Traceroute

traceroute

By default traceroute sends UDP packets on ports 33434 to 33534. If a firewall blocks these packets then you will not get to your destination. You can use the -I option to specify ICMP ECHO packets instead of UDP datagrams. This can be misleading because sometimes a firewall or a load balancer will respond to ICMP ECHO packets on behalf of the destination.

mtr

This is like traceroute and ping combined. It uses ICMP ECHO packets. It constantly updates the display showing % packet loss and response time from each hop. Because mtr uses ICMP ECHO packets it may be misleading because sometimes a firewall or load balancer will respond to ICMP ECHO packets on behalf of the destination.

tcptraceroute

This is similar to traceroute, but uses TCP SYN packets on a given port. Normally you tell it to use a port that you expect to be open on a firewall. By default tcptraceroute sends packets on port 80. For example the following traces the route of TCP SYN packets on port 25 (SMTP).

 tcptraceroute server.example.com 25

If the last hop shows the message [closed] then it means that the destination machine responded, but is not listening on that port. If the last hop shows the message [open] then it means that the destination machine responded and is listening on that port. Both responses are good in the sense that they mean the machine is reachable and it tells you something about what is going on. If you see a lot of attempts with "* * *" as the result with the final message of "Destination not reached" then it means that your packets most likely did not reach the machine on the given port. That's generally bad. It may mean the machine is not connected to the network; the packets on that port are being discarded by a firewall; or the packets are simply lost.