Introduction
Traceroute is a utility that shows the path packets take between your server and a remote server. You can use a traceroute if your server cannot reach a remote site, and the output shows you where the network packets are stopping.
Procedure
Please note the IP addresses listed below are not IP addresses for their respective hosts and are included for demonstration purposes. IP addresses you see while testing will be different.
Run traceroute with the host you're troubleshooting:
[root@server ~]# traceroute example.tld
traceroute to example.org (192.0.2.2), 64 hops max, 52 byte packets
1 192.168.0.1 (192.168.0.1) 2.661 ms 1.558 ms 2.602 ms
2 hostname3.example (1.2.1.50) 5.234 ms 3.985 ms 4.937 ms
3 hostname4.example (1.2.1.60) 5.725 ms 4.344 ms 4.934 ms
4 hostname5.example (1.2.1.90) 53.379 ms 55.082 ms 53.084 ms
5 1.2.5.100 (1.2.5.100) 53.223 ms 51.678 ms 53.534 ms
6 1.2.1.110 (1.2.1.110) 53.753 ms
1.2.1.111 (1.2.1.111) 53.219 ms
1.2.1.112 (1.2.1.112) 53.365 ms
7 1.2.3.125 (1.2.3.125) 53.279 ms
1.2.3.126 (1.2.3.126) 52.564 ms
1.2.3.127 (1.2.3.127) 52.193 ms
8 * * *
9 2.3.4.1 (2.3.4.1) 108.640 ms
2.3.4.3 (2.3.4.3) 106.246 ms *
10 * 2.3.4.5 (2.3.4.5) 85.775 ms *
11 * * *
12 4.5.6.150 (4.5.6.150) 100.801 ms
4.5.6.160 (4.5.6.160) 73.908 ms
4.5.6.7 (4.5.6.7) 77.999 ms
13 * * *
14 * * *
15 * * *
In this example, you need to contact whoever manages the device at 4.5.6.7 to determine why the traffic stops there. By default, traceroute uses ICMP packets. Sometimes, these packets are filtered by network appliances. If you suspect the ICMP traffic is being filtered, you can use the -T flag to enable the TCP protocol and use the --port argument to a known working port on that host to see if your results change:
traceroute -T --port=80 example.tld