Traceroute not working even after the Windows 10 Creator's Update

[isaumya]

• A brief description: The traceroute command is giving * * * for all hops

• Expected results: It should return proper traceroute, like it work on command prompt

• Actual results (with terminal output if applicable):
  traceroute to google.com (216.58.199.142), 30 hops max, 60 byte packets
  1 * * *
  2 * * *
  3 * * *
  4 * * *
  5 * * *
  6 * * *
  7 * * *
  8 * * *
  9 * * *
  10 * * *
  11 * * *
  12 * * *
  13 * * *
  14 * * *
  15 * * *
  16 * * *
  17 * * *
  18 * * *
  19 * * *
  20 * * *
  21 * * *
  22 * * *
  23 * * *
  24 * * *
  25 * * *
  26 * * *
  27 * * *
  28 * * *
  29 * * *
  30 * * *

• Your Windows build number: 1703

• Steps / All commands required to reproduce the error from a brand new installation: Just simply run a traceroute command on any domain

[ghost]

I'm too facing the same problem.

[fpqc]

Pretty sure this was addressed in the first RS3 insider builds.

https://msdn.microsoft.com/en-us/commandline/wsl/release_notes

[isaumya]

@fpqc thanks for giving the link. First of all I am not a insider user as I use windows on my production PC. Besides what I can see is that in that note the build number was 16176, but I'm running the public version of the creator's update which is 1703 and the issue is still here, so I thought I should report it to see if this is a duplicate reporting or Microsoft needs to be aware of this.

[fpqc]

1703 is the release #, its build # is 15063.

[sunilmut]

@isaumya and @somu1795 - Traceroute is still not fixed. We are aware of the issue.

@fpqc - I think the release notes for 16176 are somewhat confusing around traceroute, dig... because they make it sound like all these tools are now working. But, IP_MTU was one of the socket options that these tools were blocked on. But, there are other options left to enable traceroute fully.

[sHAsHiLx]

It's still not working. Saying this:

traceroute to aol.com (64.12.249.135), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

[billweasley]

still not working,
version 1803

[uclnj]

Same. I can't even traceroute from within the Ubuntu shell inside of Winblows 10.

[manilaboy1vic]

just change the protocol in the ip packet header to icmp, seems to work fine:

~$ traceroute -M icmp yahoo.com
traceroute to yahoo.com (98.137.246.8), 64 hops max
1 192.168.1.1 0.408ms 0.313ms 0.303ms
2 47.150.244.1 3.066ms 3.604ms 3.451ms
3 172.102.111.154 8.750ms 8.038ms 8.064ms
4 74.40.3.37 5.426ms 5.754ms 5.603ms
5 74.40.3.198 5.841ms 5.689ms 5.512ms
6 206.72.211.120 5.316ms 5.358ms 5.844ms
7 216.115.104.79 15.203ms 15.555ms 16.110ms
8 216.115.100.91 33.588ms 30.942ms 32.177ms
9 216.115.101.111 36.838ms 36.965ms 36.639ms
10 66.196.67.111 35.490ms 35.474ms 35.009ms
11 67.195.37.95 36.906ms 36.946ms 36.724ms
12 98.137.120.14 36.975ms 57.647ms 48.738ms
13 98.137.246.8 35.240ms 34.788ms 34.372ms

then just create an alias in your .bashrc to:

~$ cat .bashrc | grep traceroute
alias traceroute='traceroute -M icmp'
alias t='traceroute -M icmp'

done deal.

[Memphizzz]

@manilaboy1vic
That doesn't work for me. I get:
You do not have enough privileges to use this traceroute method. socket: Operation not permitted
and with sudo it's:
connect: Operation not supported

Any ideas?

[therealkenc]

Yeah I am not sure where manilaboy is coming from on this one. The $ prompt in that post doesn't suggest Linux root, so traceroute -M icmp wouldn't fly to begin with (without taking special sudoers steps, which are not mentioned, anyway). On 17744 and 18219 with traceroute 2.1.0 (ubuntu 1:2.1.0-2) the same fails on missing surface. This was run with wsl.exe running elevated.

