diff options
Diffstat (limited to 'upstream/debian-bookworm/man1/traceroute.db.1')
-rw-r--r-- | upstream/debian-bookworm/man1/traceroute.db.1 | 615 |
1 files changed, 615 insertions, 0 deletions
diff --git a/upstream/debian-bookworm/man1/traceroute.db.1 b/upstream/debian-bookworm/man1/traceroute.db.1 new file mode 100644 index 00000000..85f0e482 --- /dev/null +++ b/upstream/debian-bookworm/man1/traceroute.db.1 @@ -0,0 +1,615 @@ +.\" Copyright (c) 2006 Dmitry Butskoy (dmitry@butskoy.name) +.\" License: GPL v2 or any later version +.\" See COPYING for the status of this software +.TH TRACEROUTE 1 "11 October 2006" "Traceroute" "Traceroute For Linux" +.\" .UC 6 +.SH NAME +traceroute \- print the route packets trace to network host +.SH SYNOPSIS +.na +.BR traceroute " [" \-46dFITUnreAV "] [" "\-f first_ttl" "] [" "\-g gate,..." ] +.br +.ti +8 +.BR "" [ "-i device" "] [" "-m max_ttl" "] [" "-p port" "] [" "-s src_addr" ] +.br +.ti +8 +.BR "" [ "-q nqueries" "] [" "-N squeries" "] [" "-t tos" ] +.br +.ti +8 +.BR "" [ "-l flow_label" "] [" "-w waittimes" "] [" "-z sendwait" "] [" "-UL" "] [" "-D" ] +.br +.ti +8 +.BR "" [ "-P proto" "] [" "--sport=port" "] [" "-M method" "] [" "-O mod_options" ] +.br +.ti +8 +.BR "" [ "--mtu" "] [" "--back" ] +.br +.ti +8 +.BR host " [" "packet_len" "]" +.br +.B traceroute6 +.RI " [" options ] +.br +.B tcptraceroute +.RI " [" options ] +.br +.B lft +.RI " [" options ] +.ad +.SH DESCRIPTION +.I traceroute +tracks the route packets taken from an IP network on their +way to a given host. It utilizes the IP protocol's time to live (TTL) field +and attempts to elicit an ICMP TIME_EXCEEDED response from each gateway +along the path to the host. +.P +.I traceroute6 +is equivalent to +.I traceroute +.B \-6 +.P +.I tcptraceroute +is equivalent to +.I traceroute +.B \-T +.P +.I lft +, the Layer Four Traceroute, performs a TCP traceroute, like +.I traceroute +.B \-T +, but attempts to provide compatibility with the original +such implementation, also called "lft". +.PP +The only required parameter is the name or IP address of the +destination +.BR host \ . +The optional +.B packet_len\fR`gth +is the total size of the probing packet (default 60 bytes +for IPv4 and 80 for IPv6). The specified size can be ignored +in some situations or increased up to a minimal value. +.PP +This program attempts to trace the route an IP packet would follow to some +internet host by launching probe +packets with a small ttl (time to live) then listening for an +ICMP "time exceeded" reply from a gateway. We start our probes +with a ttl of one and increase by one until we get an ICMP "port +unreachable" (or TCP reset), which means we got to the "host", or hit a max (which +defaults to 30 hops). Three probes (by default) are sent at each ttl setting +and a line is printed showing the ttl, address of the gateway and +round trip time of each probe. The address can be followed by additional +information when requested. If the probe answers come from +different gateways, the address of each responding system will +be printed. If there is no response within a certain timeout, +an "*" (asterisk) is printed for that probe. +.PP +After the trip time, some additional annotation can be printed: +.BR !H , +.BR !N , +or +.B !P +(host, network or protocol unreachable), +.B !S +(source route failed), +.B !F +(fragmentation needed), +.B !X +(communication administratively prohibited), +.B !V +(host precedence violation), +.B !C +(precedence cutoff in effect), or +.B !