In general, a particular traceroute method may have to be chosen
by -M name
, but most of the methods have their simple cmdline
switches (you can see them after the method name, if present).
default
The traditional, ancient method of tracerouting. Used by default.
Probe packets are udp datagrams with so-called "unlikely"
destination ports. The "unlikely" port of the first probe is
33434, then for each next probe it is incremented by one. Since
the ports are expected to be unused, the destination host
normally returns "icmp unreach port" as a final response.
(Nobody knows what happens when some application listens for such
ports, though).
This method is allowed for unprivileged users.
icmp -I
Most usual method for now, which uses icmp echo packets for
probes.
If you can ping(8) the destination host, icmp tracerouting is
applicable as well.
This method may be allowed for unprivileged users since the
kernel 3.0 (IPv4, for IPv6 since 3.11), which supports new dgram
icmp (or "ping") sockets. To allow such sockets, sysadmin should
provide net/ipv4/ping_group_range sysctl range to match any group
of the user.
Options:
raw
Use only raw sockets (the traditional way).
This way is tried first by default (for compatibility
reasons), then new dgram icmp sockets as fallback.
dgram
Use only dgram icmp sockets.
tcp -T
Well-known modern method, intended to bypass firewalls.
Uses the constant destination port (default is 80, http).
If some filters are present in the network path, then most
probably any "unlikely" udp ports (as for default method) or even
icmp echoes (as for icmp) are filtered, and whole tracerouting
will just stop at such a firewall. To bypass a network filter,
we have to use only allowed protocol/port combinations. If we
trace for some, say, mailserver, then more likely -T -p 25
can
reach it, even when -I
can not.
This method uses well-known "half-open technique", which prevents
applications on the destination host from seeing our probes at
all. Normally, a tcp syn is sent. For non-listened ports we
receive tcp reset, and all is done. For active listening ports we
receive tcp syn+ack, but answer by tcp reset (instead of expected
tcp ack), this way the remote tcp session is dropped even without
the application ever taking notice.
There is a couple of options for tcp method:
syn,ack,fin,rst,psh,urg,ece,cwr
Sets specified tcp flags for probe packet, in any
combination.
flags
=num
Sets the flags field in the tcp header exactly to num.
ecn
Send syn packet with tcp flags ECE and CWR (for Explicit
Congestion Notification, rfc3168).
sack,timestamps,window_scaling
Use the corresponding tcp header option in the outgoing
probe packet.
sysctl
Use current sysctl (/proc/sys/net/*) setting for the tcp
header options above and ecn
. Always set by default, if
nothing else specified.
mss
=num
Use value of num for maxseg tcp header option (when syn
).
info
Print tcp flags of final tcp replies when the target host
is reached. Allows to determine whether an application
listens the port and other useful things.
Default options is syn,sysctl
.
tcpconn
An initial implementation of tcp method, simple using connect(2)
call, which does full tcp session opening. Not recommended for
normal use, because a destination application is always affected
(and can be confused).
udp -U
Use udp datagram with constant destination port (default 53,
dns).
Intended to bypass firewall as well.
Note, that unlike in tcp method, the correspond application on
the destination host always
receive our probes (with random
data), and most can easily be confused by them. Most cases it
will not respond to our packets though, so we will never see the
final hop in the trace. (Fortunately, it seems that at least dns
servers replies with something angry).
This method is allowed for unprivileged users.
udplite -UL
Use udplite datagram for probes (with constant destination port,
default 53).
This method is allowed for unprivileged users.
Options:
coverage
=num
Set udplite send coverage to num.
dccp -D
Use DCCP Request packets for probes (rfc4340).
This method uses the same "half-open technique" as used for TCP.
The default destination port is 33434.
Options:
service
=num
Set DCCP service code to num (default is 1885957735).
raw -P proto
Send raw packet of protocol proto.
No protocol-specific headers are used, just IP header only.
Implies -N 1
-w 5 .
Options:
protocol
=proto
Use IP protocol proto (default 253).