trippy

Continuous integration Crate Packaging status project chat #trippy-dev:matrix.org

Trippy

Trippy combines the functionality of traceroute and ping and is designed to assist with the analysis of networking issues.

trippy

Features

Versions

The following table lists ths versions of Trippy that are available and links to the corresponding release note and documentation:

Version Release Date Status Release Note Documentation
0.13.0 n/a Development n/a docs
0.12.0 2024-12-04 Current note docs
0.11.0 2024-08-11 Previous note docs
0.10.0 2024-03-31 Previous note docs
0.9.0 2023-11-30 Deprecated note docs
0.8.0 2023-05-15 Deprecated note docs
0.7.0 2023-03-25 Deprecated note docs
0.6.0 2022-08-19 Deprecated note docs

[!NOTE] Only the latest patch versions of both the current and previous releases of Trippy are supported.

Distributions

Packaging status

Cargo

Crates.io

cargo install trippy --locked

APT (Debian)

Debian 13 package

apt install trippy

[!NOTE] Only available for Debian 13 (trixie) and later.

PPA (Ubuntu)

Ubuntu PPA

add-apt-repository ppa:fujiapple/trippy
apt update && apt install trippy

[!NOTE] Only available for Ubuntu 24.04 (Noble) and 22.04 (Jammy).

Snap (Linux)

trippy

snap install trippy

Homebrew (macOS)

Homebrew package

brew install trippy

WinGet (Windows)

winget package

winget install trippy

Scoop (Windows)

Scoop package

scoop install trippy

Chocolatey (Windows)

Chocolatey package

choco install trippy

NetBSD

pkgsrc current package

pkgin install trippy

FreeBSD

FreeBSD port

pkg install trippy

OpenBSD

OpenBSD port

pkg_add trippy

Arch Linux

Arch package

pacman -S trippy

Gentoo Linux

Gentoo package

emerge -av net-analyzer/trippy

Nix

nixpkgs unstable package

nix-env -iA trippy

Docker

Docker Image Version (latest by date)

docker run -it fujiapple/trippy

Binary Asset Download

OS Arch Env Current (0.12.0) Previous (0.11.0) Previous (0.10.0)
Linux x86_64 gnu 0.12.0 0.11.0 0.10.0
Linux x86_64 musl 0.12.0 0.11.0 0.10.0
Linux aarch64 gnu 0.12.0 0.11.0 0.10.0
Linux aarch64 musl 0.12.0 0.11.0 0.10.0
Linux arm7 gnueabihf 0.12.0 0.11.0 0.10.0
Linux arm7 musleabi 0.12.0 0.11.0 0.10.0
Linux arm7 musleabihf 0.12.0 0.11.0 0.10.0
macOS x86_64 darwin 0.12.0 0.11.0 0.10.0
macOS aarch64 darwin 0.12.0 0.11.0 0.10.0
Windows x86_64 msvc 0.12.0 0.11.0 0.10.0
Windows x86_64 gnu 0.12.0 0.11.0 0.10.0
Windows aarch64 msvc 0.12.0 0.11.0 0.10.0
FreeBSD x86_64 n/a 0.12.0 0.11.0 0.10.0
NetBSD x86_64 n/a 0.12.0 0.11.0 0.10.0
RPM x86_64 gnu 0.12.0 0.11.0 0.10.0
Debian x86_64 gnu 0.12.0 0.11.0 0.10.0
Debian x86_64 musl 0.12.0 0.11.0 0.10.0

Crates

The following table lists the crates that are provided by Trippy. See crates for more information.

Crate Description
trippy A binary crate for the Trippy application and a library crate
trippy-core A library crate providing the core Trippy tracing functionality
trippy-packet A library crate which provides packet wire formats and packet parsing functionality
trippy-dns A library crate for performing forward and reverse lazy DNS resolution
trippy-privilege A library crate for discovering platform privileges
trippy-tui A library crate for the Trippy terminal user interface

Privileges

Trippy normally requires elevated privileges due to the use of raw sockets. Enabling the required privileges for your platform can be achieved in several ways, as outlined below. Trippy can also be used without elevated privileged on certain platforms, with some limitations.

