MTR Testing Connections… for Fun and Profit?
A Word about ICMP
Keep in mind that doing ICMP traceroutes might show packet loss because ICMP is either turned off or very low priority depending on the carrier, load, and other factors. So while ICMP can give you an idea of where to look it isn't going to give you the whole story.
The first command does ICMP, the second does TCP, the third does UDP.
If you need to test a port number add
-P with the port number. If you need to make a report to send to someone you can add the
-rw flags on to the command. This will make something that you can copy & paste
This does the following:
- Creates a wide report (rw)
- No DNS lookup & show IPs (nb)
- Shows Full ASN if possible (-z 2)
- Traces to port 443 (-P 443)
- Uses TCP (-T)
This will give you good results that you can use to report to carriers if you're having packet loss problems. It's shows the important bits like ASN & IP addresses. That way they can get their BGP and other data to make sure things are looking correct.
If you're testing and do not need the ASN you can drop the
Another helpful flag when generating data is the
-c. Using that will set the count aka time. So if you do
-c 120 that will test for 2 minutes.
Use openssl to test your endpoint for life!
You can test any other port too, eg http, ssh, smtp, mysql, etc. If there's life it will give you something to work with. If you do test a TLS connection with it you will back all the cert data. However this is what it looks like on an active non-tls port
❯ openssl s_client -connect duckduckgo.com:80 CONNECTED(00000005) 8188707136:error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version:/AppleInternal/Library/BuildRoots/9e200cfa-7d96-11ed-886f-a23c4f261b56/Library/Caches/com.apple.xbs/Sources/libressl/libressl-3.3/ssl/tls13_lib.c:151: --no peer certificate available --No client certificate CA names sent --SSL handshake has read 5 bytes and written 294 bytes --New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.3 Cipher : 0000 Session-ID: Session-ID-ctx: Master-Key: Start Time: 1679671320 Timeout : 7200 (sec) Verify return code: 0 (ok) ---