MTR (My Traceroute): Network Diagnostic Tool Deep Dive#

What is MTR?#

MTR (My Traceroute) is a network diagnostic tool that combines the functionality of traceroute and ping in a single program. It provides real-time network path analysis and performance statistics, making it an essential tool for network administrators and developers.

Key Features:#

  • Real-time network path visualization
  • Packet loss and latency statistics for each hop
  • Combines traceroute and ping functionality
  • Multiple protocol support (ICMP, UDP, TCP)
  • Interactive and report modes
  • Cross-platform availability

Quick Start: How to Use MTR#

Installation# 

# macOS
brew install mtr

# Ubuntu/Debian
sudo apt-get install mtr

# CentOS/RHEL
sudo yum install mtr

# Arch Linux
sudo pacman -S mtr

Basic Usage# 

# Simple traceroute to a website
mtr google.com

# Traceroute to an IP address
mtr 8.8.8.8

# Non-interactive report mode
mtr --report --report-cycles 10 google.com

Common Commands# 

# Test with different protocols
mtr --tcp google.com          # Use TCP instead of ICMP
mtr --udp google.com          # Use UDP instead of ICMP

# Customize packet size and timeout
mtr -s 1000 google.com        # 1000 byte packets
mtr -w 5 google.com           # 5 second timeout

# Show both hostnames and IPs
mtr -b google.com

# Generate CSV report
mtr --report --report-cycles 20 --csv google.com > report.csv

Understanding MTR Output#

Reading the Results# 

HOST: example.com                    Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- 192.168.1.1                  0.0%    10    0.5    0.5   0.4   0.6   0.1
  2.|-- 10.0.0.1                     0.0%    10    1.2    1.3   1.1   1.5   0.1
  3.|-- 203.0.113.1                  0.0%    10   15.2   15.1  14.8  15.5   0.2
  4.|-- 198.51.100.1                 0.0%    10   16.8   16.9  16.5  17.2   0.2
  5.|-- example.com                  0.0%    10   17.1   17.0  16.8  17.3   0.2

Field Explanations:

  • Loss%: Packet loss percentage for this hop
  • Snt: Number of packets sent
  • Last: Last packet’s round-trip time (RTT)
  • Avg: Average round-trip time
  • Best: Best round-trip time
  • Wrst: Worst round-trip time
  • StDev: Standard deviation of RTT

What the Symbols Mean#

  • |-- : Normal hop (packet reached this router)
  • |?? : No response (timeout or packet loss)
  • |!! : Error in response

Testing Network Connectivity#

For IP Addresses# 

# Test connectivity to a specific IP
mtr 192.168.1.100

# Test with different protocols
mtr --tcp 192.168.1.100
mtr --udp 192.168.1.100

For Port Testing#

Since MTR operates at the network layer, it doesn’t test specific ports directly. Here’s the recommended workflow:

# Step 1: Check the network path first
mtr --report --report-cycles 10 your-server.com

# Step 2: Test specific port connectivity
nc -zv your-server.com 443        # Test HTTPS port
telnet your-server.com 22         # Test SSH port
curl -I https://your-server.com   # Test HTTP/HTTPS

# Step 3: Test with application-specific tools
nmap -p 80,443 your-server.com    # Port scan

Advanced Usage Scenarios#

Network Troubleshooting# 

# Check for packet loss
mtr --report --report-cycles 50 google.com

# Test with different packet sizes
mtr -s 64 google.com    # Small packets
mtr -s 1500 google.com  # Large packets (MTU size)

# Test specific network interface
mtr -i eth0 google.com

Monitoring and Reporting# 

# Generate detailed report
mtr --report --report-cycles 20 --csv google.com > network_report.csv

# Test multiple destinations
for host in google.com cloudflare.com 8.8.8.8; do
    echo "Testing $host:"
    mtr --report --report-cycles 5 $host
    echo "---"
done

Common Issues and Solutions#

ICMP Blocked# 

# If ICMP is blocked, try UDP
mtr --udp google.com

# Or try TCP
mtr --tcp google.com

High Latency#

  • Check for network congestion
  • Look for asymmetric routing
  • Verify DNS resolution times

No Response from Hops#

  • Router might not respond to ICMP
  • Firewall blocking responses
  • Network configuration issues

How MTR Works: Technical Deep Dive#

Underlying Protocols#

MTR operates at the Network Layer (Layer 3) and can use several protocols:

1. ICMP (Internet Control Message Protocol) - Default#

  • Uses ICMP Echo Request/Reply messages
  • Similar to ping but with TTL manipulation
  • Most common and efficient method