Unix

1: Run as root user via sudo:

sudo trip example.com

2: chown trip as the root user and set the setuid bit:

sudo chown root $(which trip) && sudo chmod +s $(which trip)

3: [Linux only] Set the CAP_NET_RAW capability:

sudo setcap CAP_NET_RAW+p $(which trip)

[!NOTE]
Trippy is a capability aware application and will add CAP_NET_RAW to the effective set if it is present in the allowed set. Trippy will drop all capabilities after creating the raw sockets.

Windows

Trippy must be run with Administrator privileges on Windows.

Unprivileged mode

Trippy allows running in an unprivileged mode for all tracing modes (ICMP, UDP and TCP) on platforms which support that feature.

[!NOTE] Unprivileged mode is currently only supported on macOS. Linux support is possible and may be added in the future. Unprivileged mode is not supported on NetBSD, FreeBSD or Windows as these platforms do not support the IPPROTO_ICMP socket type. See #101 for further information.

The unprivileged mode can be enabled by adding the --unprivileged (-u) command line flag or by adding the unprivileged entry in the trippy section of the configuration file:

[trippy]
unprivileged = true

[!NOTE] The paris and dublin ECMP strategies are not supported in unprivileged mode as these require manipulating the UDP and IP and headers which in turn requires the use of a raw socket.

Usage Examples

Basic usage with default parameters:

trip example.com

Trace without requiring elevated privileges (supported platforms only, see privileges):

trip example.com --unprivileged

Trace using the udp (or tcp or icmp) protocol (also aliases --icmp, --udp & --tcp):

trip example.com -p udp

Trace to multiple targets simultaneously (icmp protocol only, see #72):

trip example.com google.com crates.io

Trace with a minimum round time of 250ms and a grace period of 50ms:

trip example.com -i 250ms -g 50ms

Trace with a custom first and maximum time-to-live:

trip example.com --first-ttl 2 --max-ttl 10

Use custom destination port 443 for tcp tracing:

trip example.com -p tcp -P 443

Use custom source port 5000 for udp tracing:

trip example.com -p udp -S 5000

Use the dublin (or paris) ECMP routing strategy for udp with fixed source and destination ports:

trip example.com -p udp -R dublin -S 5000 -P 3500

Trace with a custom source address:

trip example.com -p tcp -A 127.0.0.1

Trace with a source address determined by the IPv4 address for interface en0:

trip example.com -p tcp -I en0

Trace using IPv6:

trip example.com -6

Trace using ipv4-then-ipv6 fallback (or ipv6-then-ipv4 or ipv4 or ipv6):

trip example.com --addr-family ipv4-then-ipv6

Generate a json (or csv, pretty, markdown) tracing report with 5 rounds of data:

trip example.com -m json -C 5

Generate a Graphviz DOT file report of all tracing flows for a TCP trace after 5 rounds:

trip example.com --tcp -m dot -C 5

Generate a textual report of all tracing flows for a UDP trace after 5 rounds:

trip example.com --udp -m flows -C 5

Perform DNS queries using the google DNS resolver (or cloudflare, system, resolv):

trip example.com -r google

Lookup AS information for all discovered IP addresses (not yet available for the system resolver, see #66):

trip example.com -r google -z

Set the reverse DNS lookup cache time-to-live to be 60 seconds:

trip example.com --dns-ttl 60sec

Lookup and display short (or long or location or off) GeoIp information from a mmdb file:

trip example.com --geoip-mmdb-file GeoLite2-City.mmdb --tui-geoip-mode short

Parse icmp extensions:

trip example.com -e

Hide the IP address, hostname and GeoIp for the first two hops:

trip example.com --tui-privacy-max-ttl 2

Customize Tui columns (see Column Reference):

trip example.com --tui-custom-columns holsravbwdt

Customize the color theme:

trip example.com --tui-theme-colors bg-color=blue,text-color=ffff00

List all Tui items that can have a custom color theme:

trip --print-tui-theme-items

Customize the key bindings:

trip example.com --tui-key-bindings previous-hop=k,next-hop=j,quit=shift-q

List all Tui commands that can have a custom key binding:

