Linux – What’s going on with traceroute

linuxnetworkingnmap

The following is what happens when I run traceroute from a certain location:

# traceroute google.com
traceroute to google.com (74.125.227.39), 30 hops max, 60 byte packets
 1  gateway.local.enactpc.com (10.0.0.1)  0.138 ms  0.101 ms  0.084 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Absolutely nothing of interest…

Now, originally I thought this was just a fact of the location's network set up. (I assume they block pings or something…)

However, watch what happens when I use nmap to run a traceroute…

# nmap -sP --traceroute google.com

Starting Nmap 5.21 ( http://nmap.org ) at 2012-09-25 22:18 CDT
Nmap scan report for google.com (74.125.227.40)
Host is up (0.034s latency).
Hostname google.com resolves to 11 IPs. Only scanned 74.125.227.40
rDNS record for 74.125.227.40: dfw06s06-in-f8.1e100.net

TRACEROUTE (using proto 1/icmp)
HOP RTT      ADDRESS
1   0.19 ms  gateway.local.enactpc.com (10.0.0.1)
2   1.93 ms  99-20-92-1.lightspeed.austtx.sbcglobal.net (99.20.92.1)
3   25.61 ms 99-20-92-2.lightspeed.austtx.sbcglobal.net (99.20.92.2)
4   ... 6
7   23.68 ms 12.83.68.137
8   31.30 ms gar23.dlstx.ip.att.net (12.122.85.73)
9   ...
10  31.82 ms 72.14.233.65
11  32.27 ms 209.85.250.77
12  32.98 ms dfw06s06-in-f8.1e100.net (74.125.227.40)

Nmap done: 1 IP address (1 host up) scanned in 3.29 seconds

When using nmap I get A LOT more results than with traceroute, why?

Note, I checked, and the difference in target IP addresses is not related…

Edit:

$ sudo traceroute -I google.com
[sudo] password for XXX: 
traceroute to google.com (74.125.227.14), 30 hops max, 60 byte packets
 1  gateway.local.enactpc.com (10.0.0.1)  0.151 ms  0.132 ms  0.121 ms
 2  * * *
 3  99-20-92-2.lightspeed.austtx.sbcglobal.net (99.20.92.2)  27.277 ms  27.661 ms  27.666 ms
 4  * * *
 5  * * *
 6  * * *
 7  12.83.68.137 (12.83.68.137)  28.446 ms  24.024 ms  24.689 ms
 8  gar23.dlstx.ip.att.net (12.122.85.73)  62.576 ms  61.079 ms  38.973 ms
 9  * * *
10  72.14.233.65 (72.14.233.65)  32.226 ms  31.343 ms  100.206 ms
11  216.239.47.54 (216.239.47.54)  33.117 ms  31.809 ms  32.469 ms
12  dfw06s03-in-f14.1e100.net (74.125.227.14)  32.307 ms  31.807 ms  32.554 ms

Best Answer

I would guess that it's because traceroute is using UDP by default, whereas nmap is perhaps using plain ICMP (like tracert in Windows). Try quanta's suggestion but use the -I switch instead, i.e.

sudo traceroute -I google.com
Related Topic