MTR: 'traceroute' and 'ping' in a single tool (opens in new tab)

(bitwizard.nl)

106 pointsprogram1y ago47 comments

47 comments

I normally have `mtr 1.1`¹ running in the background, in the third display mode, which is a 2D histogram—time in the x axis, hops in the y axis, and ASCII character/colour for ping time. When problems occur, this tends to let you easily see the nature of the problem—total loss, elevated packet loss, elevated response times; and to see the location of the problem—local network, local ISP, public internet. There are definitely occasions for loss%, sent, last/average/best/worst/stddev ping and such things as are found in the first display mode, but most of the time I find the histogram view most useful as the starting point.

You can make mtr start in this view with --displaymode=2 (direct command line arguments, `mtr --displaymode=2 …`; or shell alias, `alias mtr="mtr --displaymode=2"`; or set environment variable MTR_OPTIONS=--displaymode=2).

Screenshot of this mode: https://temp.chrismorgan.info/2025-02-06-hn-42924182-mtr-dis...

—⁂—

¹ 1.1 = 1.0.0.1 = Cloudflare public DNS, a convenient nearby public internet endpoint.

jlmcguire1y ago

MTR is a useful tool but it is a somewhat common source of illusory issues since it generates so many icmp time exceeded packets that routers stop replying to other folks running traces. It's important, as others said, to understand that these aren't testing the data path of a network but instead the control plane path.

cootsnuck1y ago

What tools exist for people to test the data path of network reliably? In my experience MTR has worked well enough to approximate network routing issues. But it has always felt like a blunt tool given it can't do anything about hops with firewalls.

jlmcguire1y ago

It's tough. iperf is a reasonable tool. It works by setting up tcp connections and actually transferring data.

I like the work https://fasterdata.es.net/ does. They provide clear guides and set expectations if you want to get more bandwidth out of a connection.

neilv1y ago

MTR has long been one of the first little tools that I install on workstations.

    sudo apt install mtr-tiny

I also have a hotkey to pop it up in a window, pinging to some host that'll always be somewhere on the other side of any ISP from me. Whenever I suddenly suspect a networking problem from my laptop, I hit the hotkey as the first troubleshooting step. MTR starts to narrow down a few different problems very quickly.

eudhxhdhsb321y ago

Mtr is indeed nice.

One thing I've not understood is why will some hops have consistently lower ping times than hops farther down the chain in the same trace?

Is it indicating that the router is faster at forwarding packets than responding to ping requests?

p_ing1y ago

This is always worth a (re)read to understand traceroute:

https://archive.nanog.org/sites/default/files/traceroute-201...

Bluecobra1y ago

^ This should be required reading for anyone using traceroute.

wrigby1y ago

> Is it indicating that the router is faster at forwarding packets than responding to ping requests?

Exactly this. In most “real” routers, forwarding (usually) happens in the “data plane”. It’s handled by an ASIC that has a routing table accessible to it in RAM. A packet comes in on an interface, a routing decision is made, and it goes out another interface - all of this happens with dedicated hardware. Pings (ICMP Echo requests), however, get forwarded by this ASIC to a local CPU, where they are handled by software (in the “control plane”).

You’re really seeing different response times from the two control planes - one may be more loaded or less powerful than another, regardless of the capacity of their data planes.

linsomniac1y ago

This is also why you may see packet loss at one particular hop but then responses from hops beyond it. The hop with packet loss in this case probably has an overwhelmed CPU, rather than indicating that a particular network link has packet loss. mtr reporting packet loss at a hop is only reliable if every hop after it has similar packet loss.

Maybe the only thing I've explained more in my career than this is why it's ok that your Linux box has no "free" memory.

commandersaki1y ago

It also doesn’t help that mtr ICMP handling code is just bad, it disregards packets that actually arrive as a loss.

commandersaki1y ago

I retract my previous statement about bad ICMP code (and other comments where I posted it). I was under the impression that mtr was actually doing ICMP echo requests to individual hops with decreasing TTLs, but it's just relying on the TTL being generated for the end to end echo request. However, this is just still a terrible indicator for packet loss, for example by wifi router heavily deprioritises generating TTL exceeded packets but will respond to a flood of echo requests no issue. My main contention is the per hop loss indicator is a useless and misleading metric and you should be measuring these things end to end with traceroute and ping separately.

oxygen_crisis1y ago

Traceroute doesn't use ping requests except with the old Windows binary. Usually it uses "Time-to-live (TTL) exceeded in transit" messages.

