MTR (software)

WinMTR
Original author(s)	Appnor MSP S.R.L.
Developer(s)	White-Tiger
Stable release	1.00 / January 12, 2014;9 years ago
Repository	github.com/White-Tiger/WinMTR
Written in	C++
Operating system	Windows
Type	Network
License	GNU General Public License Version 2
Website	github.com/White-Tiger/WinMTR

MTR
Developer(s)	BitWizard
Initial release	1997;27 years ago
Stable release	0.95 / January 11, 2022;2 years ago
Repository	github.com/traviscross/mtr ;
Written in	C
Operating system	Unix-like
Type	Network
License	GNU General Public License Version 2
Website	www.bitwizard.nl/mtr

Last updated January 12, 2024

My traceroute, originally named Matt's traceroute (MTR), is a computer program that combines the functions of the traceroute and ping programs in one network diagnostic tool.^[2]

History

The original Matt's traceroute program was written by Matt Kimball in 1997. Roger Wolff took over maintaining MTR (renamed My traceroute) in October 1998.^[3]

Fundamentals

MTR is licensed under the terms of the GNU General Public License (GPL) and works under modern Unix-like operating systems. It normally works under the text console, but it also has an optional GTK+-based graphical user interface (GUI).

MTR relies on Internet Control Message Protocol (ICMP) Time Exceeded (type 11, code 0) packets coming back from routers, or ICMP Echo Reply packets when the packets have hit their destination host. MTR also has a User Datagram Protocol (UDP) mode (invoked with "-u" on the command line or pressing the "u" key in the curses interface) that sends UDP packets, with the time to live (TTL) field in the IP header increasing by one for each probe sent, toward the destination host. When the UDP mode is used, MTR relies on ICMP port unreachable packets (type 3, code 3) when the destination is reached.

MTR also supports IPv6 and works in a similar manner but instead relies on ICMPv6 messages.

The tool is often used for network troubleshooting. By showing a list of routers traversed, and the average round-trip time as well as packet loss to each router, it allows users to identify links between two given routers responsible for certain fractions of the overall latency or packet loss through the network.^[4] This can help identify network overuse problems.^[5]

Examples

This example shows MTR running on Linux tracing a route from the host machine (example.lan) to a web server at Yahoo! (p25.www.re2.yahoo.com) across the Level 3 Communications network.

                             My traceroute  [v0.71]             example.lan                           Sun Mar 25 00:07:50 2007                                         Packets                Pings Hostname                            %Loss  Rcv  Snt  Last Best  Avg  Worst  1. example.lan                        0%   11   11     1    1    1      2  2. ae-31-51.ebr1.Chicago1.Level3.n   19%    9   11     3    1    7     14  3. ae-1.ebr2.Chicago1.Level3.net      0%   11   11     7    1    7     14  4. ae-2.ebr2.Washington1.Level3.ne   19%    9   11    19   18   23     31  5. ae-1.ebr1.Washington1.Level3.ne   28%    8   11    22   18   24     30  6. ge-3-0-0-53.gar1.Washington1.Le    0%   11   11    18   18   20     36  7. 63.210.29.230                      0%   10   10    19   19   19     19  8. t-3-1.bas1.re2.yahoo.com           0%   10   10    19   18   32    106  9. p25.www.re2.yahoo.com              0%   10   10    19   18   19     19

An additional example below shows a recent version of MTR running on FreeBSD. MPLS labels are displayed by default when the "-e" switch is used on the command line (or the "e" key is pressed in the curses interface):

                                  My traceroute  [v0.82] dax.prolixium.com (0.0.0.0)                                      Sun Jan  1 12:58:02 2012 Keys:  Help   Display mode   Restart statistics   Order of fields   quit                                                  Packets               Pings  Host                                          Loss%   Snt   Last   Avg  Best  Wrst StDev  1. voxel.prolixium.net                         0.0%    13    0.4   1.7   0.4  10.4   3.2  2. 0.ae2.tsr1.lga5.us.voxel.net                0.0%    12   10.8   2.9   0.2  10.8   4.3  3. 0.ae59.tsr1.lga3.us.voxel.net               0.0%    12    0.4   1.7   0.4  16.0   4.5  4. rtr.loss.net.internet2.edu                  0.0%    12    4.8   7.4   0.3  41.8  15.4  5. 64.57.21.210                                0.0%    12    5.4  15.7   5.3 126.7  35.0  6. nox1sumgw1-vl-530-nox-mit.nox.org           0.0%    12  109.5  60.6  23.0 219.5  66.0     [MPLS: Lbl 172832 Exp 0 S 1 TTL 1]  7. nox1sumgw1-peer--207-210-142-234.nox.org    0.0%    12   25.0  23.2  23.0  25.0   0.6  8. B24-RTR-2-BACKBONE-2.MIT.EDU                0.0%    12   23.2  23.4  23.2  24.9   0.5  9. MITNET.TRANTOR.CSAIL.MIT.EDU                0.0%    12   23.4  23.4  23.3  23.5   0.1 10. trantor.helicon.csail.mit.edu               0.0%    12   23.7  25.0  23.5  26.5   1.3 11. zermatt.csail.mit.edu                       0.0%    12   23.1  23.1  23.1  23.3   0.1

