Traceroute vs. tracepath: What's the difference?

Network troubleshooting almost always begins with ping. Ping tells you if the path is there; in other words, whether packets can travel from the local system to a remote node. The traceroute and tracepath utilities tell you what the path is—how the packets are getting from here to there.

The traceroute command has been around for a very long time, and it's a powerful tool. However, the tracepath utility receives a lot of attention. How are they different?

Most documentation simply states that tracepath does not require root privileges to run, and traceroute does (or some traceroute options require root). But what's the real difference, why might root be needed, and which tool should you select?

What is traceroute?

The power of the traceroute command lies in its flexibility and ability to initiate custom network tests using various protocols. In fact, traceroute can directly manipulate network packets—and there's the problem. Doing so requires root privileges because malformed or malicious packets are a danger to the network.

The traceroute command can also send Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) packets. In theory, ICMP packets could be part of a DDoS attack and are therefore restricted. It can also pass IPv4 or IPv6 packets.

These features make traceroute more robust than tracepath, but at the cost of sometimes requiring root authentication.

Other traceroute features rely on the sockets API, which does not need root privileges. In other words, standard users may be able to use the traceroute command, but if they try anything too complex, they'll be challenged for credentials.

[ Free cheat sheet: Get a list of Linux utilities and commands for managing servers and networks. ]

traceroute's syntax is straightforward; just issue the command and point it to an IP address or name (assuming name resolution is in place):

$ traceroute 192.168.1.101

However, more advanced features require the use of sudo:

$ sudo traceroute [-OPTIONS] 192.168.1.101

How to interpret traceroute's output

The first column in traceroute's output is the hop number (hops refer to the router). If it takes five hops to get to the destination, there will be five lines in the output. The second column is the resolved name or IP address of the router traceroute is passing through. The final group of three columns are round-trip times (RTT) from the host to the router, and they're tested three times.

What is tracepath?

The tracepath tool lacks the more advanced features of its fellow application. More specifically, its features rely only on the sockets API, use UDP, and cannot manipulate packets. It does not require root privileges and is a great option for gathering basic network information. In most troubleshooting scenarios, tracepath should provide plenty of capability. Like traceroute, tracepath relies on the -6 option to send IPv6 packets exclusively.

The tracepath syntax is simple. For a basic trace to server01 on a remote segment, type:

$ tracepath server01

There are a few interesting tracepath options. To set a specific initial destination port, type:

$ tracepath -p 8080 server01

Or to define the maximum number of hops, run:

$ tracepath -m 42 server01

Finally, to disable name resolution for the hosts along the path, enter:

$ tracepath -n server01

How to interpret tracepath's output

The first column is the hop number. The second column displays the router's resolved name or IP address. The final column shows the RTT (only once, whereas traceroute tested with three packets). The output also displays Message Transfer Unit (MTU) size.

Wrap up

I've found that most uses of network tracing are pretty straightforward and don't require the advanced features that traceroute offers. Therefore, tracepath is probably good enough for most instances.

It's nice to be able to send a network troubleshooter to a workstation to check network connectivity without granting root privileges. I suggest getting in the habit of using tracepath most of the time and showing your fellow Linux users and basic network techs its simplicity.