Beyond that technicality, your guess is often right... Routers will frequently prioritize forwarding packets over sending the TTL exceeded packets tools like MTR use to measure response times.

ta12431y ago

Also you can easily have the TTL expired message going via a different route on the return path (and indeed the same applies with your normal connections, asymetric routing can be a pain - especially in networks with rpf issues (multicast ones are a particular pain point), and with stateful firewalls, but most of the time it's fine. You just need to be aware.

Obviously you know, but for anyone else reading, a modern traceroute tool (like mtr) can send icmp, udp or tcp, on generic or specific ports. Indeed the default for mtr on my laptop is to use icmp.

toast01y ago

Most likely, it's as you described, router N forwards packets much faster than it generates icmp ttl exceeded, and router N+1 is nearby and generates icmp faster.

However, it could also be the case that the routing back to you is significantly different, so you can have a much longer path to you from router N than router N+1.

This is more likely to happen on routes that cross oceans. Say you're tracing from the US to Brazil. If router N and N+1 are both in Brazil, but N sends return packets through Europe and N+1 sends through Florida, N+1 returns will arrive significantly sooner.

rixed1y ago

> Is it indicating that the router is faster at forwarding packets than responding to ping requests?

I believe most of the time this is the reason indeed. Answering an ICMP error to a TTL expiration or to an echo request is very low priority.

This latency in error message generation may even be a better signal of the router load than the latency of the actualy trip through it.

commandersaki1y ago

Great tool for misleading results.

ta12431y ago

The results aren't misleading, shockingly large numbers of "computer professionals" have no idea how networks work, but that's because they can't use the tools rather than the tools being misleading

hiAndrewQuinn1y ago

>shockingly large numbers of "computer professionals" have no idea how networks work

Incidentally, if you suspect you yourself are this, I can't recommend any book more highly than Michael W. Lucas's Networking for Systems Administrators. Don't be fooled by the title - the whole idea is to get you to the level where you can talk to a network engineer without looking totally clueless, and no farther - an excellent stopping point.

I would recommend it handily over, say, my own Intro to Networking class in college. And yes, `mtr` is mentioned by name in it!

jeroenhd1y ago

People familiar with networking underestimate how complicated networking actually is. A huge segment of programmers will learn about the existence of routing and BGP and end up in a career where HTTPS and maybe DNS is all they need to worry about.

I'm 100% sure the only reason so many programmers know how NAT works is because NAT breaks video games.

tetha1y ago

EDIT: Re-Reading. I think I am some degree of a networker underestimating network complexity. I'll stand by that. Please make fun of me for only speaking in IPs and Ports.

Yeh. There is a very achievable level of knowledge about networking that's enough to make a lot of practical problems solvable.

Like, my practically acquired patchwork of knowledge about subnets, routing, some DNS, some VPN tech, maybe some ideas of masquerading and NAT'ing is easily enough to run a multi-site production environment across a number of networking stacks. And I wouldn't really call these things hard. I don't like people who are like "I don't know networking" once you say "routing table". The hardest part there is to understand how things are often a very large amount of very local decisions and a bunch of crossed fingers to get a packet from A to B. Oh an no one thinks about return paths until they run a site to site VPN.

But just a few steps beyond that is a cliff dropping into a terrifying abyss of complexity. LIke I know acronyms like BGP, CGNAT, ideas like Anycast DNS and kinda what they do, but it turns into very dark and different magik rather quickly. I say if we need that, we need a networker.

mschuster911y ago

> I'm 100% sure the only reason so many programmers know how NAT works is because NAT breaks video games.

... and filesharing, from the days when bittorrent was huuuuge.

1 more reply

otterz1y ago

Care to elaborate?

zinekeller1y ago

One under-appreciated problem (except from MPLS fudging and multiple load-balancing routers) is that traceroute (including MTR) only shows the way from the sender to the recipient, but actual networks, especially non-peered connections, usually do not use the same paths for both directions. One example that I've encountered is network A sending its packets via then-Telia (now Arelion) but network B routing their packets through NTT instead, which is only shown if you have initiated traceroutes in both directions.

Hikikomori1y ago

The way you write it makes it seems like you're blaming the tool for misleading results when that's the nature of traceroute itself.

MPLS don't have to hide routers though, up to the operator, even if they do it will give you idea of where things went wrong and you can contact the correct people. Load balancing links is either lacp or ecmp, first case doesn't really matter and in the second you'll just see multiple responses on a hop. Neither really had any impact on how useful traceroute is and doesn't really mislead.

tristor1y ago

It is possible to to reveal the impacts of asymmetric routing through other tools, for instance ThousandEyes can do this by performing a time synchronized bidirectional trace (among other things it can do that MTR cannot). This can be very valuable.