<num> +(ICMP unreachable code <num>). +If almost all the probes result in some kind of unreachable, traceroute +will give up and exit. +.PP +We don't want the destination host to process the UDP probe packets, +so the destination port is set to an unlikely value (you can change it with the +.B \-p +flag). There is no such a problem for ICMP or TCP tracerouting (for TCP we +use half-open technique, which prevents our probes to be seen by applications +on the destination host). +.PP +In the modern network environment the traditional traceroute methods +can not be always applicable, because of widespread use of firewalls. +Such firewalls filter the "unlikely" UDP ports, or even ICMP echoes. +To solve this, some additional tracerouting methods are implemented +(including tcp), see +.B LIST OF AVAILABLE METHODS +below. Such methods try to use particular protocol +and source/destination port, in order to bypass firewalls (to be seen +by firewalls just as a start of allowed type of a network session). +.SH OPTIONS +.TP +.B \-\-help +Print help info and exit. +.TP +.BR \-4 ", " \-6 +Explicitly force IPv4 or IPv6 tracerouting. By default, the program +will try to resolve the name given, and choose the appropriate +protocol automatically. If resolving a host name returns both +IPv4 and IPv6 addresses, +.I traceroute +will use IPv4. +.TP +.B \-I, \-\-icmp +Use ICMP ECHO for probes +.TP +.B \-T, \-\-tcp +Use TCP SYN for probes +.TP +.B \-d, --debug +Enable socket level debugging (when the Linux kernel supports it) +.TP +.B \-F, --dont-fragment +Do not fragment probe packets. (For IPv4 it also sets DF bit, which tells +intermediate routers not to fragment remotely as well). +.br + +.br +Varying the size of the probing packet by the +.B packet_len +command line parameter, you can manually obtain information +about the MTU of individual network hops. The +.B \--mtu +option (see below) tries to do this automatically. +.br + +.br +Note, that non-fragmented features (like +.B \-F +or +.B \--mtu\fR) +work properly since the Linux kernel 2.6.22 only. +Before that version, IPv6 was always fragmented, IPv4 could use +the once the discovered final mtu only (from the route cache), which can be +less than the actual mtu of a device. +.TP +.BI \-f " first_ttl" ", --first=" first_ttl +Specifies with what TTL to start. Defaults to 1. +.TP +.BI \-g " gateway" ", --gateway=" gateway +Tells traceroute to add an IP source routing option to the outgoing +packet that tells the network to route the packet through the +specified +.I gateway +(most routers have disabled source routing for security reasons). +In general, several +.IR gateway 's +is allowed (comma separated). For IPv6, the form of +.IB num , addr , addr... +is allowed, where +.I num +is a route header type (default is type 2). Note the type 0 route header +is now deprecated (rfc5095). +.TP +.BI \-i " interface" ", --interface=" interface +Specifies the interface through which +.I traceroute +should send packets. By default, the interface is selected +according to the routing table. +.TP +.BI \-m " max_ttl" ", --max-hops=" max_ttl +Specifies the maximum number of hops (max time-to-live value) +.I traceroute +will probe. The default is 30. +.TP +.BI \-N " squeries" ", --sim-queries=" squeries +Specifies the number of probe packets sent out simultaneously. +Sending several probes concurrently can speed up +.I traceroute +considerably. The default value is 16. +.br +Note that some routers and hosts can use ICMP rate throttling. In such +a situation specifying too large number can lead to loss of some responses. +.TP +.B \-n +Do not try to map IP addresses to host names when displaying them. +.TP +.BI \-p " port" ", --port=" port +For UDP tracing, specifies the destination port base +.I traceroute +will use (the destination port number will be incremented by each probe). +.br +For ICMP tracing, specifies the initial ICMP sequence value (incremented +by each probe too). +.br +For TCP and others specifies just the (constant) destination +port to connect. When using the tcptraceroute wrapper, +\-p specifies the source port. +.TP +.BI \-t " tos" ", --tos=" tos +For IPv4, set the Type of Service (TOS) and Precedence value. Useful values +are 16 (low delay) and 8 (high throughput). Note that in order to use +some TOS precedence values, you have to be super user. +.br +For IPv6, set the Traffic