2. UDP (User Datagram Protocol)#

  • Alternative when ICMP is blocked
  • Uses high port numbers (typically 33434-33534)
  • Relies on ICMP “Port Unreachable” responses

3. TCP (Transmission Control Protocol)#

  • Simulates actual application traffic
  • Useful for testing specific services
  • More realistic for application-layer testing

TTL (Time To Live) Mechanism#

This is the core of how MTR works:

  1. TTL = 1: Packet reaches first router, gets discarded, router sends ICMP “Time Exceeded”
  2. TTL = 2: Packet reaches second router, gets discarded, router sends ICMP “Time Exceeded”
  3. TTL = 3: Packet reaches third router, and so on…

Each hop reveals itself by sending back an error message when the TTL expires.

System Calls and Implementation#

MTR uses several critical system calls:

Socket Operations# 

// Create raw socket for ICMP
int sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);

// Create UDP socket
int sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);

// Create TCP socket
int sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

Key System Calls:#

  1. socket() - Create network socket
  2. setsockopt() - Configure socket options (TTL, timeout)
  3. sendto() - Send packets
  4. recvfrom() - Receive responses
  5. select() or poll() - Wait for socket events
  6. gettimeofday() - Timestamp packets
  7. gethostbyname() - DNS resolution

TTL Manipulation# 

// Set TTL for outgoing packets
int ttl = hop_number;
setsockopt(sock, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl));

Network Implementation Details#

Packet Structure#

ICMP Packet Structure:

IP Header (20 bytes)
├── Version (4 bits)
├── IHL (4 bits)
├── Type of Service (8 bits)
├── Total Length (16 bits)
├── Identification (16 bits)
├── Flags (3 bits)
├── Fragment Offset (13 bits)
├── TTL (8 bits) ← Key field for hop discovery
├── Protocol (8 bits) = 1 (ICMP)
├── Header Checksum (16 bits)
├── Source IP (32 bits)
└── Destination IP (32 bits)

ICMP Header (8 bytes)
├── Type (8 bits) = 8 (Echo Request)
├── Code (8 bits) = 0
├── Checksum (16 bits)
├── Identifier (16 bits)
└── Sequence Number (16 bits)

ICMP Data (Variable)
└── Payload (typically 32-64 bytes)

Response Handling#

MTR listens for three types of responses:

  1. ICMP Time Exceeded - From intermediate routers
  2. ICMP Echo Reply - From final destination
  3. ICMP Port Unreachable - When using UDP

Programming Language and Architecture#

Implementation Details#

  • Primary Language: C (most implementations)
  • Architecture: Single-threaded, event-driven
  • Cross-platform: Uses POSIX-compliant system calls

Core Algorithm# 

// Simplified MTR main loop
for (int ttl = 1; ttl <= max_hops; ttl++) {
    send_packet_with_ttl(ttl);
    wait_for_response(timeout);
    record_statistics();
    if (reached_destination) break;
}

Security and Performance Considerations#

Security Aspects#

  • Requires root privileges for raw sockets
  • ICMP raw sockets need CAP_NET_RAW capability
  • Can be detected by intrusion detection systems
  • Some networks block ICMP for security

Performance Optimization# 

# Reduce packet size for faster transmission
mtr -s 64 google.com

# Increase timeout for slow networks
mtr -w 10 google.com

# Limit number of cycles
mtr -c 5 google.com

Comparison with Other Tools#

Tool Protocol Real-time Port Testing Ease of Use
MTR ICMP/UDP/TCP Yes No (Layer 3) Excellent
traceroute ICMP/UDP No No Good
ping ICMP Yes No Good
nmap TCP/UDP No Yes Complex
nc TCP/UDP No Yes Good

Best Practices#

  1. Start with basic MTR to understand network path
  2. Use appropriate protocol for your network environment
  3. Combine with port testing tools for complete analysis
  4. Run multiple tests to identify patterns
  5. Document network baselines for comparison
  6. Use report mode for automated monitoring
  7. Consider network policies and security restrictions

Conclusion#

MTR is an essential network diagnostic tool that provides valuable insights into network performance and connectivity. Start with the basic usage patterns, then dive deeper into the technical implementation as needed. Remember that MTR operates at the network layer, so always complement it with application-layer tools for complete network analysis.

For comprehensive network troubleshooting, combine MTR with tools like nc, telnet, nmap, or curl to get both the network path analysis and port-specific connectivity testing.