ArcLibrary
L1入门L2进阶L3生态

mtr & tcptraceroute

Modern path diagnostics that survive ICMP blocking — see at a glance which hop is dropping packets.

mtrtracerouteDiagnostics
核心 · Key Idea

In one line: classic ICMP traceroute is often blocked by middleboxes. mtr probes continuously for stable per-hop loss; tcptraceroute / mtr -T switches to TCP-SYN probes that traverse more firewalls.

What it is#

  • mtr (My Traceroute) = ping + traceroute, continuously refreshed.
  • tcptraceroute: uses TCP SYN instead of ICMP / UDP probes.
  • Together = a stable view of which hop drops or jitters over a sustained window.
mtr -wbz -i 1 -c 100 example.com
mtr -T -P 443 example.com
tcptraceroute example.com 443

Analogy#

打个比方 · Analogy

A single ping is a glance at the road — that moment might just happen to be green-light. mtr is a traffic camera running all day — it tells you which segment is chronically jammed.

Key concepts#

ICMP TTL ExceededTTL Exceeded
Classic traceroute depends on intermediate routers returning this ICMP — many ISPs rate-limit or block it.
TCP tracerouteTCP Probe
Sends TCP SYN to the destination port; intermediate routers still return ICMP, target replies SYN-ACK / RST.
Continuous probeContinuous Probe
mtr keeps probing — produces per-hop loss / avg / worst latency.
Asymmetric pathAsymmetric Routing
Forward and reverse paths differ — traceroute only sees forward; reverse-path problems need mtr from the other side.
JSON / Report modeStructured Output
`mtr --json` / `--report` are great for automated collection.

How it works#

In mtr's output, the column to focus on is Loss% — a single bad sample doesn't matter.

Practical notes#

  • mtr -T -P 443 host is the most practical for HTTPS — avoids ICMP rate limiting.
  • Loss only matters at the last hop — mid-path loss usually means the router rate-limits ICMP, not real loss. Sustained loss at the destination means real problem.
  • Cross-region diagnosis: run mtr from different PoPs to find the worst segment. Tools: BestTrace / public looking-glasses.
  • Pin source port: mtr -T -P 443 -p 12345 keeps ECMP from rerouting your probes to different paths mid-diagnosis.
  • Pipe JSON to alerting: mtr -j --report-cycles 30 — script alerts if a hop's loss > 5% for N cycles.

Easy confusions#

mtr / traceroute
Per-hop latency + loss — **locates the segment**.
Continuous sampling = trustworthy stats.
ping
End-to-end latency + loss — **detects a problem**.
Single endpoint view.

Further reading#