Control value. +.TP +.BI \-l " flow_label" ", --flowlabel=" flow_label +Use specified flow_label for IPv6 packets. +.TP +.BI \-w " max\fR[\fB,\fIhere\fB,\fInear\fR]" ", --wait=" max\fR[\fB,\fIhere\fB,\fInear\fR] +Determines how long to wait for a response to a probe. +.br + +.br +There are three (in general) float values separated by a comma +(or a slash). +.I Max +specifies the maximum time (in seconds, default 5.0) to wait, in any case. +.br + +.br +Traditional traceroute implementation always waited whole +.I max +seconds for any probe. But if we already have some replies from the +.B same +hop, or even from some +.B next +hop, we can use the round trip time of such a reply as a hint +to determine the actual reasonable amount of time to wait. +.br + +.br +The optional +.I here +(default 3.0) specifies a factor to multiply the round trip time of an already +received response from the +.B same +hop. The resulting value is used as a timeout for the probe, instead of +(but no more than) +.IR max . +The optional +.I near +(default 10.0) specifies a similar factor for a response from some +.B next +hop. +(The time of the first found result is used in both cases). +.br + +.br +First, we look for the +.B same +hop (of the probe which will be printed first from now). +If nothing found, then look for some +.B next +hop. If nothing found, use +.IR max . +If +.I here +and/or +.I near +have zero values, the corresponding computation is skipped. +.br +.I Here +and +.I near +are always set to zero if only +.I max +is specified (for compatibility with previous versions). +.TP +.BI \-q " nqueries" ", --queries=" nqueries +Sets the number of probe packets per hop. The default is 3. +.TP +.B \-r +Bypass the normal routing tables and send directly to a host on +an attached network. If the host is not on a directly-attached +network, an error is returned. This option can be used to ping a +local host through an interface that has no route through it. +.TP +.BI \-s " source_addr" ", --source=" source_addr +Chooses an alternative source address. Note that you must select the +address of one of the interfaces. +By default, the address of the outgoing interface is used. +.TP +.BI \-z " sendwait" ", --sendwait=" sendwait +Minimal time interval between probes (default 0). +If the value is more than 10, then it specifies a number in milliseconds, +else it is a number of seconds (float point values allowed too). +Useful when some routers use rate-limit for ICMP messages. +.TP +.B \-e, \-\-extensions +Show ICMP extensions (rfc4884). The general form is +.I CLASS\fB/\fITYPE\fB: +followed by a hexadecimal dump. +The MPLS (rfc4950) is shown parsed, in a form: +.B MPLS:L=\fIlabel\fB,E=\fIexp_use\fB,S=\fIstack_bottom\fB,T=\fITTL +(more objects separated by +.B / +). +.TP +.B \-A, \-\-as\-path\-lookups +Perform AS path lookups in routing registries and print results +directly after the corresponding addresses. +.TP +.B \-V, \-\-version +Print the version and exit. +.br +.P +There are additional options intended for advanced usage +(such as alternate trace methods etc.): +.TP +.B \--sport\fR=\fIport +Chooses the source port to use. Implies +.B \-N\ 1\fR\ -w\ 5 . +Normally source ports (if applicable) are chosen by the system. +.TP +.B \--fwmark\fR=\fImark +Set the firewall mark for outgoing packets (since the Linux kernel 2.6.25). +.TP +.BI \-M " method" ", --module=" name +Use specified method for traceroute operations. Default traditional udp method +has name +.IR default , +icmp +.BR "" ( "-I" ) " +and tcp +.BR "" ( "-T" ) " +have names +.I icmp +and +.I tcp +respectively. +.br +Method-specific options can be passed by +.BR \-O\ . +Most methods have their simple shortcuts, +.BR "" ( "-I " means " -M icmp" , +etc). +.TP +.BI \-O " option" ", --options=" options +Specifies some method-specific option. Several options are separated by comma (or use several +.B \-O +on cmdline). +Each method may have its own specific