Using MTR for network diagnostics

Traceroute and ping are commonly provided with operating systems as tools to diagnose problems in network connectivity between systems. Another very useful took, which combines the functionality of both those other tools is My traceroute, which was originally know as Matt's traceroute, aka MTR. The software is available for Linux systems and also for Microsoft Windows sytems as WinMTR.

The software can be installed via the package management system for some Linux distributions. E.g., it can be installed on a CentOS Linux system with yum using the command yum install mtr. You can check on whether it is installed on a CentOS system with the command rpm -qi mtr or you can just issue the command which mtr on a Linux system.

Udemy - April2516-25off-sitewide120x600
$ rpm -qi mtr
Name        : mtr
Epoch       : 2
Version     : 0.85
Release     : 7.el7
Architecture: x86_64
Install Date: Sun 05 Oct 2014 07:53:20 PM EDT
Group       : Applications/Internet
Size        : 130820
License     : GPLv2+
Signature   : RSA/SHA256, Thu 03 Jul 2014 11:51:25 PM EDT, Key ID 24c6a8a7f4a80eb5
Source RPM  : mtr-0.85-7.el7.src.rpm
Build Date  : Mon 09 Jun 2014 06:43:41 PM EDT
Build Host  : worker1.bsys.centos.org
Relocations : (not relocatable)
Packager    : CentOS BuildSystem <http://bugs.centos.org>
Vendor      : CentOS
URL         : http://www.BitWizard.nl/mtr
Summary     : A network diagnostic tool
Description :
Mtr is a network diagnostic tool that combines ping and traceroute
into one program. Mtr provides two interfaces: an ncurses interface,
useful for using Mtr from a telnet session; and a GTK+ interface for X
(provided in the mtr-gtk package).
$ which mtr
/usr/sbin/mtr
$

For installation instructions for a Mac OS X/macOS system, see Installing MTR on an OS X system.

After you've installed the softare, you can get help on usage of the command with mtr -h.

$ mtr -h
usage: mtr [-BfhvrwctglxspQomniuT46] [--help] [--version] [--report]
		[--report-wide] [--report-cycles=COUNT] [--curses] [--gtk]
		[--csv|-C] [--raw] [--xml] [--split] [--mpls] [--no-dns] [--show-ips]
		[--address interface] [--filename=FILE|-F]
		[--ipinfo=item_no|-y item_no]
		[--aslookup|-z]
		[--psize=bytes/-s bytes] [--order fields]
		[--report-wide|-w] [--inet] [--inet6] [--max-ttl=NUM] [--first-ttl=NUM]
		[--bitpattern=NUM] [--tos=NUM] [--udp] [--tcp] [--port=PORT] [--timeout=SECONDS]
		[--interval=SECONDS] HOSTNAME
$

You can also peruse the manual page for mtr for information on the utility, which notes:

mtr combines the functionality of the traceroute and ping programs in a single network diagnostic tool.

As mtr starts, it investigates the network connection between the host mtr runs on and HOSTNAME. by sending packets with purposely low TTLs. It continues to send packets with low TTL, noting the response time of the intervening routers. This allows mtr to print the response per‐ centage and response times of the internet route to HOSTNAME. A sudden increase in packet loss or response time is often an indication of a bad (or simply overloaded) link.

The results are usually reported as round-trip-response times in miliseconds and the percentage of packetloss.

