1. Overview
In this tutorial, we’ll take a look at the mtr command in Linux. The name is a shorthand for My Traceroute, also known as Matt’s Traceroute.
mtr is a networking tool that combines ping and traceroute to diagnose a network. Instead of using both tools separately, we could use only mtr. The purpose of mtr is to analyze the network traffic hop-to-hop using ICMP packets.
2. Installing mtr
Conveniently, mtr is available in most Linux distros.
To install mtr on a Debian-based Linux (such as Ubuntu), we use apt-get:
$ apt-get install -y mtr
On RHEL-based Linux (such as Fedora), we should use yum:
$ yum install -y mtr
Let’s check our installation by confirming its version:
$ mtr -v
mtr 0.94
Here, we’re running version 0.94.
3. General Usage
Let’s start with a simple example by executing the mtr command for the baeldung.com domain:
$ mtr -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-08T01:41:48+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. _gateway 0.0% 21 4.8 4.7 3.3 12.0 1.9
2. 11.68.93.1 0.0% 21 12.9 14.5 11.9 22.2 2.7
3. bex-0005-pele.fast.net.id 0.0% 21 19.4 17.6 14.3 27.3 3.5
4. bex-0005-pele.fast.net.id 0.0% 21 21.9 18.2 13.6 33.7 5.0
5. fm-dyn-www-73-22-333.fast.net.id 0.0% 21 16.9 19.1 15.6 35.4 4.9
6. fm-dyn-www-136-22-333.fast.net.i 0.0% 20 24.1 20.5 16.0 41.9 5.8
7. 172.66.40.248 0.0% 20 16.2 17.4 14.6 22.8 2.3
The -t option indicates we want to see the output in the curses-based terminal. If we hadn’t used this option, we’d receive output in GUI mode, if possible. The numbers change depending on the network activity. To quit this curses-based terminal, we could press q (quit).
There are seven nodes in the output above. The last one has the IP address of the Baeldung server, 172.66.40.248, while the first one is the router. In this case, the lines containing fast.net.id, are ISP nodes.
4. Connectivity Problems
We could experiment with a problematic connection to get some intuition for mtr. Let’s add the line below to /etc/hosts:
0.0.0.0 baeldung.com
This is to make baeldung.com not accessible from our computer.
Let’s run mtr, same as before:
$ mtr -t baeldung.com
My traceroute [v0.94]
myhome (127.0.0.1) 2022-06-09T03:03:11+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. (waiting for reply)
This time, we got a different result: waiting for reply. This means we’re not getting anything back.
Next, we can try turning off our Internet connection and run the same command again. This time, the result is also different:
mtr: Failed to resolve host: baeldung.com: Name or service not known
We can guess where the problems lie based on the different results.
5. Output Columns
To utilize mtr fully, it’s best to understand its output, which can be quite verbose. The values are spread into many columns, but they are not fixed. Let’s take our earlier output as an example:
$ mtr -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-08T01:41:48+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. _gateway 0.0% 21 4.8 4.7 3.3 12.0 1.9
2. 11.68.93.1 0.0% 21 12.9 14.5 11.9 22.2 2.7
3. bex-0005-pele.fast.net.id 0.0% 21 19.4 17.6 14.3 27.3 3.5
4. bex-0005-pele.fast.net.id 0.0% 21 21.9 18.2 13.6 33.7 5.0
5. fm-dyn-www-73-22-333.fast.net.id 0.0% 21 16.9 19.1 15.6 35.4 4.9
6. fm-dyn-www-136-22-333.fast.net.i 0.0% 20 24.1 20.5 16.0 41.9 5.8
7. 172.66.40.248 0.0% 20 16.2 17.4 14.6 22.8 2.3
In fact, we can modify the columns in the output.
5.1. Meaning of Each Column
By default, mtr provides values for each node as a row of seven columns, from Loss% to StDev. Let’s look at the meaning of these columns, starting from Loss%.
In normal conditions, our connection to baeldung.com is fast and smooth. No packet loss, as we can see from the zero percent in every line of the Loss% column. However, if we experience network or Internet problems, some packets might be lost.
The next column is Snt meaning Sent. This number increases with each sent packet. It represents the total amount of packets sent by mtr.
The other columns, Last, Avg, Best, Wrst, and StDev, represent the statistics of Round-Trip Time (RTT) of the sent packets. For instance, we might have the following scenario:
- send a packet to the first node
- the first node replies in 2ms
- send a packet to the first node again
- the first node replies in 4ms
In this instance, Last would be 4. On the other hand, the Best value would be 2 – the fastest time. The value for Wrst would be 4, representing the slowest time. Finally, based on other values, the average Avg would be 3, and the StDev standard deviation would be 1.