An strace for the pedantry provided below, but "still not working" posts here are not especially constructive. You'll know when it is working because the status of this tracker will change when it does. In the meantime use tracert.exe with interop.

ken@DESKTOP-4UTIQSF:/mnt/c/Windows/System32$ sudo strace -ff traceroute -4 -M icmp google.com
execve("/usr/sbin/traceroute", ["traceroute", "-4", "-M", "icmp", "google.com"], 0x7ffff1af38b8 /* 15 vars */) = 0
brk(NULL)                               = 0x7fffcb519000
[... blah blah]
socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP) = -1 EACCES (Permission denied)
socket(AF_INET, SOCK_RAW, IPPROTO_ICMP) = 3
close(-1)                               = -1 EBADF (Bad file descriptor)
bind(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("0.0.0.0")}, 28) = 0
setsockopt(3, SOL_IP, IP_MTU_DISCOVER, [0], 4) = 0
setsockopt(3, SOL_SOCKET, SO_TIMESTAMP, [1], 4) = 0
setsockopt(3, SOL_IP, IP_RECVTTL, [1], 4) = 0
fcntl(3, F_SETFL, O_RDONLY|O_NONBLOCK)  = 0
connect(3, {sa_family=AF_INET, sin_port=htons(0), sin_addr=inet_addr("216.58.217.46")}, 28) = -1 EOPNOTSUPP (Operation not supported)

[manilaboy1vic]

Try this.

sudo apt-get update
sudo apt install inetutils-traceroute
sudo apt install traceroute

~$ date
Tue Sep 4 12:30:42 DST 2018

:~$ traceroute -M icmp google.com
traceroute to google.com (172.217.5.206), 64 hops max
1 192.168.1.1 0.330ms 0.171ms 0.335ms
2 47.150.244.1 26.188ms 33.891ms 27.873ms
3 172.102.111.156 37.236ms 40.551ms 28.034ms
4 74.40.3.49 38.088ms 26.533ms 37.524ms
5 74.40.3.214 26.601ms 35.464ms 24.785ms
6 74.40.26.254 23.555ms 21.098ms 34.259ms
7 * * *
8 108.170.237.114 20.493ms 20.595ms 21.085ms
9 108.170.247.212 21.831ms 23.923ms 22.717ms
10 108.170.230.123 23.491ms 33.049ms 24.304ms
11 108.170.234.14 24.081ms 35.248ms 22.704ms
12 108.170.247.129 23.455ms 26.143ms 36.993ms
13 66.249.94.217 26.469ms 38.482ms 37.480ms
14 172.217.5.206 28.186ms 39.740ms 25.910ms

$ uname -a
Linux DESKTOP-4.4.0-17134-Microsoft #137-Microsoft Thu Jun 14 18:46:00 PST 2018 x86_64 x86_64 x86_64 GNU/Linux

[therealkenc]

sudo apt-get update
sudo apt install inetutils-traceroute
sudo apt install traceroute

That sequence is going to make a fine mess of /etc/alternatives because you've just installed two competing traceroute implementations. On Ubuntu 18.04, those are /usr/bin/traceroute.db "Modern traceroute for Linux, version 2.1.0" by Dmitry Butskoy and /usr/bin/inetutils-traceroute "traceroute (GNU inetutils) 1.9.4" by Elian Gidoni. The latter appears to be SUID, which explains why no sudo is needed. Neither work here (with different modes of fail for different reasons) when run in an elevated WSL instance, but that does at least explain what you are running.

[uomoukko]

Of course nothing works, traceroute is based on RAW SOCKETS and Windows forbids them "to avoid improper use". Unfortunately there is only one option: Microsoft changes its policy in order to make WSL work and re-enables raw sockets (I don't think so) or we will never have a working traceroute

[therealkenc]

traceroute is based on RAW SOCKETS and Windows forbids them

Hold my beer

[Memphizzz]

@therealkenc Unfortunately that doesn't work for me. I get the following:

memphiz@BOB01:/mnt/c/Windows/System32$ cat /proc/version
Linux version 4.4.0-17134-Microsoft (Microsoft@Microsoft.com) (gcc version 5.4.0 (GCC) ) #137-Microsoft Thu Jun 14 18:46:00 PST 2018
memphiz@BOB01:/mnt/c/Windows/System32$ nmap -sn --traceroute --send-eth microsoft.com