trip --print-tui-binding-commands

Specify the location of the Trippy config file:

trip example.com --config-file /path/to/trippy.toml

Generate a template configuration file:

trip --print-config-template > trippy.toml

Generate bash shell completions (or fish, powershell, zsh, elvish):

trip --generate bash

Generate ROFF man page:

trip --generate-man

Use the de Tui locale:

trip example.com --tui-locale de

List supported Tui locales:

trip --print-locales

Run in silent tracing mode and output compact trace logging with full span events:

trip example.com -m silent -v --log-format compact --log-span-events full

Command Reference

[!NOTE] Trippy command line arguments may be given in any order and my occur both before and after the targets.

A network diagnostic tool

Usage: trip [OPTIONS] [TARGETS]...

Arguments:
  [TARGETS]...
          A space delimited list of hostnames and IPs to trace

Options:
  -c, --config-file <CONFIG_FILE>
          Config file

  -m, --mode <MODE>
          Output mode [default: tui]

          Possible values:
          - tui:      Display interactive TUI
          - stream:   Display a continuous stream of tracing data
          - pretty:   Generate a pretty text table report for N cycles
          - markdown: Generate a Markdown text table report for N cycles
          - csv:      Generate a CSV report for N cycles
          - json:     Generate a JSON report for N cycles
          - dot:      Generate a Graphviz DOT file for N cycles
          - flows:    Display all flows for N cycles
          - silent:   Do not generate any tracing output for N cycles

  -u, --unprivileged
          Trace without requiring elevated privileges on supported platforms
          [default: false]

  -p, --protocol <PROTOCOL>
          Tracing protocol [default: icmp]

          Possible values:
          - icmp: Internet Control Message Protocol
          - udp:  User Datagram Protocol
          - tcp:  Transmission Control Protocol

      --udp
          Trace using the UDP protocol

      --tcp
          Trace using the TCP protocol

      --icmp
          Trace using the ICMP protocol

  -F, --addr-family <ADDR_FAMILY>
          The address family [default: Ipv4thenIpv6]

          Possible values:
          - ipv4:           Ipv4 only
          - ipv6:           Ipv6 only
          - ipv6-then-ipv4: Ipv6 with a fallback to Ipv4
          - ipv4-then-ipv6: Ipv4 with a fallback to Ipv6

  -4, --ipv4
          Use IPv4 only

  -6, --ipv6
          Use IPv6 only

  -P, --target-port <TARGET_PORT>
          The target port (TCP & UDP only) [default: 80]

  -S, --source-port <SOURCE_PORT>
          The source port (TCP & UDP only) [default: auto]

  -A, --source-address <SOURCE_ADDRESS>
          The source IP address [default: auto]

  -I, --interface <INTERFACE>
          The network interface [default: auto]

  -i, --min-round-duration <MIN_ROUND_DURATION>
          The minimum duration of every round [default: 1s]

  -T, --max-round-duration <MAX_ROUND_DURATION>
          The maximum duration of every round [default: 1s]

  -g, --grace-duration <GRACE_DURATION>
          The period of time to wait for additional ICMP responses after the
          target has responded [default: 100ms]

      --initial-sequence <INITIAL_SEQUENCE>
          The initial sequence number [default: 33434]

  -R, --multipath-strategy <MULTIPATH_STRATEGY>
          The Equal-cost Multi-Path routing strategy (UDP only) [default:
          classic]

          Possible values:
          - classic:
            The src or dest port is used to store the sequence number
          - paris:
            The UDP `checksum` field is used to store the sequence number
          - dublin:
            The IP `identifier` field is used to store the sequence number

  -U, --max-inflight <MAX_INFLIGHT>
          The maximum number of in-flight ICMP echo requests [default: 24]

  -f, --first-ttl <FIRST_TTL>
          The TTL to start from [default: 1]

  -t, --max-ttl <MAX_TTL>
          The maximum number of TTL hops [default: 64]

      --packet-size <PACKET_SIZE>
          The size of IP packet to send (IP header + ICMP header + payload)
          [default: 84]

      --payload-pattern <PAYLOAD_PATTERN>
          The repeating pattern in the payload of the ICMP packet [default: 0]