5.2. Changing the Displayed Columns
Suppose we are only interested in the Snt and Avg columns. We could launch mtr with the -o option:
$ mtr -o 'SA' -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-10T02:41:12+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets
Pings Snt Avg
1. _gateway 8 3.9
2. 11.68.93.1 8 14.9
3. bel-cgom-pend.fast.net.id 8 15.9
4. bel-cgom-pend.fast.net.id 8 16.6
5. lynx-static-333-56-777-888.lynx.net.id 7 29.4
6. lynx-static-333-56-777-888.lynx.net.id 7 30.9
7. 13335.sgw.equinix.com 7 31.8
8. 162.158.160.15 7 32.2
9. 172.66.43.8 7 29.7
We got only two columns displayed. The -o option indicates the order of the columns. SA stands for Snt and Avg. Further, we can switch the letter sequence to the -o option, so the output columns and their order are different:
- L for Loss Ratio
- D for Dropped Packets
- R for Received Packets
- S for Sent Packets
- N for Newest RTT(ms)
- B for Best RTT(ms)
- A for Average RTT(ms)
- W for Worst RTT(ms)
- V for Standard Deviation
- G for Geometric Mean
- J for Current Jitter
- M for Jitter Mean/Average
- X for Worst Jitter
- I for Interarrival Jitter
For example, Jitter is a variance in packet delays. It’s an important measure in streaming video transactions but less so in text-based communications.
6. Additional Options
There are some other useful options for mtr.
6.1. Interval
We could slow down the packets we sent with the -i option:
$ mtr -i 10 -t baeldung.com
The omitted output is the same as if we don’t use the -i option. The only difference is the slower increase of the value in the Snt column. The default value of -i is 1, so this command is 10 times slower, meaning the interval between sent packets is 10 times longer.
The option is useful when we don’t want to swamp the network with our packets.
6.2. Maximum TTL
We might want to check the first three hops or nodes instead of all along the path. To do this, we can use the -m option to limit the nodes that we want to investigate:
$ mtr -m 3 -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-16T01:07:58+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. _gateway 0.0% 4 6.7 5.0 4.3 6.7 1.2
2. 11.68.93.1 0.0% 4 13.2 14.1 13.2 15.3 0.9
3. bel-cgom-pend.fast.net.id 0.0% 4 17.9 17.2 15.1 19.1 1.7
The output is the same as the one with what we’ve seen, except only the first 3 hops are used because of the argument to -m.
We might want to do this to limit the investigation to certain parts of the network.
6.3. First TTL
Most of the time, the first hops are our own routers and gateways, but we might not need this information. Instead, we might want to gather information from external nodes. We can filter out the first two hops using the -f option:
$ mtr -f 3 -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-16T01:33:03+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
3. bel-cgom-pend.fast.net.id 0.0% 13 82.7 31.4 14.3 90.4 26.5
4. bel-cgom-pend.fast.net.id 0.0% 13 98.0 29.8 14.4 98.0 25.9
5. fm-dyn-333-22-92-876.fast. 0.0% 13 49.4 39.1 15.1 205.3 51.6
6. fm-dyn-333-456-62-876.fast 0.0% 12 94.6 29.1 14.7 94.6 24.4
7. 172.66.40.248 0.0% 12 25.3 32.4 15.1 97.7 27.9
The argument to the -f option, 3, means we want to start collecting information from the third node in our network.
This option is useful if we want to limit our investigation to external nodes.
6.4. TCP and UDP
By default, mtr sends ICMP ECHO packets, but we can also use other packets.
For example, if we wanted to use UDP datagrams, we could use the -u option:
$ mtr -u -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-16T02:03:50+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. _gateway 0.0% 76 4.7 7.1 1.8 66.3 8.7
2. 11.68.93.1 1.3% 76 19.5 17.7 11.4 112.0 12.1
3. bel-cgom-pend.fast.net.id 0.0% 76 15.8 27.5 14.5 281.2 41.8
4. bel-cgom-pend.fast.net.id 0.0% 75 16.7 25.1 12.9 205.9 32.8
5. fm-dyn-333-456-62-181.fast 77.0% 75 19.9 26.0 15.2 69.6 15.6
fm-dyn-333-456-62-181.fast.net.id
6. 172.66.43.8 77.0% 75 13.8 23.6 13.6 81.1 18.6
The lost packet percentage is high at 77% because the end server is not a UDP server. So our UDP datagrams are being ignored or rejected.
