How to Check If the Ports Are Open With Using Traceroute

Introduction

I will present a few examples that may be helpful in troubleshooting network problems wit ICMP, UDP and TCP communication with using traceroute

For test we can use simple Vagrant file.

Let’s start

ICMP

Checking if the route is routed to the destination and if the IP is reachable.

root@master:/home/vagrant# traceroute -n -q 1 -I 192.168.123.124
traceroute to 192.168.123.124 (192.168.123.124), 30 hops max, 60 byte packets
 1  192.168.123.124  0.391 ms

TCP

Send SYN packet and wait for Time-to-live exceeded. When ! X is returned, it means it communication is blocked.

• Response when communicating with the DEST-IP PORT is allowed

root@master:/home/vagrant# traceroute -n -q 1 -T -p 80 192.168.123.124
traceroute to 192.168.123.124 (192.168.123.124), 30 hops max, 60 byte packets
 1  192.168.123.124  0.340 ms

• Response when port is closed with DEST-IP and we get ! X error response.

root@master:/home/vagrant# traceroute -n -q 1 -T -p 443 192.168.123.124
traceroute to 192.168.123.124 (192.168.123.124), 30 hops max, 60 byte packets
 1  192.168.123.124  0.370 ms! X

UDP

When UDP + port is specified, only 0 bytes of data are sent.