  -Q, --tos <TOS>
          The TOS (i.e. DSCP+ECN) IP header value (TCP and UDP only) [default: 0]

  -e, --icmp-extensions
          Parse ICMP extensions

      --read-timeout <READ_TIMEOUT>
          The socket read timeout [default: 10ms]

  -r, --dns-resolve-method <DNS_RESOLVE_METHOD>
          How to perform DNS queries [default: system]

          Possible values:
          - system:     Resolve using the OS resolver
          - resolv:     Resolve using the `/etc/resolv.conf` DNS configuration
          - google:     Resolve using the Google `8.8.8.8` DNS service
          - cloudflare: Resolve using the Cloudflare `1.1.1.1` DNS service

  -y, --dns-resolve-all
          Trace to all IPs resolved from DNS lookup [default: false]

      --dns-timeout <DNS_TIMEOUT>
          The maximum time to wait to perform DNS queries [default: 5s]

      --dns-ttl <DNS_TTL>
          The time-to-live (TTL) of DNS entries [default: 300s]

  -z, --dns-lookup-as-info
          Lookup autonomous system (AS) information during DNS queries [default:
          false]

  -s, --max-samples <MAX_SAMPLES>
          The maximum number of samples to record per hop [default: 256]

      --max-flows <MAX_FLOWS>
          The maximum number of flows to record [default: 64]

  -a, --tui-address-mode <TUI_ADDRESS_MODE>
          How to render addresses [default: host]

          Possible values:
          - ip:   Show IP address only
          - host: Show reverse-lookup DNS hostname only
          - both: Show both IP address and reverse-lookup DNS hostname

      --tui-as-mode <TUI_AS_MODE>
          How to render autonomous system (AS) information [default: asn]

          Possible values:
          - asn:          Show the ASN
          - prefix:       Display the AS prefix
          - country-code: Display the country code
          - registry:     Display the registry name
          - allocated:    Display the allocated date
          - name:         Display the AS name

      --tui-custom-columns <TUI_CUSTOM_COLUMNS>
          Custom columns to be displayed in the TUI hops table [default:
          holsravbwdt]

      --tui-icmp-extension-mode <TUI_ICMP_EXTENSION_MODE>
          How to render ICMP extensions [default: off]

          Possible values:
          - off:  Do not show `icmp` extensions
          - mpls: Show MPLS label(s) only
          - full: Show full `icmp` extension data for all known extensions
          - all:  Show full `icmp` extension data for all classes

      --tui-geoip-mode <TUI_GEOIP_MODE>
          How to render GeoIp information [default: short]

          Possible values:
          - off:      Do not display GeoIp data
          - short:    Show short format
          - long:     Show long format
          - location: Show latitude and Longitude format

  -M, --tui-max-addrs <TUI_MAX_ADDRS>
          The maximum number of addresses to show per hop [default: auto]

      --tui-preserve-screen
          Preserve the screen on exit [default: false]

      --tui-refresh-rate <TUI_REFRESH_RATE>
          The TUI refresh rate [default: 100ms]

      --tui-privacy-max-ttl <TUI_PRIVACY_MAX_TTL>
          The maximum ttl of hops which will be masked for privacy [default: none]

          If set, the source IP address and hostname will also be hidden.

      --tui-locale <TUI_LOCALE>
          The locale to use for the TUI [default: auto]

      --tui-theme-colors <TUI_THEME_COLORS>
          The TUI theme colors [item=color,item=color,..]

      --print-tui-theme-items
          Print all TUI theme items and exit

      --tui-key-bindings <TUI_KEY_BINDINGS>
          The TUI key bindings [command=key,command=key,..]