options, or many not have them at all. +To print information about available options, use +.BR \-O\ help . +.TP +.B \-U, \-\-udp +Use UDP to particular destination port for tracerouting (instead of increasing +the port per each probe). Default port is 53 (dns). +.TP +.B \-UL +Use UDPLITE for tracerouting (default port is 53). +.TP +.B \-D, \-\-dccp +Use DCCP Requests for probes. +.TP +.BI \-P " protocol" ", --protocol=" protocol +Use raw packet of specified protocol for tracerouting. Default protocol is +253 (rfc3692). +.TP +.B \-\-mtu +Discover MTU along the path being traced. Implies +.BR \-F\ \-N\ 1 . +New +.I mtu +is printed once in a form of +.B F=\fINUM +at the first probe of a hop which requires such +.I mtu +to be reached. (Actually, the correspond "frag needed" icmp message +normally is sent by the previous hop). +.br + +.br +Note, that some routers might cache once the seen information +on a fragmentation. Thus you can receive the final mtu from a closer hop. +Try to specify an unusual +.I tos +by +.B \-t +, this can help for one attempt (then it can be cached there as well). +.br +See +.B \-F +option for more info. +.TP +.B \-\-back +Print the number of backward hops when it seems different with the forward +direction. This number is guessed in assumption that remote hops send reply +packets with initial ttl set to either 64, or 128 or 255 (which seems +a common practice). It is printed as a negate value in a form of '-NUM' . +.SH LIST OF AVAILABLE METHODS +In general, a particular traceroute method may have to be chosen by +.BR \-M\ name , +but most of the methods have their simple cmdline switches +(you can see them after the method name, if present). +.SS default +The traditional, ancient method of tracerouting. Used by default. +.P +Probe packets are udp datagrams with so-called "unlikely" destination ports. +The "unlikely" port of the first probe is 33434, then for each next probe +it is incremented by one. Since the ports are expected to be unused, +the destination host normally returns "icmp unreach port" as a final response. +(Nobody knows what happens when some application listens for such ports, +though). +.P +This method is allowed for unprivileged users. +.SS icmp \ \ \ \-I +Most usual method for now, which uses icmp echo packets for probes. +.br +If you can ping(8) the destination host, icmp tracerouting is applicable +as well. +.P +This method may be allowed for unprivileged users +since the kernel 3.0 (IPv4, for IPv6 since 3.11), which supports new +.I dgram icmp +(or +.RI """" ping """)" +sockets. To allow such sockets, sysadmin should provide +.I net/ipv4/ping_group_range +sysctl range to match any group of the user. +.br +Options: +.TP +.B raw +Use only raw sockets (the traditional way). +.br +This way is tried first by default (for compatibility reasons), +then new dgram icmp sockets as fallback. +.TP +.B dgram +Use only dgram icmp sockets. +.SS tcp \ \ \ \ \-T +Well-known modern method, intended to bypass firewalls. +.br +Uses the constant destination port (default is 80, http). +.P +If some filters are present in the network path, then most probably +any "unlikely" udp ports (as for +.I default +method) or even icmp echoes (as for +.IR icmp ) +are filtered, and whole tracerouting will just stop at such a firewall. +To bypass a network filter, we have to use only allowed protocol/port +combinations. If we trace for some, say, mailserver, then more likely +.B \-T \-p 25 +can reach it, even when +.B \-I +can not. +.P +This method uses well-known "half-open technique", which prevents +applications on the destination host from seeing our probes at all. +Normally, a tcp syn is sent. For non-listened ports we receive tcp reset, +and all is done. For active listening ports we receive tcp syn+ack, but +answer by tcp reset (instead of expected tcp ack), this way the remote tcp +session is dropped even without the application ever taking notice. +.P +There