When performing digital reconnaissance or penetrating testing, it's important to fingerprint a network by understanding what servers or devices sit between your system and a target. For example, security professionals can't go straight to attacking a web server without first taking the time to see if there's a firewall in front of it.

This is where the traceroute utility comes in. It can send a packet from your system to the target machine, and list out its entire route for the journey there. This will reveal how many devices your network data is passing through, as well as the IP address of each device.

Kali Linux has another similar reconnaissance utility called mtr, which mostly functions the same as traceroute. In this guide, we'll see how to use traceroute and mtr, along with their various command options, on Kali.

In this tutorial you will learn:
  • How to use traceroute
  • How to use mtr
traceroute on Kali Linux
traceroute on Kali Linux
Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System Kali Linux
Software traceroute, mtr
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

How to use traceroute

If traceroute isn't already installed on your system, open a command line terminal and type the following commands to install it.

$ sudo apt update
$ sudo apt install traceroute

Once it's installed, try running a traceroute to some other system. It can be a device on your network, a web server, or really anything that you're able to connect to, whether it be locally or remotely. Specify the hostname, domain name, or IP address in your command. Note that some traceroute commands require root privileges.

Subscribe to RSS and NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.

$ traceroute linuxconfig.org
traceroute to linuxconfig.org (, 30 hops max, 60 byte packets
 1 (  0.186 ms  0.122 ms  0.097 ms
 2 (  8.717 ms  13.210 ms  13.552 ms
 3 (  13.435 ms  13.413 ms  13.394 ms
 4 (  27.564 ms  27.541 ms  27.662 ms
 5 (  28.760 ms  28.909 ms  29.236 ms
 6  * * *
 7 (  11.810 ms  11.192 ms  13.026 ms
 8  et-3-0-4-100-grtlurem1.net.telefonicaglobalsolutions.com (  25.205 ms  25.186 ms  25.003 ms
 9 (  23.088 ms  23.355 ms  23.333 ms
10 (  22.653 ms  22.631 ms  22.729 ms

A traceroute to linuxconfig.org took 10 hops to reach. You'll notice some asterisks on hop 6, which means that particular device blocked our traceroute. This probably means the device is blocking ICMP, specifically. We can overcome this blocking with traceroute by trying to send different types of packets (i.e. TCP instead of ICMP). Listed below are more options that we can use with traceroute.

The -I option instructs traceroute to use ICMP ECHO packets, which are blocked less frequently, and can usually give you faster results.

$ sudo traceroute -I linuxconfig.org

The -T option will instruct traceroute to use TCP instead of ICMP. This method is used to gather data that's more relevant to a web server.

$ sudo traceroute -T linuxconfig.org

To use IPv4 or IPv6 specifically, use either the -4 or -6 option, respectively.

$ traceroute -4 linuxconfig.org
$ traceroute -6 linuxconfig.org

If you'd like to test a specific port, the -p flag can help with that.

$ traceroute -p 53

By default, packets sent from traceroute have a TTL (time to live) of 30. In other words, if it takes more than 30 hops to reach a destination, the packet is dropped and the traceroute attempt is abandoned. You can change this behavior by specifying a different TTL with the -m command.

$ traceroute -m 60 linuxconfig.org

Note that any of these options can be combined into a single command. For example:

$ sudo traceroute -I -4 -m 60 linuxconfig.org

To see all additional options for traceroute, use the help option.

$ traceroute --help

How to use mtr

If mtr isn't already installed on your system, open a command line terminal and type the following commands to install it.

$ sudo apt update
$ sudo apt install mtr

The simplest way to use mtr is by just specifying a hostname, domain name, or IP address that you want to trace the path to.

$ mtr linuxconfig.org
mtr traceroute to a website
mtr traceroute to a website

You'll see that a new window is brought up, where mtr continues running the traceroute and updating its results in real time. You can think of this as basically a much more interactive version of traceroute. The two utilities function the same, but some users will find mtr easier to use or just nicer to look at.

To forgo this interactive window and keep your results in the terminal, like traceroute does, you can use the -r option.

$ mtr -r linuxconfig.org
mtr command in terminal
mtr command in terminal

To send TCP or UDP packets instead of ICMP ECHO (the default), use the --tcp or --udp flags, respectively.

$ mtr --tcp linuxconfig.org
$ mtr --udp linuxconfig.org

mtr has a lot of other options available, giving you granular control over your traceroute tests. To understand all of them, you can check out the man page, which explains them in detail. Or for the shortened version, just use --help.

$ man mtr
$ mtr --help

Closing Thoughts

In this guide, we saw how to use traceroute on Kali Linux. We also saw how to use mtr, which feels like a more modern and robust version of traceroute. The traceroute utility, as well as mtr, come in handy by helping us understand the network path to a certain device. They can also be used to help test your internet connection. Use these tools to find devices that are sitting between Kali and a target system.

FIND LATEST LINUX JOBS on LinuxCareers.com
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed.
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
Get extra help by visiting our LINUX FORUM or simply use comments below.

Comments and Discussions