Quick Answer
Use tracepath on Linux when you want a quick route check without installing anything or using root. It is especially useful when you suspect MTU problems, VPN fragmentation, or a route that changes between destinations. Unlike traceroute, it requires no privileges and is available by default on most Linux distributions.
Basic Syntax and Flags
tracepath 1.1.1.1
tracepath speedtesthq.com
tracepath -n speedtesthq.com
tracepath -b speedtesthq.com
tracepath -l 1400 speedtesthq.com| Flag | What It Does |
|---|---|
| (none) | Default: trace route with hostname lookups |
-n | Skip hostname resolution — faster and cleaner output when DNS is slow |
-b | Show both hostnames and IP addresses |
-l <size> | Start with a specific packet size — useful for testing MTU thresholds |
-m <hops> | Set maximum number of hops (default 30) |
Reading tracepath Output
A typical tracepath output looks like this:
1?: [LOCALHOST] pmtu 1500
1: 192.168.1.1 0.812ms
2: 10.0.0.1 8.234ms
3: 72.14.212.1 12.451ms
4: no reply
5: 1.1.1.1 14.208ms reached
Resume: pmtu 1500 hops 5 back 5| Output Element | Meaning |
|---|---|
pmtu 1500 | Path MTU detected at this point — the maximum packet size that fits without fragmentation |
0.812ms | Round-trip time to that hop |
no reply | Hop did not respond — may be filtered; not necessarily broken |
reached | Destination responded — route complete |
Resume: hops 5 | Summary showing total hops, path MTU, and return hop count |
What to Look For
- Latency jump at a specific hop that persists to the end: The problem started at that hop. Hops before it are fine; hops after it inherit the added latency.
- Latency spike at one hop that does not continue: The hop rate-limits ICMP responses but forwards traffic fine — this is normal behaviour for many routers.
- Missing replies (
no reply) in the middle: Some routers filter TTL-exceeded responses. Try a second tracepath to a different destination to check if the gap is consistently in the same position. pmtudecreasing mid-path: A router along the route has a smaller MTU limit. Common cause of VPN fragmentation issues and stalled TCP connections.- Trace ends with
no replyinstead ofreached: The destination or a firewall near it is filtering UDP probes. Trytraceroute -T(TCP SYN) as a follow-up.
Path MTU and Why It Matters
Path MTU (PMTU) is the largest packet that can traverse the entire path without being fragmented. Standard Ethernet uses 1500 bytes. VPNs, PPPoE DSL, and some tunnelled connections use smaller MTUs — typically 1492 (PPPoE) or 1350–1450 (VPN overhead). When a packet larger than the path MTU hits a router that cannot fragment it (because the Don't Fragment bit is set), it gets silently dropped. This causes symptoms like: websites partially loading but not fully, SSH connecting but hanging when you type commands, or large file transfers stalling after a few seconds.
tracepath reveals this by showing pmtu changes along the route. If you see the MTU drop from 1500 to 1400 at hop 3, packets larger than 1400 bytes are being dropped or fragmented from that hop onward.
tracepath vs traceroute
| Tool | Requires Root? | Protocol | MTU Detection | Best For |
|---|---|---|---|---|
tracepath | No | UDP | Yes (built-in) | Quick checks, MTU diagnosis, locked-down systems |
traceroute | Often yes (raw ICMP) | UDP, ICMP, or TCP | No (separate tool) | Protocol flexibility, more control, deeper diagnosis |
mtr | Often yes | ICMP or UDP | No | Continuous real-time route monitoring and packet loss |
tracepath is the right first tool when you have no root access and want a fast route snapshot. If it shows something suspicious, follow up with traceroute for protocol flexibility, ping for sustained packet loss measurement, and an application test to confirm the symptom is real-world.
Frequently Asked Questions
Do I need sudo for tracepath?
Usually no. tracepath uses unprivileged UDP sockets, which is why it works without root on most Linux systems. This makes it particularly useful on shared servers or locked-down workstations where traceroute is not available without escalation.
What is path MTU?
Path MTU is the largest packet size that can travel from source to destination without fragmentation. It is determined by the smallest MTU link anywhere along the route. Standard Ethernet is 1500 bytes; VPNs and PPPoE links often reduce this to 1350–1492 bytes. Mismatches cause silent packet drops that cause symptoms like partial page loads or stalling file transfers.
Why does tracepath stop early?
Most commonly, a firewall or router along the route is filtering TTL-exceeded ICMP responses. The path itself may be working fine — the device just does not respond to probes. Try tracepath to a different destination and check if the trace completes. If both stop at the same hop, that hop is likely filtering. If they stop at different hops, the routing is fine and different destinations simply have different firewall policies.
Why is tracepath not on my system?
On Debian/Ubuntu it is in the iputils-tracepath package. On RHEL/CentOS it is in iputils. Install with sudo apt install iputils-tracepath or sudo dnf install iputils.