Windows versions

WinMTR is a Windows GUI application functionally equivalent to MTR. It was originally developed by Appnor MSP S.R.L.; it is now maintained by White-Tiger. Although it is very similar, WinMTR shares no common code with MTR.

A console version of MTR does exist for Windows, but it has fewer features than MTR on other platforms.^[6]

Similar commands

Windows NT and beyond has a built-in PathPing command that similarly combines the functionality of ping with that of tracert. It displays network latency and network loss at intermediate hops between a source and destination. Because it displays the degree of packet loss at any given router or link, it can also be used to determine which routers or subnets might be having network problems.^[7]

Related Research Articles

The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

The Internet protocol suite, commonly known as TCP/IP, is a framework for organizing the set of communication protocols used in the Internet and similar computer networks according to functional criteria. The foundational protocols in the suite are the Transmission Control Protocol (TCP), the User Datagram Protocol (UDP), and the Internet Protocol (IP). Early versions of this networking model were known as the Department of Defense (DoD) model because the research and development were funded by the United States Department of Defense through DARPA.

ping is a computer network administration software utility used to test the reachability of a host on an Internet Protocol (IP) network. It is available for virtually all operating systems that have networking capability, including most embedded network administration software.

In computing, traceroute and tracert are computer network diagnostic commands for displaying possible routes (paths) and measuring transit delays of packets across an Internet Protocol (IP) network. The history of the route is recorded as the round-trip times of the packets received from each successive host in the route (path); the sum of the mean times in each hop is a measure of the total time spent to establish the connection. Traceroute proceeds unless all sent packets are lost more than twice; then the connection is lost and the route cannot be evaluated. Ping, on the other hand, only computes the final round-trip times from the destination point.

In computer networking, IP over Avian Carriers (IPoAC) is a joke proposal to carry Internet Protocol (IP) traffic by birds such as homing pigeons. IP over Avian Carriers was initially described in RFC 1149 issued by the Internet Engineering Task Force, written by D. Waitzman, and released on April 1, 1990. It is one of several April Fools' Day Request for Comments.

A Smurf attack is a distributed denial-of-service attack in which large numbers of Internet Control Message Protocol (ICMP) packets with the intended victim's spoofed source IP are broadcast to a computer network using an IP broadcast address. Most devices on a network will, by default, respond to this by sending a reply to the source IP address. If the number of machines on the network that receive and respond to these packets is very large, the victim's computer will be flooded with traffic. This can slow down the victim's computer to the point where it becomes impossible to work on.

In computing, a stateful firewall is a network-based firewall that individually tracks sessions of network connections traversing it. Stateful packet inspection, also referred to as dynamic packet filtering, is a security feature often used in non-commercial and business networks.

Network utilities are software utilities designed to analyze and configure various aspects of computer networks. The majority of them originated on Unix systems, but several later ports to other operating systems exist.

The PathPing command is a command-line network utility included in Windows NT operating systems since Windows 2000 that combines the functionality of ping with that of tracert. It is used to locate spots that have network latency and network loss.

NetFlow is a feature that was introduced on Cisco routers around 1996 that provides the ability to collect IP network traffic as it enters or exits an interface. By analyzing the data provided by NetFlow, a network administrator can determine things such as the source and destination of traffic, class of service, and the causes of congestion. A typical flow monitoring setup consists of three main components:

Packet loss occurs when one or more packets of data travelling across a computer network fail to reach their destination. Packet loss is either caused by errors in data transmission, typically across wireless networks, or network congestion. Packet loss is measured as a percentage of packets lost with respect to packets sent.

SuperScan is a free connect-based port scanning software designed to detect open TCP and UDP ports on a target computer, determine which services are running on those ports, and run queries such as whois, ping, ICMP traceroute, and Hostname lookups.

