Network troubleshooting almost always begins with ping. Ping tells you if the path is there; in other words, whether packets can travel from the local system to a remote node. The
tracepath utilities tell you what the path is—how the packets are getting from here to there.
traceroute command has been around for a very long time, and it's a powerful tool. However, the
tracepath utility receives a lot of attention. How are they different?
Most documentation simply states that
tracepath does not require root privileges to run, and
traceroute does (or some
traceroute options require root). But what's the real difference, why might root be needed, and which tool should you select?
What is traceroute?
The power of the
traceroute command lies in its flexibility and ability to initiate custom network tests using various protocols. In fact,
traceroute can directly manipulate network packets—and there's the problem. Doing so requires root privileges because malformed or malicious packets are a danger to the network.
traceroute command can also send Transmission Control Protocol (TCP), User Datagram Protocol (UDP), and Internet Control Message Protocol (ICMP) packets. In theory, ICMP packets could be part of a DDoS attack and are therefore restricted. It can also pass IPv4 or IPv6 packets.
These features make
traceroute more robust than
tracepath, but at the cost of sometimes requiring root authentication.
traceroute features rely on the sockets API, which does not need root privileges. In other words, standard users may be able to use the
traceroute command, but if they try anything too complex, they'll be challenged for credentials.
[ Free cheat sheet: Get a list of Linux utilities and commands for managing servers and networks. ]
traceroute's syntax is straightforward; just issue the command and point it to an IP address or name (assuming name resolution is in place):
$ traceroute 192.168.1.101
However, more advanced features require the use of
$ sudo traceroute [-OPTIONS] 192.168.1.101
How to interpret traceroute's output
The first column in
traceroute's output is the hop number (hops refer to the router). If it takes five hops to get to the destination, there will be five lines in the output. The second column is the resolved name or IP address of the router
traceroute is passing through. The final group of three columns are round-trip times (RTT) from the host to the router, and they're tested three times.
What is tracepath?
tracepath tool lacks the more advanced features of its fellow application. More specifically, its features rely only on the sockets API, use UDP, and cannot manipulate packets. It does not require root privileges and is a great option for gathering basic network information. In most troubleshooting scenarios,
tracepath should provide plenty of capability. Like
tracepath relies on the
-6 option to send IPv6 packets exclusively.
tracepath syntax is simple. For a basic trace to server01 on a remote segment, type:
$ tracepath server01
There are a few interesting
tracepath options. To set a specific initial destination port, type:
$ tracepath -p 8080 server01
Or to define the maximum number of hops, run:
$ tracepath -m 42 server01
Finally, to disable name resolution for the hosts along the path, enter:
$ tracepath -n server01
How to interpret tracepath's output
The first column is the hop number. The second column displays the router's resolved name or IP address. The final column shows the RTT (only once, whereas
traceroute tested with three packets). The output also displays Message Transfer Unit (MTU) size.
I've found that most uses of network tracing are pretty straightforward and don't require the advanced features that
traceroute offers. Therefore,
tracepath is probably good enough for most instances.
It's nice to be able to send a network troubleshooter to a workstation to check network connectivity without granting root privileges. I suggest getting in the habit of using
tracepath most of the time and showing your fellow Linux users and basic network techs its simplicity.