The Internet is a large association of different points that communicate with each other through a routing system. Most endpoints, such as the web browser that seeks to access a website and the server that hosts that website, are not directly connected on the same network. When a web browser sends a request to a website's server, that request is likely to travel through several intermediate networks. A network route is the sequence of networks that a data packet traverses to reach a remote destination.
There is a great utility called traceroute that helps you identify problems on the network path. It is used to trace the route that IP packets take from source address to destination address. In Linux and macOS networking the command is called traceroute and in Windows it is called tracert. It can be used to determine:
- packet paths (indicating IP addresses of routers);
- retention time (RTT).
Traceroute is a fairly simple tool that allows you to check a route once. If you only need to diagnose the routers through which packets pass, use traceroute. And if you need to diagnose packet loss, then go for the MTR test - it runs multiple traceroutes and aggregates the reports.
What is traceroute of MTR (My Traceroute)
MTR is an alternative for classic traceroute. Combining the functionality of ping and traceroute, MTR polls a constantly remote server computer and enables continuous updates, tracking changes in latency and performance over time.
At first glance, the MTR output may seem similar to a normal traceroute, but here the MTR utility takes it a step further by continuously updating its output. This opens up a wide horizon for collecting averages and tracking network performance.
If you run a regular traceroute, there is a possibility that packets have passed through each node successfully, despite losses and delays. And the MTR program provides the ability to collect data over a long time period.
The MTR program determines the path to the remote computer as well as the response time of all network transitions in the Internet route between the local system and remote machines.
This useful tool is easy to use and is available in all Linux distributions as well as in the Windows family of operating systems.
How MTR works
The MTR utility is a useful tool to get information about the IP addresses of routers, gateways and other network junctions. It sends a ping to each of them and displays the responses on the screen. The statistics are shown in real time, making MTR analysis particularly relevant and meaningful. Tracking and analyzing the data allows you to evaluate network performance and identify possible problems.
How to create an MTR report
The routes between two points on the Internet can vary significantly depending on specific parameters and settings. For a more complete assessment of the situation and to identify possible connectivity problems, it is recommended to use MTR reports in both directions for all nodes that are experiencing network problems.
The source host is the host on which the MTR is running, and the destination host is the host to which the request is directed. For this reason, collecting data in both directions provides a more complete picture of the identification of possible problem hosts and helps to more accurately assess the causes of network problems.
Decoding MTR reports
In the MTR report, you will see a variety of data:
- Host Number - The sequential number of each intermediate host (router) on the route to the destination server.
- Host Name (IP Address) - The host name or its IP address. If no name is defined, only the IP will be displayed. A value of "No response from host" indicates that ICMP packets are blocked on the host.
- Packet Loss (%) (Loss) - The percentage of packets lost at this stage. Minor losses (1-5%) may be acceptable on some networks. They may be caused by temporary network problems or node congestion. High losses (more than 25%) usually indicate serious problems such as equipment malfunction, poor connectivity, or network infrastructure problems.
- Sent (Snt) - the number of packets sent.
- Lost (Drop) - The number of packets lost.
- Delay (Last) - The delay time in milliseconds for the last packet sent.
- Best - The fastest time for a packet to reach the host and return.
- Avrg - The average response time of the host.
- Worst - The maximum response time of the host.
- Standard Deviation (StDev) - The standard deviation of the delay time in milliseconds.
Pay attention to the loss rate in the Loss field on the start and end nodes. It is very important to note that some nodes may experience up to 100% losses, but if packets continue to pass through successfully, it indicates that this node is working but blocking responses to ICMP packets.
If you notice losses on the first 1-2 nodes, which leads to losses on the rest of the nodes, you need to check the settings and state of the computer and router, as it is in them that these losses occur.
If losses are observed on the last 1-2 nodes, the cause may be a problem on the server itself (e.g. an application is running that loads all the bandwidth of the channel, DDoS attack on your site/server, etc.). If you use a virtual server (VPS), the problem may occur at the physical server level. In such cases, it is recommended to contact the hoster's technical support for additional verification.
If you have detected losses at intermediate nodes - there is no reason to worry. Intermediate routers may not respond to ICMP requests, but still pass the traffic onward. However, if losses are detected on the end node, it is recommended to send the analysis results to the provider's technical support team via the ticketing system. Be sure to specify your external IP address in the message so that the hoster can identify you.
MTR provides a variety of command line reports, of which we will look at some commonly used ones.
TCP MTR - TCP transport protocol is used instead of traditional ICMP packets. This option allows you to select the destination port.
UDP MTR - This option uses the UDP protocol instead of ICMP. This substitution can be useful in cases when routers block ICMP packets or for testing specific ports.
Display IP (instead of hosts) - The option allows you to keep track of the IP addresses associated with each routing step. This output greatly simplifies the process of sending problem reports to higher-level devices.
AS Lookup - This feature provides information about the Autonomous System (AS) number on each routing step.
Due to its extensive capabilities, MTR is considered a powerful tool for analyzing and diagnosing network problems, allowing you to more accurately determine the causes of failures and improve overall network stability.