      --print-tui-binding-commands
          Print all TUI commands that can be bound and exit

  -C, --report-cycles <REPORT_CYCLES>
          The number of report cycles to run [default: 10]

  -G, --geoip-mmdb-file <GEOIP_MMDB_FILE>
          The supported MaxMind or IPinfo GeoIp mmdb file

      --generate <GENERATE>
          Generate shell completion

          [possible values: bash, elvish, fish, powershell, zsh]

      --generate-man
          Generate ROFF man page

      --print-config-template
          Print a template toml config file and exit

      --print-locales
          Print all available TUI locales and exit

      --log-format <LOG_FORMAT>
          The debug log format [default: pretty]

          Possible values:
          - compact: Display log data in a compact format
          - pretty:  Display log data in a pretty format
          - json:    Display log data in a json format
          - chrome:  Display log data in Chrome trace format

      --log-filter <LOG_FILTER>
          The debug log filter [default: trippy=debug]

      --log-span-events <LOG_SPAN_EVENTS>
          The debug log format [default: off]

          Possible values:
          - off:    Do not display event spans
          - active: Display enter and exit event spans
          - full:   Display all event spans

  -v, --verbose
          Enable verbose debug logging

  -h, --help
          Print help (see a summary with '-h')

  -V, --version
          Print version

Theme Reference

The following table lists the default Tui color theme. These can be overridden with the --tui-theme-colors command line option or in the theme-colors section of the configuration file.

Item Description Default
bg-color The default background color Black
border-color The default color of borders Gray
text-color The default color of text Gray
tab-text-color The color of the text in traces tabs Green
hops-table-header-bg-color The background color of the hops table header White
hops-table-header-text-color The color of text in the hops table header Black
hops-table-row-active-text-color The color of text of active rows in the hops table Gray
hops-table-row-inactive-text-color The color of text of inactive rows in the hops table DarkGray
hops-chart-selected-color The color of the selected series in the hops chart Green
hops-chart-unselected-color The color of the unselected series in the hops chart Gray
hops-chart-axis-color The color of the axis in the hops chart DarkGray
frequency-chart-bar-color The color of bars in the frequency chart Green
frequency-chart-text-color The color of text in the bars of the frequency chart Gray
flows-chart-bar-selected-color The color of the selected flow bar in the flows chart Green
flows-chart-bar-unselected-color The color of the unselected flow bar in the flows chart DarkGray
flows-chart-text-current-color The color of the current flow text in the flows chart LightGreen
flows-chart-text-non-current-color The color of the non-current flow text in the flows chart White
samples-chart-color The color of the samples chart Yellow
samples-chart-lost-color The color of the samples chart for lost probes Red
help-dialog-bg-color The background color of the help dialog Blue
help-dialog-text-color The color of the text in the help dialog Gray
settings-dialog-bg-color The background color of the settings dialog blue
settings-tab-text-color The color of the text in settings dialog tabs green
settings-table-header-text-color The color of text in the settings table header black
settings-table-header-bg-color The background color of the settings table header white
settings-table-row-text-color The color of text of rows in the settings table gray
map-world-color The color of the map world diagram white
map-radius-color The color of the map accuracy radius circle yellow
map-selected-color The color of the map selected item box green
map-info-panel-border-color The color of border of the map info panel gray
map-info-panel-bg-color The background color of the map info panel black
map-info-panel-text-color The color of text in the map info panel gray
info-bar-bg-color The background color of the information bar white
info-bar-text-color The color of text in the information bar black

The supported ANSI colors are:

In addition, CSS named colors (i.e. SkyBlue) and raw hex values (i.e. ffffff) may be used but note that these are only supported on some platforms and terminals and may not render correctly elsewhere.

Color names are case-insensitive and may contain dashes.

Key Bindings Reference

The following table lists the default Tui command key bindings. These can be overridden with the --tui-key-bindings command line option or in the bindings section of the configuration file.