That said, in practice for the majority of end users, they will not be directly impacted by asymmetric routing, if only because so many services are now cloud-based and the major cloud devices are direct peered with all of the major ISPs at regional meeting points in most countries. As an example, on my connection in Denver on Comcast, going to most applications in AWS will enter the AWS network /in Denver/ and without traversing any transit provider, meaning effectively my traffic never goes across "the Internet", it goes from Comcast (my provider) directly to AWS (the provider for the application).

While it's always good to be mindful of the complexities of real-world routing, for the vast majority of common use cases now, entry-points to the target application are so widely distributed that the most impactful routing is inside the private network of the cloud provider, not across the larger Internet.

Disclaimer: Opinions are my own.

crims0n1y ago

Which is why any network engineer worth their salt with ask for a trace in both directions (if available). Asymmetric routing can be an issue especially when going through stateful devices like firewalls.

2 more replies

lode1y ago

Traceroute is easy to be misinterpreted, because it does not have insight in underlying networks like MPLS, which could be the cause of issues.

https://movingpackets.net/2017/10/06/misinterpreting-tracero... (discussion at https://news.ycombinator.com/item?id=15474043 )

oxygen_crisis1y ago

They are only misleading if you allow yourself to be misled by them. It's an extremely informative measurement if you are aware of how it works and don't misinterpret the results.

1 more reply

commandersaki1y ago

The packet loss indicator is the biggest issue I have. I’m well aware that routers may deprioritise ICMP and lead to packet loss, and therefore if you’re not seeing cascading packet loss then it’s probably phantom. Also what really matters is end to end loss anyways.

The other issue with packet loss is the tool doesn’t handle ICMP properly in the first place. A ping flood to an end to end host like 1.1.1.1 shows 0% loss, but when I use mtr to do flood like pinging it shows my wifi router with 100% loss. If I ping flood my router I get 0%.

It’s genuinely a bad tool and you should really just be keeping ping and traceroute separate as they do completely different things.

Elixir64191y ago

It's one of the best tools to troubleshoot packetloss on the internet and generally routed networks. It gives you way more information than ping or traceroute could potentially give.

If you run it in TCP or UDP mode you can even nail down the physical interface that's erroring in a LAG/LACP bundle due to being able to manipulate the 5 tuples very well.

I'm also curious about the flags you used for ping and mtr that showed you this discrapancy.

1 more reply

walrus011y ago

the results aren't misleading, people just don't know how to read them, or understand why bidirectional traceroutes are necessary.

https://www.youtube.com/watch?v=L0RUI5kHzEQ

klysm1y ago

Only misleading if you don't understand what it's doing. If you do, then it's a useful tool.

commandersaki1y ago

I don’t trust the ICMP code in mtr. I’ve had an mtr to 1.1.1.1 which shows my wifi router as an intermediate hop showing 100% loss when doing pings at interval of 0.1ms. A flood ping to my router shows 0%. I’d rather just use time tested tools such as ping and trace route, which shouldn’t even be combined anyway since the loss indicator is usually unreliable unless there’s cascading loss (and even then can still be unreliable).

BrandoElFollito1y ago

I tried mtr (I usually use ping and traceroute). 87% packet loss at my router and the next hop, then 0% loss. WTF I say to myself and uninstall.

1 more reply

j / k navigate · click thread line to collapse

47 comments

chrismorgan1y ago

Screenshot of this mode: https://temp.chrismorgan.info/2025-02-06-hn-42924182-mtr-dis...

—⁂—

¹ 1.1 = 1.0.0.1 = Cloudflare public DNS, a convenient nearby public internet endpoint.

jlmcguire1y ago

cootsnuck1y ago

jlmcguire1y ago

It's tough. iperf is a reasonable tool. It works by setting up tcp connections and actually transferring data.

I like the work https://fasterdata.es.net/ does. They provide clear guides and set expectations if you want to get more bandwidth out of a connection.

neilv1y ago

MTR has long been one of the first little tools that I install on workstations.

    sudo apt install mtr-tiny

eudhxhdhsb321y ago

Mtr is indeed nice.

One thing I've not understood is why will some hops have consistently lower ping times than hops farther down the chain in the same trace?

Is it indicating that the router is faster at forwarding packets than responding to ping requests?

p_ing1y ago

This is always worth a (re)read to understand traceroute:

https://archive.nanog.org/sites/default/files/traceroute-201...

