything here, unless you know very  well
       what you are doing.

       The  contents of the following environment variables are limited to 100
       characters at most.  Any trailing characters are silently ignored.   If
       unset, compiled-in defaults are used.

              Server to issue a RADB whois query on, given either as hostname,
              or dotted-quad IP address.  Defaults to

              TCP port to connect to on the whois server, given either as name
              or port number.  Defaults to whois.

       The following variables determine how traceroute attempts to extract an
       ASN from the whois reply.

              Each line containing an ASN starts with this tag.   Defaults  to

       The  RADB  may  contain more than one entry for a given IP address.  To
       find out the correct entry, traceroute has to look up the  subnet  that
       is the most specific to this IP.

              Each  line  containing  a  subnet  entry  starts  with this tag.
              Defaults to route:.

              The network IP  and  the  prefix  are  separated  by  this  tag.
              Defaults to /.


       This  is  not  the  standard  version of traceroute (as included in the
       netkit package), but an alternative implementation maintained  by  Ehud
       Gavron.  It  is  based on the Van Jacobson/BSD traceroute, and includes
       additional features  including  AS  lookup,  TOS  support,  microsecond
       timestamps,  path  MTU discovery, and parallel probing.  It is known as
       trACESroute or traceroute-nanog.


       mtr(8), netstat(8), pchar(8), ping(8)


       Please send any bugs to Ehud Gavron <> and/or  report
       them      to      the     Debian     Bug     Tracking     System     at


       TrACESroute is maintained by Ehud Gavron <>.

       The first man page was written by Brian Russo for use with  Debian/GNU,
       and was later rewritten by Daniel Kobras <> and Martin
       A.  Godisch  <>.   Some  parts  are  taken  from   the
       documentation  in the source code.  Still, this man page may be used by