On the other hand, if we wanted to send TCP SYN packets, we could use the -T option:
$ mtr -T -t baeldung.com
My traceroute [v0.94]
myhome (192.168.0.7) 2022-06-16T02:07:53+0700
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. _gateway 0.0% 130 6.6 12.8 3.8 304.2 36.4
2. 11.68.93.1 0.0% 130 17.3 23.2 12.8 293.7 33.6
3. bel-cgom-pend.fast.net.id 0.0% 130 23.4 32.1 15.0 1043. 93.5
4. bel-cgom-pend.fast.net.id 0.0% 130 19.0 34.4 14.9 1035. 96.7
5. fm-dyn-333-456-62-181.fast.net.id 0.0% 130 22.6 40.0 14.5 1218. 138.3
6. fm-dyn-333-456-62-181.fast.net.id 0.0% 129 19.9 32.5 15.2 1048. 96.5
7. fm-dyn-222-72-16-112.fast.net.id 0.0% 129 20.5 26.0 15.5 299.0 34.3
8. fm-dyn-228-122-14-192.fast.net.id 0.0% 129 20.8 31.8 17.2 373.8 48.8
9. 172.66.40.248 0.0% 129 21.5 28.7 16.3 283.7 37.5
Here, we scanned the path via TCP SYNC packets.
This option is useful if our ICMP packets are being blocked in the network.
6.5. Report Mode
Instead of looking at the screen all the time, we can let mtr do the job for a while and read the result later with the -r option:
$ mtr -r baeldung.com
We wait for a while. Then we would get an output like this:
Start: 2022-06-16T03:04:54+0700
HOST: myhome Loss% Snt Last Avg Best Wrst StDev
1.|-- _gateway 0.0% 10 5.6 5.1 3.5 9.6 1.8
2.|-- 11.68.93.1 0.0% 10 13.8 13.6 11.3 14.8 1.1
3.|-- bel-cgom-pend.fast.net.id 0.0% 10 16.6 18.1 14.9 32.6 5.2
4.|-- bel-cgom-pend.fast.net.id 0.0% 10 15.5 17.2 14.7 23.8 2.8
5.|-- fm-dyn-222-11-92-133.fast 0.0% 10 15.6 17.2 15.1 23.1 2.6
6.|-- fm-dyn-122-122-62-133.fas 0.0% 10 18.6 18.9 15.7 27.7 3.5
7.|-- 172.66.40.248 0.0% 10 16.5 16.8 14.3 25.0 3.1
The mtr tool sent 10 packets in the background and printed the result for us.
Of course, we could do the same with the default option and wait until mtr sends 10 packets. However, the report mode is useful if we want to execute mtr autonomously in the background. We could also redirect the output to a file for analysis later.
6.6. Cycle
By default, mtr sends 10 packets in the report mode, but we could change the packets we send with the -c option:
$ mtr -r -c 15 baeldung.com
Start: 2022-06-16T03:24:29+0700
HOST: myhome Loss% Snt Last Avg Best Wrst StDev
1.|-- _gateway 0.0% 15 9.8 8.0 1.9 56.7 13.6
2.|-- 11.68.93.1 0.0% 15 14.0 20.5 12.2 74.6 16.8
3.|-- bel-cgom-pend.fast.net.id 0.0% 15 14.7 21.8 12.5 73.5 14.8
4.|-- bel-cgom-pend.fast.net.id 0.0% 15 17.6 40.3 14.3 263.3 67.3
5.|-- fm-dyn-222-11-92-133.fast 0.0% 15 15.8 30.9 12.9 187.6 44.1
6.|-- fm-dyn-122-122-62-133.fas 0.0% 15 24.7 24.8 13.5 126.0 28.2
7.|-- 172.66.40.248 0.0% 15 15.3 22.3 13.5 103.4 22.5
We would get the same output, except the packets sent count is 15.
This is useful if we want to use a certain number of packets so we can be sure in our hypothesis on network issues.
7. Conclusion
In this article, we introduced the mtr command to diagnose a network. First, we started mtr using the default mode and learned about the meaning of each column in the output of mtr.
Then we changed the columns in the output. Later, we slowed down the packet stream to the network. On top of that, we filtered some of the hops and switched protocols.
Finally, we used mtr in the report mode.