Command Description Default
toggle-help Toggle help h
toggle-help-alt Toggle help (alternative binding) ?
toggle-settings Toggle settings s
toggle-settings-tui Open settings (Tui tab) 1
toggle-settings-trace Open settings (Trace tab) 2
toggle-settings-dns Open settings (Dns tab) 3
toggle-settings-geoip Open settings (GeoIp tab) 4
toggle-settings-bindings Open settings (Bindings tab) 5
toggle-settings-theme Open settings (Theme tab) 6
toggle-settings-columns Open settings (Columns tab) 7
next-hop Select next hop down
previous-hop Select previous hop up
next-trace Select next trace right
previous-trace Select previous trace left
next-hop-address Select next hop address .
previous-hop-address Select previous hop address ,
address-mode-ip Show IP address only i
address-mode-host Show hostname only n
address-mode-both Show both IP address and hostname b
toggle-freeze Toggle freezing the display ctrl+f
toggle-chart Toggle the chart c
toggle-map Toggle the GeoIp map m
toggle-flows Toggle the flows f
expand-privacy Expand hop privacy p
contract-privacy Contract hop privacy o
expand-hosts Expand the hosts shown per hop ]
expand-hosts-max Expand the hosts shown per hop to the maximum }
contract-hosts Contract the hosts shown per hop [
contract-hosts-min Contract the hosts shown per hop to the minimum {
chart-zoom-in Zoom in the chart =
chart-zoom-out Zoom out the chart -
clear-trace-data Clear all trace data ctrl+r
clear-dns-cache Flush the DNS cache ctrl+k
clear-selection Clear the current selection esc
toggle-as-info Toggle AS info display z
toggle-hop-details Toggle hop details d
quit Quit the application q
quit-preserve-screen Quit the application and preserve the screen shift+q

The supported modifiers are: shift, ctrl, alt, super, hyper & meta. Multiple modifiers may be specified, for example ctrl+shift+b.

Column Reference

The following table lists the columns that are available for display in the Tui. These can be overridden with the --tui-custom-columns command line option or in the tui-custom-columns attribute in the tui section of the configuration file.

Column Code Description
# h The time-to-live (TTL) for the hop
Host o The hostname(s) and IP address(s) for the host(s) for the hop
May include AS info, GeoIp and ICMP extensions
Shows full hop details in hop detail navigation mode
Loss% l The packet loss % for the hop
Snd s The number of probes sent for the hop
Recv r The number of probe responses received for the hop
Last a The round-trip-time (RTT) of the last probe for the hop
Avg v The average RTT of all probes for the hop
Best b The best RTT of all probes for the hop
Wrst w The worst RTT of all probes for the hop
StDev d The standard deviation of all probes for the hop
Sts t The status for the hop:
- 🟢 Healthy hop
- 🔵 Non-target hop with packet loss (does not necessarily indicate a problem)
- 🟤 Non-target hop is unresponsive (does not necessarily indicate a problem)
- 🟡 Target hop with packet loss (likely indicates a problem)
- 🔴 Target hop is unresponsive (likely indicates a problem)
Jttr j The round-trip-time (RTT) difference between consecutive rounds for the hop
Javg g The average jitter of all probes for the hop
Jmax x The maximum jitter of all probes for the hop
Jint i The smoothed jitter value of all probes for the hop
Seq Q The sequence number for the last probe for the hop
Sprt S The source port for the last probe for the hop
Dprt P The destination port for the last probe for the hop
Type T The icmp packet type for the last probe for the hop:
- TE: TimeExceeded
- ER: EchoReply
- DU: DestinationUnreachable
- NA: NotApplicable
Code C The icmp packet code for the last probe for the hop
Nat N The NAT detection status for the hop
Fail f The number of probes which failed to send for the hop
Floss F A heuristic for the number of probes with forward loss for the hop
Bloss B A heuristic for the number of probes with backward loss for the hop
Floss% D The forward loss % for the hop

The default columns are holsravbwdt.

[!NOTE] The columns will be shown in the order specified in the configuration.

Configuration Reference

Trippy can be configured with via command line arguments or an optional configuration file. If a given configuration item is specified in both the configuration file and via a command line argument then the latter will take precedence.

The configuration file location may be provided to Trippy via the -c (--config-file) argument. If not provided, Trippy will attempt to locate a trippy.toml or .trippy.toml configuration file in one of the following locations:

A template configuration file for 0.12.0 is available to download, or can be generated with the following command:

trip --print-config-template > trippy.toml

Locale Reference

The following table lists the supported locales for the Tui. These can be overridden with the --tui-locale command line option or in the tui-locale attribute in the tui section of the configuration file.

Locale Language Region
zh Chinese all
en English all
fr French all
de German all
it Italian all
pt Portuguese all
ru Russian all
es Spanish all
sv Swedish all
tr Turkish all

[!NOTE]
If you are able to help validate translations for Trippy, or if you wish to add translations for any additional languages, please see the tracking issue for details of how to contribute.

