Skip to content

DataDog/datadog-traceroute

BranchesTags

Repository files navigation

Datadog Traceroute

Datadog Traceroute produce traceroute results reflecting real traffic paths.

Support Matrix for IPv4

Linux

Protocol-Variant Supported Traceroute CLI
ICMP Yes traceroute -I
UDP Yes traceroute
TCP SYN Yes tcptraceroute
TCP SACK Yes

Windows

Windows Server:

Protocol-Variant Supported Traceroute CLI
ICMP Yes tracert
UDP Yes
TCP SYN Yes
TCP SACK Yes (req. win driver)

Windows Client:

Protocol-Variant Supported Traceroute CLI
ICMP Yes (req. win driver) tracert
UDP Yes (req. win driver)
TCP SYN Yes (req. win driver)
TCP SACK Yes (req. win driver)
TCP SYN SOCKET Yes

Note: Default firewall on windows can block the ICMP responses when not using Windows Driver. Note2: TCP syn_socket is only useful for Windows Client without Windows Driver.

macOS

Protocol-Variant Supported Traceroute CLI
ICMP Yes traceroute -I
UDP Yes traceroute
TCP SYN Yes tcptraceroute
TCP SACK Yes

IPv6 Support

IPv6 is only partially supported.

Note: Windows driver is needed for all protocol-variant for IPv6s on server versions.

Getting Started

Prerequisites

  • Go 1.25.6+
  • Root/administrator privileges (required for raw sockets)

Building

# Build the CLI
make build
# or: go build .

# Build the HTTP server
make build-server

CLI Usage

sudo ./datadog-traceroute [flags] <target>

Examples

# UDP traceroute (default)
sudo ./datadog-traceroute google.com

# TCP SYN traceroute on port 443
sudo ./datadog-traceroute -P tcp -p 443 google.com

# ICMP traceroute with reverse DNS
sudo ./datadog-traceroute -P icmp --reverse-dns google.com

# TCP SACK traceroute with verbose output
sudo ./datadog-traceroute -P tcp --tcp-method sack -p 443 -v google.com

# IPv6 traceroute
sudo ./datadog-traceroute --ipv6 google.com

Output is JSON.

Flags

Flag Short Default Description
--proto -P udp Protocol (udp, tcp, icmp)
--port -p 33434 Destination port
--traceroute-queries -q 3 Number of traceroute queries
--e2e-queries -Q 50 Number of end-to-end probe queries
--max-ttl -m 30 Maximum TTL
--timeout 3000 Timeout in milliseconds
--tcp-method syn TCP method (syn, sack, prefer_sack)
--ipv6 false Use IPv6
--reverse-dns false Enrich IPs with reverse DNS names
--source-public-ip false Enrich with source public IP
--skip-private-hops false Skip private hops
--windows-driver false Use Windows driver (Windows only)
--verbose -v false Verbose logging

Subcommands

Command Description
version Print version, commit, build date, and Go version

HTTP Server

An HTTP server mode is also available. See server/README.md for details.

# Run the server (default port 3765)
sudo ./datadog-traceroute-server

# Query it
curl 'http://localhost:3765/traceroute?target=google.com&protocol=tcp&port=443'

Testing

# Unit tests
make test

# E2E tests (require root)
sudo go test -tags=e2etest -v ./e2etests/...

See e2etests/README.md for the full e2e test matrix and instructions.

Publishing Changes

After merging changes to main create a release by:

  1. Navigate to the Releases page

  2. Click "Draft a new release"

  3. You can "Select a tag" using the dropdown or "Create a new tag"

    When creating a new tag, make sure to include the v prefix. For example, if the last release was v0.1.29, your release should be v0.1.30.

  4. The release title should be the same as the version tag

  5. Use "Generate release notes" to fill in the release description

  6. Click "Publish release"

    This will create a git tag that can now be referenced in other repos. This will trigger go-releaser that will add installable artifacts to the release.

Downstream Consumers

datadog-traceroute is used by:

About

Datadog Traceroute produce traceroute results reflecting real traffic paths

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases 45

v1.0.17 Latest
Jun 4, 2026
+ 44 releases

Contributors

Languages