Layer Four Traceroute (LFT) is a fast, multi-protocol traceroute engine, that also implements numerous other features including AS number lookups through regional Internet registries and other reliable sources, Loose Source Routing, firewall and load balancer detection, etc. LFT is best known for its use by network security practitioners to trace a route to a destination host through many configurations of packet-filters / firewalls, and to detect network connectivity, performance or latency problems.

An ICMP tunnel establishes a covert connection between two remote computers, using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies.

IP fragmentation attacks are a kind of computer security attack based on how the Internet Protocol (IP) requires data to be transmitted and processed. Specifically, it invokes IP fragmentation, a process used to partition messages from one layer of a network into multiple smaller payloads that can fit within the lower layer's protocol data unit (PDU). Every network link has a maximum size of messages that may be transmitted, called the maximum transmission unit (MTU). If the SDU plus metadata added at the link layer exceeds the MTU, the SDU must be fragmented. IP fragmentation attacks exploit this process as an attack vector.

The Internet Mapping Project was started by William Cheswick and Hal Burch at Bell Labs in 1997. It has collected and preserved traceroute-style paths to some hundreds of thousands of networks almost daily since 1998. The project included visualization of the Internet data, and the Internet maps were widely disseminated.

CubeSat Space Protocol (CSP) is a small network-layer delivery protocol designed for CubeSats. The idea was developed by a group of students from Aalborg University in 2008, and further developed for the AAUSAT3 CubeSat mission that was launched in 2013. The protocol is based on a 32-bit header containing both network and transport layer information. Its implementation is designed for embedded systems such as the 8-bit AVR microprocessor and the 32-bit ARM and AVR from Atmel. The implementation is written in C and is ported to run on FreeRTOS and POSIX and pthreads-based operating systems such as Linux. The three-letter acronym CSP was adopted as an abbreviation for CAN Space Protocol because the first MAC-layer driver was written for CAN-bus. The physical layer has since been extended to include several other technologies, and the name was therefore extended to the more general CubeSat Space Protocol without changing the abbreviation.

Bufferbloat is a cause of high latency and jitter in packet-switched networks caused by excess buffering of packets. Bufferbloat can also cause packet delay variation, as well as reduce the overall network throughput. When a router or switch is configured to use excessively large buffers, even very high-speed networks can become practically unusable for many interactive applications like voice over IP (VoIP), audio streaming, online gaming, and even ordinary web browsing.

<span class="mw-page-title-main">ICMP hole punching</span> NAT technique in computer networking

ICMP hole punching is a technique employed in network address translator (NAT) applications for maintaining Internet Control Message Protocol (ICMP) packet streams that traverse the NAT. NAT traversal techniques are typically required for client-to-client networking applications on the Internet involving hosts connected in private networks, especially in peer-to-peer and Voice over Internet Protocol (VoIP) deployments.

References

↑ "Releases - traviscross/mtr" . Retrieved 9 May 2021– via GitHub.
↑ Upstream Provider Woes? Point the Ping of Blame. (linuxplanet.com)
↑ Cisco router configuration and troubleshooting By Mark Tripod (Google Books)
↑ Nore, Haakon Løchen (2014). "Understanding network performance bottlenecks". Institutt for Telematikk.
↑ Linode: Diagnosing Network Issues with MTR
↑ Based on: https://github.com/traviscross/mtr/issues/55#issuecomment-264057403
↑ "Pathping". 3 February 2023. Retrieved 18 February 2023.

External links

Official website
MTR manual page
MTR, BitWizard's MTR page with Unix downloads
WinMTR, the equivalent of MTR for Windows platforms
WinMTR (Redux), fork of WinMTR, maintained by René Schümann aka White-Tiger

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Releases - traviscross/mtr" . Retrieved 9 May 2021– via GitHub.

[2] Upstream Provider Woes? Point the Ping of Blame. (linuxplanet.com)

[3] Cisco router configuration and troubleshooting By Mark Tripod (Google Books)

[4] Nore, Haakon Løchen (2014). "Understanding network performance bottlenecks". Institutt for Telematikk.

[5] Linode: Diagnosing Network Issues with MTR

[6] Based on: https://github.com/traviscross/mtr/issues/55#issuecomment-264057403

[7] "Pathping". 3 February 2023. Retrieved 18 February 2023.

[1]

[2]

[3]

[4]

[5]

[6]

[7]