is a couple of options for +.I tcp +method: +.TP +.B syn,ack,fin,rst,psh,urg,ece,cwr +Sets specified tcp flags for probe packet, in any combination. +.TP +.B flags\fR=\fInum +Sets the flags field in the tcp header exactly to +.IR num . +.TP +.B ecn +Send syn packet with tcp flags ECE and CWR (for Explicit Congestion +Notification, rfc3168). +.TP +.B sack,timestamps,window_scaling +Use the corresponding tcp header option in the outgoing probe packet. +.TP +.B sysctl +Use current sysctl +.IR "" ( "/proc/sys/net/*" ) +setting for the tcp header options above and +.BR ecn . +Always set by default, if nothing else specified. +.TP +.B mss\fR=\fInum +Use value of +.I num +for maxseg tcp header option (when +.BR syn ). +.TP +.B info +Print tcp flags of final tcp replies when the target host is reached. +Allows to determine whether an application listens the port and +other useful things. +.P +Default options is +.BR syn,sysctl . +.SS tcpconn +An initial implementation of tcp method, simple using connect(2) call, +which does full tcp session opening. Not recommended for normal use, because +a destination application is always affected (and can be confused). +.SS udp \ \ \ \ \-U +Use udp datagram with constant destination port (default 53, dns). +.br +Intended to bypass firewall as well. +.P +Note, that unlike in +.I tcp +method, the correspond application on the destination host +.B always +receive our probes (with random data), and most can easily be confused +by them. Most cases it will not respond to our packets though, so we will never +see the final hop in the trace. (Fortunately, it seems that at least +dns servers replies with something angry). +.P +This method is allowed for unprivileged users. +.SS udplite \ \ \-UL +Use udplite datagram for probes (with constant destination port, +default 53). +.P +This method is allowed for unprivileged users. +.br +Options: +.TP +.B coverage\fR=\fInum +Set udplite send coverage to +.IR num . +.SS dccp \ \ \-D +Use DCCP Request packets for probes (rfc4340). +.P +This method uses the same "half-open technique" as used for TCP. +The default destination port is 33434. +.P +Options: +.TP +.B service\fR=\fInum +Set DCCP service code to +.I num +(default is 1885957735). +.SS raw \ \ \ \ \-P proto +Send raw packet of protocol +.IR proto . +.br +No protocol-specific headers are used, just IP header only. +.br +Implies +.B \-N\ 1\fR\ -w\ 5 . +.br +Options: +.TP +.B protocol\fR=\fIproto +Use IP protocol +.I proto +(default 253). +.SH NOTES +.PP +To speed up work, normally several probes are sent simultaneously. +On the other hand, it creates a "storm of packages", especially +in the reply direction. Routers can throttle the rate of icmp responses, +and some of replies can be lost. To avoid this, decrease the number +of simultaneous probes, or even set it to 1 (like in initial traceroute +implementation), i.e. +.B \-N 1 +.PP +The final (target) host can drop some of the simultaneous probes, +and might even answer only the latest ones. It can lead to extra +"looks like expired" hops near the final hop. We use a smart algorithm +to auto-detect such a situation, but if it cannot help in your case, just use +.B \-N 1 +too. +.PP +For even greater stability you can slow down the program's work by +.B \-z +option, for example use +.B \-z 0.5 +for half-second pause between probes. +.PP +To avoid an extra waiting, we use adaptive algorithm for timeouts (see +.B \-w +option for more info). It can lead to premature expiry +(especially when response times differ at times) and printing "*" +instead of a time. In such a case, switch this algorithm off, by specifying +.B \-w +with the desired timeout only (for example, +.B \-w 5\fR). +.PP +If some hops report nothing for every method, the last chance to obtain +something is to use +.B ping -R +command (IPv4, and for nearest 8 hops only). +.SH SEE ALSO +.BR ping (8), +.BR ping6 (8), +.BR tcpdump (8), +.BR netstat (8) |