Bluecobra1y ago

^ This should be required reading for anyone using traceroute.

wrigby1y ago

> Is it indicating that the router is faster at forwarding packets than responding to ping requests?

You’re really seeing different response times from the two control planes - one may be more loaded or less powerful than another, regardless of the capacity of their data planes.

linsomniac1y ago

Maybe the only thing I've explained more in my career than this is why it's ok that your Linux box has no "free" memory.

commandersaki1y ago

It also doesn’t help that mtr ICMP handling code is just bad, it disregards packets that actually arrive as a loss.

commandersaki1y ago

oxygen_crisis1y ago

Traceroute doesn't use ping requests except with the old Windows binary. Usually it uses "Time-to-live (TTL) exceeded in transit" messages.

Beyond that technicality, your guess is often right... Routers will frequently prioritize forwarding packets over sending the TTL exceeded packets tools like MTR use to measure response times.

ta12431y ago

Obviously you know, but for anyone else reading, a modern traceroute tool (like mtr) can send icmp, udp or tcp, on generic or specific ports. Indeed the default for mtr on my laptop is to use icmp.

toast01y ago

Most likely, it's as you described, router N forwards packets much faster than it generates icmp ttl exceeded, and router N+1 is nearby and generates icmp faster.

However, it could also be the case that the routing back to you is significantly different, so you can have a much longer path to you from router N than router N+1.

rixed1y ago

> Is it indicating that the router is faster at forwarding packets than responding to ping requests?

I believe most of the time this is the reason indeed. Answering an ICMP error to a TTL expiration or to an echo request is very low priority.

This latency in error message generation may even be a better signal of the router load than the latency of the actualy trip through it.

commandersaki1y ago

Great tool for misleading results.

ta12431y ago

The results aren't misleading, shockingly large numbers of "computer professionals" have no idea how networks work, but that's because they can't use the tools rather than the tools being misleading

hiAndrewQuinn1y ago

>shockingly large numbers of "computer professionals" have no idea how networks work

I would recommend it handily over, say, my own Intro to Networking class in college. And yes, `mtr` is mentioned by name in it!

jeroenhd1y ago

I'm 100% sure the only reason so many programmers know how NAT works is because NAT breaks video games.

tetha1y ago

EDIT: Re-Reading. I think I am some degree of a networker underestimating network complexity. I'll stand by that. Please make fun of me for only speaking in IPs and Ports.

Yeh. There is a very achievable level of knowledge about networking that's enough to make a lot of practical problems solvable.

mschuster911y ago

> I'm 100% sure the only reason so many programmers know how NAT works is because NAT breaks video games.

... and filesharing, from the days when bittorrent was huuuuge.

1 more reply

otterz1y ago

Care to elaborate?

zinekeller1y ago

Hikikomori1y ago

The way you write it makes it seems like you're blaming the tool for misleading results when that's the nature of traceroute itself.

tristor1y ago

Disclaimer: Opinions are my own.

crims0n1y ago

2 more replies

lode1y ago

Traceroute is easy to be misinterpreted, because it does not have insight in underlying networks like MPLS, which could be the cause of issues.

https://movingpackets.net/2017/10/06/misinterpreting-tracero... (discussion at https://news.ycombinator.com/item?id=15474043 )

oxygen_crisis1y ago

They are only misleading if you allow yourself to be misled by them. It's an extremely informative measurement if you are aware of how it works and don't misinterpret the results.

1 more reply

commandersaki1y ago

It’s genuinely a bad tool and you should really just be keeping ping and traceroute separate as they do completely different things.

Elixir64191y ago

It's one of the best tools to troubleshoot packetloss on the internet and generally routed networks. It gives you way more information than ping or traceroute could potentially give.

If you run it in TCP or UDP mode you can even nail down the physical interface that's erroring in a LAG/LACP bundle due to being able to manipulate the 5 tuples very well.

I'm also curious about the flags you used for ping and mtr that showed you this discrapancy.

1 more reply

walrus011y ago

the results aren't misleading, people just don't know how to read them, or understand why bidirectional traceroutes are necessary.

https://www.youtube.com/watch?v=L0RUI5kHzEQ

klysm1y ago

Only misleading if you don't understand what it's doing. If you do, then it's a useful tool.

commandersaki1y ago

BrandoElFollito1y ago

I tried mtr (I usually use ping and traceroute). 87% packet loss at my router and the next hop, then 0% loss. WTF I say to myself and uninstall.

1 more reply

j / k navigate · click thread line to collapse