Frequently Asked Questions

Why does Trippy show “Awaiting data…”?

[!IMPORTANT]
If you are using Windows you must configure the Windows Defender firewall to allow incoming ICMP traffic

When Trippy shows “Awaiting data…” it means that it has received zero responses for the probes sent in a trace. This indicates that either probes are not being sent or, more typically, responses are not being received.

Check that local and network firewalls allow ICMP traffic and that the system traceroute (or tracert.exe on Windows) works as expected. Note that on Windows, even if tracert.exe works as expected, you must configure the Windows Defender firewall to allow incoming ICMP traffic.

For deeper diagnostics you can run tools such as https://www.wireshark.org and https://www.tcpdump.org to verify that icmp requests and responses are being send and received.

How do I allow incoming ICMP traffic in the Windows Defender firewall?

The Windows Defender firewall rule can be created using PowerShell.

New-NetFirewallRule -DisplayName "ICMPv4 Trippy Allow" -Name ICMPv4_TRIPPY_ALLOW -Protocol ICMPv4 -Action Allow
New-NetFirewallRule -DisplayName "ICMPv6 Trippy Allow" -Name ICMPv6_TRIPPY_ALLOW -Protocol ICMPv6 -Action Allow

The rules can be enabled as follows:

Enable-NetFirewallRule ICMPv4_TRIPPY_ALLOW
Enable-NetFirewallRule ICMPv6_TRIPPY_ALLOW

The rules can be disabled as follows:

Disable-NetFirewallRule ICMPv4_TRIPPY_ALLOW
Disable-NetFirewallRule ICMPv6_TRIPPY_ALLOW

The Windows Defender firewall rule may also be configured manually, see here for a step-by-step guide.

There are no specific recommended settings for Trippy, it provides a variety of configurable features which can be used to perform different types of analysis. The choice of settings will depend on the analysis you wish to perform and the environment in which you are working.

The following lists some common options along with some some basic guidance on when they might be appropriate.

[!NOTE] The Windows tracert tool uses ICMP by default, whereas most Unix traceroute tools use UDP by default.

ICMP

By default Trippy will run an ICMP trace to the target. This will typically produce a consistent path to the target (a single flow) for each round of tracing which makes it easy to read and analyse. This is a useful mode for general network troubleshooting.

However, many routers are configured to rate-limit ICMP traffic which can make it difficult to get an accurate picture of packet loss. In addition, ICMP traffic is not typically subject to ECMP routing and so may not reflect the path that would taken by other protocols such as UDP and TCP.

To run a simple ICMP trace:

trip example.com

Due to the rate-limiting of ICMP traffic, some people prefer to hide the Loss% and Recv columns in the Tui as these are easy to misinterpret.

trip example.com --tui-custom-columns hosavbwdt

These settings can be made permanent by adding them to the Trippy configuration file:

[tui]
custom-columns = "hosavbwdt"

[!NOTE] The Sts column shows different color codes to reflect packet loss at intermediate vs the target hop, see the Column Reference for more information.

UDP/Dublin with fixed ports

UDP tracing provides a more realistic view of the path taken by traffic that is subject to ECMP routing.

Setting a fixed target port in the range 33434-33534 may allow Trippy to determine that the probe has reached the target as many routers and firewalls are configured to allow UDP probes in that range and will respond with a Destination Unreachable response.

However, running a UDP trace with a fixed target port and a variable source port will typically result in different paths being followed for each probe within each round of tracing. This can make it difficult to interpret the output as different hosts will reply for a given hop (time-to-live) across rounds.

By using the dublin ECMP strategy, which encodes the sequence number in the IP identifier field, Trippy can fix both the source and target ports, typically resulting in a single path for each probe within each round of tracing.

[!NOTE] UDP/Dublin for IPv6 encodes the sequence number as the payload length as the IP identifier field is not available in IPv6.

[!NOTE] Keep in mind that every probe is an independent trial and each may traverse a completely different path. In practice, ICMP probes often follow a single path, whereas the path of UDP and TCP probes is typically determined by the 5-tuple of protocol, source and destination IP addresses and ports.