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-12 13:36 DST
Traceroute has to be run as root
QUITTING!
memphiz@BOB01:/mnt/c/Windows/System32$ sudo nmap -sn --traceroute --send-eth microsoft.com
[sudo] password for memphiz:

Starting Nmap 7.60 ( https://nmap.org ) at 2018-09-12 13:36 DST
pcap_open_live(eth0, 50, 1, 25) FAILED. Reported error: socket for SIOCETHTOOL(ETHTOOL_GET_TS_INFO): Socket type not supported.  Will wait 5 seconds then retry.

[therealkenc]

Unfortunately that doesn't work for me

The implication was that it is possible (in the same way that doing a lot of stupid things like jumping off a roof is possible) not that it works. My screencap uses a third party driver not endorsed or recommended by MSFT. Or even endorsed or recommended by myself.

You'll know when traceroute is working because the status of this tracker (and #1349) will change when it does.

[qq279699450]

Would run cmd on Windows with administration and the enter bash in cmd the run traceroute work?

[therealkenc]

Would run cmd on Windows with administration and the enter bash in cmd the run traceroute work?

That is actually a half-good question to which I don't know the answer. There is no concrete explanation as to why manilaboy1vic appears to have found joy (on the the face of the post) but not others, regardless of what traceroute implementation he was using. Similarly, #717 (message) but mtr does not work for me here escalated or otherwise. So I guess the answer to your question is YRMV. Regardless, both issues are still open (which is hardly an oversight) and that pretty much speaks for itself.

[Memphizzz]

Would run cmd on Windows with administration and the enter bash in cmd the run traceroute work?

Nope, just tested it. Just gives you the list of * :)

[ScarFez]

Try running the trace route with source IP option

[therealkenc]

Would run cmd on Windows with administration and the enter bash in cmd the run traceroute work?

Nope, just tested it. Just gives you the list of * :)

For you, and for me. But not for manilaboy1vic and wobblybobz, for whom it works fine. But seriously, whether it works for them or not, straight up: if the traceroute enabling work was complete this issue would be closed. There would be much music and rejoicing. You'd know.

[manilaboy1vic]

You guys realize im changing the proto to icmp right??

if you can ping google.com, which uses icmp, why cant you traceroute using icmp?? nix uses udp by default..

traceroute -M icmp

vic@DESKTOP-SVUEQK6:$ traceroute -M icmp google.com
traceroute to google.com (172.217.14.78), 64 hops max
1 192.168.1.1 0.423ms 0.322ms 0.310ms
2 47.150.244.1 3.709ms 3.065ms 3.355ms
3 172.102.111.152 7.191ms 7.400ms 8.690ms
4 74.40.3.37 5.345ms 5.927ms 5.523ms
5 74.40.3.198 5.793ms 5.491ms 5.265ms
6 74.40.26.254 5.750ms 5.622ms 5.989ms
7 * * *
8 108.170.225.68 8.366ms 8.224ms 7.555ms
9 108.170.247.147 9.303ms 6.715ms 5.939ms
10 108.170.230.131 6.245ms 7.186ms 6.488ms
11 108.170.230.122 11.048ms 7.848ms 5.497ms
12 108.170.247.225 5.951ms 6.487ms 6.244ms
13 209.85.245.229 6.603ms 7.245ms 6.895ms
14 172.217.14.78 5.892ms 5.894ms 5.397ms
vic@DESKTOP-SVUEQK6:$ uname -a
Linux DESKTOP-SVUEQK6 4.4.0-17134-Microsoft #285-Microsoft Thu Aug 30 17:31:00 PST 2018 x86_64 x86_64 x86_64 GNU/Linux
vic@DESKTOP-SVUEQK6:$ whoami
vic
vic@DESKTOP-SVUEQK6:$

[manilaboy1vic]

wow that is strange.

do this cmd pls:

dpkg -l | grep trace

you have the same as me?

