traceroute shows just * * * in linux ( in a virtual machine ), although displays all IPs in windows correctly

I did tracert to google in windows PowerShell and IP addresses of all stations are displayed properly.

However, if I do the same in Linux in a virtual machine to the same server, I see only * * * .

 1  _gateway (10.0.2.2)  5.955 ms  5.568 ms  5.228 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *

Why this?


The packets that Windows tracert and Linux traceroute use by default are different. Windows tracert sends ICMP packets and Linux traceroute sends UDP packets. The UDP ports are blocked at each hop in your example but ICMP is allowed, so that explains the discrepancy you're seeing.

From Wikipedia: traceroute:

On Unix-like operating systems, traceroute sends, by default, a sequence of User Datagram Protocol (UDP) packets, with destination port numbers ranging from 33434 to 33534; the implementations of traceroute shipped with Linux, FreeBSD, NetBSD, OpenBSD, DragonFly BSD, and macOS include an option to use ICMP Echo Request packets (-I), or any arbitrary protocol (-P) such as UDP, TCP using TCP SYN packets, or ICMP.

On Windows, tracert sends ICMP Echo Request packets, rather than the UDP packets traceroute sends by default.

You can have traceroute use ICMP packets in Linux by adding the -I option.

From man traceroute:

traceroute

Print the route packets take to network host.

Syntax
traceroute [options] host [packetsize]

Options:

 -I    Use ICMP ECHO for probes

TL;DR Either disable Windows Firewall entirely, or allow ICMP Time Exceeded packets through WF.

I have a more detailed and thorough article on my blog.

Problem

This is the answer:

If your Windows Firewall in turned on on your host, you will see this behavior - only the first and last device answers. If it's turned off, it works (at least for me).

The detailed reason is, traceroute works by sending ICMP Echo Requests with increasing TTL starting from 1, so when they "die of time", the intermediate routers send back ICMP Time Exceeded packets, which is unexpected by Windows Firewall.

Solution

The obvious solution is to turn off Windows Firewall entirely, but that's probably not safe for some users.

The solution without turning off Windows Firewall is to explicitly allow ICMP Time Exceeded (ICMPv4 Type 11 / ICMPv6 Type 3) to come in. This can be done as follows:

  • Open Windows Firewall: StartWindows Administrative ToolsWindows Defender Firewall with Advanced Security (yeah the name is verbose)

  • Select Inbound Rules on the left

  • Select New Rule... on the right

    image

  • Follow the prompt. Select the following options in order:

    • Rule Type: Custom
    • Program: All programs (just click Next)
    • Protocol and Ports:
      • Protocol type: ICMPv4
      • (Optional) Internet Control Message Protocol (ICMP) settings: Click Customize → Select Specific ICMP types and tick Time Exceeded
    • Scope: Any IP address for both (just click Next)
    • Action: Allow (just click Next)
    • Profile: Select all (just click Next)
    • Name: Core Networking - Time Exceeded (ICMPv4-In) (apparently just any name you prefer)
  • Click Finish and you should immediately see intermediate hops if you're using mtr (My Traceroute).

  • (Optional) Repeat the above steps but select ICMPv6 for Protocol type if you want to enable IPv6 traceroute.