Linux and Windows both have “traceroute” tools. The only real difference is Linux has more options for its tool, and Linux uses “traceroute” as the command line action and Windows uses “tracert.” Whether you have a Linux or a Windows machine, there may be a time you need to check your Internet connection. You could still have an Internet connection but unable to connect to a site. Your connection might be slow. You might able to connect with one network computer and not the other. Part of the troubleshooting steps you can take is using the traceroute command line tool.
Understanding How the Internet is Connected
Before you dive into the traceroute command, it helps to know how the Internet is connected. The Internet is basically one huge network. The main difference between the Internet and your private network is that the Internet gives access to the public. Other than paying for your Internet connection, you can access other computers (web servers) without any type of permissions. Of course, the web server administrator must give you access to the web server, but it’s usually done by allowing access to the typical web port (port 80) and allowing a user on the server to act as “anonymous.”
There are other factors that secure the web server. You then need to connect these web servers. Web servers and the Internet as a whole are connected using routers. Routers are similar to traffic lights. An Internet data packet bound to a specific destination “hops” to the next router outside of your network. The router reviews the destination IP address and then sends the packet to the next “hop.” Each router is considered a hop, and the amount of hops is displayed in the traceroute command utility. Since IP packets are chopped up into several packets, you can have hundreds of packets that hit the same router and travel to the next router. Your data packets continue to hop until they reach the intended destination. The destination computer reads these packets, reviews the sequence number, and reconstructs the full message based off of the sequence number. If any of these packets drop, your message is corrupted. Dropped packets can mean a number of problems, but the traceroute utility helps you identify if you are losing packets and have a shaky Internet connection.
Running a Traceroute
Linux offers several options when running the traceroute command, but you can run it without any switches and just do a basic trace from your computer to a host machine. The following is a basic traceroute command:
In the above command, you do a trace between your machine and the “udemy.com” host. In this command, “udemy.com” is translated to its corresponding host IP address. You can also use the host IP address and skip the DNS translation. However, if you’re having Internet connection problems, you might have a hard time getting the IP address, especially if the issue with your Internet connection is the DNS server.
After you run the utility, you’ll see a print out with each line looking like the following:
2 48 ms 55 ms 57 ms he-2-8-8-8-cr01.56marrietta.ibone.comcast.net [188.8.131.52]
The first number in the row is the hop number. This hop number is “2” but typically the backbone Comcast network hop is farther down the list.
The next three millisecond values determine the time it takes for a round trip. You might see this number labeled as “RTT” or round trip time. The traceroute utility sends out a “ping” command and logs the amount of time it takes to leave your computer and then come back. In this example, the ping time is too high. Of course, the ping time depends on your ISP, your internal network and the distance it takes to reach the next hop. All three of these numbers can be averaged. You should see a similar value for each hop. If you see huge variances in these three numbers, you might have intermittent connectivity problems.
Finally, the last column in the response is the target router or “hop” address. This hop is typically a router, but technically you could have another server act as a router. It’s not unusual for internal networks to have a computer acting as some kind of router, but routers are not as expensive as they once were.
Identifying Connection Issues
If your connection is working well, you will see a hop response for each hop. If you have connection issues, you start dropping packets. A good indication that you have connection issues is using traceroute. Traceroute starts to display timeouts when it can’t reach a hop. Unfortunately, if you receive timeouts for a router that’s too far up the connection tree, you won’t be able to do anything about it. If a router goes bad, an ISP or backbone network can redirect traffic to skip the bad router. When routers go bad, it affects thousands of users (sometimes more), so it’s usually considered a critical issue when a main router goes bad.
You can also sometimes see an asterisk in place of a response. This isn’t always an issue. It typically means a firewall is blocking the “ping” command. Some routers are configured to reject ping responses to protect from ping floods. If the router rejects the ping command, you see asterisks in place of the millisecond responses. If nothing is wrong, the traceroute program will continue to send hops to the next router. If a problem exists, you’ll get a list of asterisks with timeouts and packet lost.
After you figure out your connection issues with traceroute, you can move on to other packet analyzers. Sometimes, a simple reboot on your router will do the trick. If it’s a DNS server issue and your ISP changes your DNS server, a router reboot might be all you need. You can’t control external routers, but you can understand why you aren’t able to connect to the Internet. You can also call your ISP if you detect something is wrong, but one router supports thousands of users, so the ISP usually detects a problem when it’s a system-wide issue.