I dont even have to sudo to run my traceroute.

vic@DESKTOP-SVUEQK6:$ dpkg -l | grep trace
ii inetutils-traceroute 2:1.9.4-3 amd64 trace the IPv4 route to another host
ii iputils-tracepath 3:20161105-1ubuntu2 amd64 Tools to trace the network path to a remote host
ii ltrace 0.7.3-6ubuntu1 amd64 Tracks runtime library calls in dynamically linked programs
ii mtr-tiny 0.92-1 amd64 Full screen ncurses traceroute tool
ii strace 4.21-1ubuntu1 amd64 System call tracer
ii traceroute 1:2.1.0-2 amd64 Traces the route taken by packets over an IPv4/IPv6 network
vic@DESKTOP-SVUEQK6:$

[sHAsHiLx]

was

shashilx@shashilx-omen:~~$ dpkg -l | grep trace
ii iputils-tracepath 3:20161105-1ubuntu2 amd64 Tools to trace the network path to a remote host
ii libbabeltrace1:amd64 1.5.5-1 amd64 Babeltrace conversion libraries
ii ltrace 0.7.3-6ubuntu1 amd64 Tracks runtime library calls in dynamically linked programs
ii mtr-tiny 0.92-1 amd64 Full screen ncurses traceroute tool
ii strace 4.21-1ubuntu1 amd64 System call tracer
ii traceroute 1:2.1.0-2 amd64 Traces the route taken by packets over an IPv4/IPv6 network

installed inetutils-traceroute and tried

root@shashilx-omen:~~# inetutils-traceroute -M icmp aol.com
traceroute to aol.com (106.10.218.150), 64 hops max
1 * * *
2 * * *
3 * * *
4 * * *
^C
root@shashilx-omen:~#

no changes

[manilaboy1vic]

i am at a loss..

Im glad its working for me but thats so wierd...

full path maybe??

-I, --icmp use ICMP ECHO as probe

vic@DESKTOP-SVUEQK6:$ /usr/bin/traceroute -I yahoo.com
traceroute to yahoo.com (72.30.35.10), 64 hops max
1 192.168.1.1 0.404ms 0.355ms 0.308ms
2 47.150.244.1 3.410ms 3.341ms 3.714ms
3 172.102.111.158 5.406ms 8.085ms 7.201ms
4 74.40.3.49 6.098ms 6.524ms 6.503ms
5 74.40.3.214 6.018ms 6.630ms 5.537ms
6 206.72.211.120 6.457ms 6.380ms 5.535ms
7 216.115.104.79 14.085ms 14.504ms 14.143ms
8 216.115.96.115 39.606ms 39.446ms 39.494ms
9 216.115.96.54 58.848ms 60.140ms 58.918ms
10 216.115.97.204 72.893ms 73.501ms 74.769ms
11 216.115.101.31 74.715ms 75.296ms 74.109ms
12 74.6.227.141 74.146ms 74.162ms 89.967ms
13 74.6.122.33 74.302ms 73.791ms 73.761ms
14 98.139.128.71 73.964ms 75.061ms 74.090ms
15 72.30.35.10 74.617ms 75.139ms 73.469ms
vic@DESKTOP-SVUEQK6:$

[sHAsHiLx]

shashilx@shashilx-omen:$ /usr/bin/traceroute -I yahoo.com
You do not have enough privileges to use this traceroute method.
socket: Operation not permitted
shashilx@shashilx-omen:$ su -
Password:
root@shashilx-omen:~# /usr/bin/traceroute -I yahoo.com

connect: Operation not supported

no changes

[bkedryna]

regular traceroute doesn't work but inetutils-traceroute does for me:
inetutils-traceroute -M icmp microsoft.com

[casperklein]

Doesn't work for me:

inetutils-traceroute -M icmp www.microsoft.com
traceroute to e13678.dspb.akamaiedge.net (23.42.148.221), 64 hops max
  1   *  *  *
  2   *  *  *
  3   *  *  *
  4   *  *  *
  5   *  *  *
  6   *  *  *
  7   *  *  *
  8   23.42.148.221  23.349ms  22.878ms  23.195ms

Same result for other hosts as well.