If you just type mtr at the command line, the program will keep sending packets and updating statistics until you stop it with Ctrl-C. You can pause the updates with Ctrl-S and resume them with Ctrl-Q. The information displayed will be similar to that shown below:

                             My traceroute  [v0.85]
example.com (0.0.0.0)                                  Fri May  5 21:59:51 2017
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 192.168.0.1                       0.0%     5    0.7   0.7   0.7   0.7   0.0
 2. 10.173.0.1                        0.0%     5    7.7   8.9   7.7  10.3   0.5
 3. 172.23.112.149                    0.0%     5    9.3   9.6   8.1  10.8   1.0
 4. 172.23.112.158                    0.0%     5   10.2  13.1   8.9  23.0   5.9
 5. te0-16-0-24.ccr41.iad02.atlas.co  0.0%     5   20.5  14.5  11.9  20.5   3.4
 6. tata.iad02.atlas.cogentco.com     0.0%     5   12.3  13.3  12.0  15.1   1.3
 7. 72.14.198.28                      0.0%     5   14.0  15.5  14.0  18.6   1.6
 8. 108.170.246.33                    0.0%     5   21.7  17.0  13.4  21.7   3.9
 9. 209.85.246.135                    0.0%     4   15.2  18.7  14.1  30.0   7.5
10. iad23s57-in-f14.1e100.net         0.0%     4   13.9  13.9  13.6  14.3   0.0

Another example with packet loss.

Or you can use the -c and --report options to have it send a specific number of packets for network hop and then exit displaying a report, such as the one below:

Save on a Computer: Run Windows, Mac, and Linux with VirtualBox
Save on a Computer: Run Windows,
Mac, and Linux with VirtualBox
1x1 px

$ mtr -c 5 --report google.com
Start: Fri May  5 21:54:55 2017
HOST: example.com                 Loss%   Snt   Last   Avg  Best  Wrst StDev
  1.|-- gateway                    0.0%     5    0.7   0.7   0.7   0.7   0.0
  2.|-- 10.173.0.1                 0.0%     5    9.3  10.8   7.9  19.1   4.6
  3.|-- 172.23.112.149             0.0%     5    9.4  10.1   9.4  10.5   0.0
  4.|-- 172.23.112.158             0.0%     5   16.8  49.0   7.9 203.3  86.3
  5.|-- te0-16-0-24.ccr41.iad02.a  0.0%     5   12.1  13.6  12.1  17.8   2.2
  6.|-- tata.iad02.atlas.cogentco  0.0%     5   14.2  12.9  11.3  14.2   1.0
  7.|-- 72.14.198.28               0.0%     5   15.8  16.4  14.8  19.2   1.6
  8.|-- 108.170.246.33             0.0%     5   15.7  15.2  14.4  15.7   0.0
  9.|-- 209.85.246.135             0.0%     5   15.7  15.0  13.7  15.7   0.5
 10.|-- iad23s57-in-f14.1e100.net  0.0%     5   15.4  14.5  13.8  15.4   0.0
$

Note: though I specified google.com as the destination system, iad23s57-in-f14.1e100.net is displayed in the results as the fully qualified domain name (FQDN) rather than google.com because an nslookup on google.com on the system on which I ran the command yielded the IP address 207.255.176.37; since Google has many servers, the IP address you will get from a lookup on google.com will depend on your geographic location. And a reverse DNS lookup on that IP address returns the FQDN of iad23s57-in-f14.1e100.net.

$ nslookup google.com
Server:		207.255.176.37
Address:	207.255.176.37#53

Non-authoritative answer:
Name:	google.com
Address: 172.217.3.46
$ nslookup 172.217.3.46
Server:		207.255.176.37
Address:	207.255.176.37#53

Non-authoritative answer:
46.3.217.172.in-addr.arpa	name = iad23s57-in-f14.1e100.net.
46.3.217.172.in-addr.arpa	name = iad23s57-in-f46.1e100.net.

Authoritative answers can be found from:
217.172.in-addr.arpa	nameserver = ns2.google.com.
217.172.in-addr.arpa	nameserver = ns3.google.com.
217.172.in-addr.arpa	nameserver = ns1.google.com.
217.172.in-addr.arpa	nameserver = ns4.google.com.
ns2.google.com	internet address = 216.239.34.10
ns3.google.com	internet address = 216.239.36.10
ns1.google.com	internet address = 216.239.32.10
ns4.google.com	internet address = 216.239.38.10

$