Also beware that the return path may not be the same as the forward path, and may also differ for each probe. Strategies such as dublin and paris assist in controlling the path taken by the forward probes, but do not help control the return path. Therefore it is recommended to run a trace in both directions to get a complete picture.

To run a UDP trace with fixed source and target ports using the dublin ECMP strategy:

trip example.com --udp --multipath-strategy dublin --source-port 5000 --target-port 33434

[!NOTE] The source port can be any valid port number, but the target port should usually be in the range 33434-33534 or whatever range is open to UDP probes on the target host.

These settings can be made permanent by adding them to the Trippy configuration file:

[strategy]
protocol = "udp"
multipath-strategy = "dublin"
source-port = 5000
target-port = 33434

UDP/Dublin with fixed target port and variable source port

As an extension to the above, if you do not fix the source port when using the dublin ECMP strategy, Trippy will vary the source port per round of tracing (i.e. each probe within a given round will share the same source port, and the source port will vary for each round). This will typically result in the same path being followed for each probe within a given round, but different paths being followed for each round.

These individual flows can be explored in the Trippy Tui by pressing the toggle-flows key binding (f key by default).

Adding the columns Seq, Sprt and Dprt to the Tui will show the sequence number, source port and destination port respectively which makes this easier to visualize.

trip example.com --udp --multipath-strategy dublin --target-port 33434 --tui-custom-columns holsravbwdtSPQ

These settings can be made permanent by adding them to the Trippy configuration file:

[strategy]
protocol = "udp"
multipath-strategy = "dublin"
target-port = 33434

[tui]
custom-columns = "holsravbwdtSPQ"

To make the flows easier to visualize, you can generate a Graphviz DOT file report of all tracing flows:

trip example.com --udp --multipath-strategy dublin --target-port 33434 -m dot -C 5

UDP/Paris

UDP with the paris ECMP strategy offers the same benefits as the dublin strategy with fixed ports and can be used in the same way.

They differ in the way they encode the sequence number in the probe. The dublin strategy uses the IP identifier field, whereas the paris strategy uses the UDP checksum field.

To run a UDP trace with fixed source and target ports using the paris ECMP strategy:

trip example.com --udp --multipath-strategy paris --source-port 5000 --target-port 33434

The paris strategy does not work behind NAT as the UDP checksum field is typically modified by NAT devices. Therefore the dublin strategy is recommended when NAT is present.

[!NOTE] Trippy can detect the presence of NAT devices in some circumstances when using the dublin strategy and the Nat column can be shown in the Tui to indicate when NAT is detected. See the Column Reference for more information.

TCP

TCP tracing is similar to UDP tracing in that it provides a more realistic view of the path taken by traffic that is subject to ECMP routing.

TCP tracing defaults to using a target port of 80 and sets the source port as the sequence number which will typically result in a different path being followed for each probe within each round of tracing.

To run a TCP trace:

trip example.com --tcp

TCP tracing is useful for diagnosing issues with TCP connections and higher layer protocols such as HTTP. Often UDP tracing can be used in place of TCP to diagnose IP layer network issues and, as it provides ways to control the path taken by the probes, it is often preferred.

[!NOTE] Trippy does not support the dublin or paris ECMP strategies for TCP tracing and so you cannot fix both the source and target ports. See the tracking issue for details.

Acknowledgements

Trippy is made possible by ratatui ( formerly tui-rs), crossterm as well as several foundational Rust libraries.

Trippy draws heavily from mtr and also incorporates ideas from both libparistraceroute & Dublin Traceroute.

The Trippy networking code is inspired by pnet and some elements of that codebase are incorporated in Trippy.

The AS data is retrieved from the IP to ASN Mapping Service provided by Team Cymru.

The trippy.cli.rs CNAME hosting is provided by cli.rs.

The Trippy chat room is sponsored by Zulip.

License

This project is distributed under the terms of the Apache License (Version 2.0).

Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in time by you, as defined in the Apache-2.0 license, shall be licensed as above, without any additional terms or conditions.

See LICENSE for details.

Copyright 2022 Trippy Contributors