[mrsnax]

same here traceroute not working :(

[hendyghsta]

still traceroute not working :'(

[Bruce-YC]

traceroute still not working for 1809... worked for real Ubuntu Distro in same network

[sHAsHiLx]

yes it's still not work because it's kernel related and not hardware related. once microsoft do something with low level stuff - then it will work.

[Tey]

Using a network sniffer, we can see the UDP datagrams that traceroute builds are sent correctly to the network interface, and the related ICMP errors (Time-to-live exceeded) are received correctly too. I guess they are not forwarded to traceroute.

Behavior is the same when using ICMP mode. The ping command does work, but it fails silently when using a low TTL value (instead of showing a "Time to live exceeded" error message). This clearly indicates the ICMP errors are not forwarded to applications.

Maybe the solution is to wait for WSL2 and its real Linux kernel...

[natv]

wasn't the latest update supposed to support raw sockets? Is this a bug or feature.

[JCMais]

is this going to work on WSL2?

[Po-wei]

@Tey @manilaboy1vic
Actually, If you turn off windows firewall and do inetutils-traceroute -M icmp www.google.com
Then it works
WSL1 win ver[10.0.18363.592]

[consal]

Do you know if there's a way to make it work without disabling the firewall?

[atsaloli]

traceroute still not working for 1909... tracert.exe works in a command/powershell window, but traceroute does not work in Ubuntu under WSL

[chris-gela]

Do you know if there's a way to make it work without disabling the firewall?

yip, trying to add different firewall rules.. not getting it right .. :(

[Po-wei]

@consal @atsaloli @chris-gela
After my careful investigation, the root cause is Windows disable ICMP to pass through.
Windows machine normally won't rely ping, for example.
https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/
Using this post and let All ICMP type pass through.
inetutils-traceroute -M icmp www.google.com
And it Works

[chris-gela]

@consal @atsaloli @chris-gela
After my careful investigation, the root cause is Windows disable ICMP to pass through.
Windows machine normally won't rely ping, for example.
https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/
Using this post and let All ICMP type pass through.
inetutils-traceroute -M icmp www.google.com
And it Works

awesome, thanks for the investigation!

[chris-gela]

@Po-wei Hi, not sure if I'm doing something wrong - but can't get it to work;
firewall rule:

still getting stars

[therealkenc]

Addressed in WSL2.

WSL1 is okay too so long as you let ICMP through your firewall:

Non-ICMP flavours of traceroute that open AF_PACKET + SOCK_RAW (aka #1349) (contrast IPPROTO_ICMP aka ping) aren't going to fly on WSL1.

One can also use tracert.exe with interop on WSL1 in a pinch.

[Po-wei]

@chris-gela
Do you follow the steps in https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/ ?

Note that this step should click all type

[chris-gela]

@chris-gela
Do you follow the steps in https://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/ ?

Note that this step should click all type

Thanks @Po-wei, I was too lazy to try the manual firewall rule. I've anyhow updated to WSL2... so all good :)

[MrFishFinger]

to expand on the suggestions of others here, i did the following to get this working in WSL1:

windows cli/powershell session

netsh advfirewall firewall add rule name= "All ICMP V4" protocol=icmpv4:any,any dir=in action=allow

---

WSL ubuntu session

$ sudo apt install -y inetutils-traceroute

$ inetutils-traceroute -I 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 64 hops max
  1   192.168.1.1  0.258ms  0.189ms  0.195ms  
  2   10.x.x.x  1.398ms  0.789ms  0.845ms 
  3   60.x.x.x  5.999ms  6.747ms  6.123ms 
  4   202.x.x.x  13.650ms  7.813ms  7.741ms 
  5   203.x.x.x  6.215ms  5.781ms  5.972ms 
  6   203.x.x.x  6.076ms  5.797ms  5.874ms 
  7   110.x.x.x  6.538ms  6.878ms  6.780ms 
  8   203.x.x.x  6.638ms  6.930ms  6.792ms 
  9   203.x.x.x  7.235ms  7.233ms  7.560ms 
 10   1.1.1.1  5.801ms  5.874ms  5.920ms