Linux for Network Engineers: Plot Traceroute Path on Google Maps

By September 30, 2020Linux

Traceroute gives you the hop-by-hop information of a route from a source host to a destination. In most cases getting the IP and maybe its DNS lookup (when available) is enough for troubleshooting purposes.

Nmap is another tool that I’ve been using a lot lately. It’s very well known in the networking and infosec community and can do so much, which makes me think that only the nmap developers themselves have a grasp of the whole spectrum of its capabilities and features.

Nmap Traceroute

Nmap has a wide range of network discovery capabilities out of the box. In the context of traceroute, it can do the following:

netbeez.net $nmap --traceroute  in.gr

Starting Nmap 7.40 ( https://nmap.org ) at 2020-09-29 01:40 EDT
Nmap scan report for in.gr (213.133.127.247)
Host is up (0.16s latency).
Other addresses for in.gr (not scanned): 213.133.127.245
rDNS record for 213.133.127.247: titanas.alteregomedia.org
Not shown: 997 filtered ports
PORT     STATE  SERVICE
80/tcp   open   http
443/tcp  open   https
8080/tcp closed http-proxy

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   0.75 ms   172.31.0.1
2   5.62 ms   192.168.86.1
3   6.92 ms   192.168.1.254
4   10.44 ms  108-193-0-1.lightspeed.sntcca.sbcglobal.net (108.193.0.1)
5   ...
6   9.23 ms   12.242.117.22
7   10.56 ms  192.205.37.58
8   10.86 ms  ae-9.r24.snjsca04.us.bb.gin.ntt.net (129.250.2.2)
9   68.48 ms  ae-2.r24.asbnva02.us.bb.gin.ntt.net (129.250.6.238)
10  68.63 ms  ae-0.r25.asbnva02.us.bb.gin.ntt.net (129.250.2.36)
11  158.23 ms ae-16.r21.frnkge13.de.bb.gin.ntt.net (129.250.4.97)
12  158.12 ms ae-8.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.51)
13  166.78 ms 213.198.82.130
14  184.61 ms core11.nbg1.hetzner.com (213.239.252.22)
15  168.86 ms ex9k1.dc2.nbg1.hetzner.com (213.239.229.6)
16  164.29 ms titanas.alteregomedia.org (213.133.127.247)

Nmap done: 1 IP address (1 host up) scanned in 14.81 seconds

The output looks very similar to the traceroute output you are familiar with. In addition, nmap does a port scan showing you what ports have been found open on the final host (80, 443, 8080). This run took 14.81 seconds, but if you add the option -sP nmap doesn’t do port scanning, and in that case, nmap finishes within a few seconds.

Traceroute Hops on Google Maps

We have talked about nmap’s scripting capabilities in a previous post. Nmap has around 600 prepackages scripts that do a variety of tasks, but you can also write your own scripts tailored to your discovery or testing needs.

There are a few scripts that do traceroute geolocation, but the one I found that works more reliably and returns correct results more consistently is traceroute-gelocation.

Here is how you execute it:

netbeez.net $nmap --traceroute --script traceroute-geolocation --script-args traceroute-geolocation.kmlfile=coordinates-in.kml in.gr

Starting Nmap 7.40 ( https://nmap.org ) at 2020-09-29 01:50 EDT
Nmap scan report for in.gr (213.133.127.245)
Host is up (0.16s latency).
Other addresses for in.gr (not scanned): 213.133.127.247
rDNS record for 213.133.127.245: kronos.alteregomedia.org
Not shown: 998 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Host script results:
| traceroute-geolocation:
|   HOP  RTT     ADDRESS                                                    GEOLOCATION
|   1    0.72    172.31.0.1                                                 - ,-
|   2    5.24    192.168.86.1                                               - ,-
|   3    6.47    192.168.1.254                                              - ,-
|   4    13.52   108-193-0-1.lightspeed.sntcca.sbcglobal.net (108.193.0.1)  37.294,-121.900 United States (California)
|   5    ...
|   6    8.32    12.242.117.22                                              37.751,-97.822 United States ()
|   7    10.47   192.205.37.58                                              37.751,-97.822 United States ()
|   8    11.58   ae-9.r24.snjsca04.us.bb.gin.ntt.net (129.250.2.2)          37.751,-97.822 United States ()
|   9    69.12   ae-2.r24.asbnva02.us.bb.gin.ntt.net (129.250.6.238)        37.751,-97.822 United States ()
|   10   68.20   ae-0.r25.asbnva02.us.bb.gin.ntt.net (129.250.2.36)         37.751,-97.822 United States ()
|   11   151.56  ae-16.r21.frnkge13.de.bb.gin.ntt.net (129.250.4.97)        37.751,-97.822 United States ()
|   12   155.67  ae-8.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.51)         37.751,-97.822 United States ()
|   13   157.79  213.198.82.130                                             55.679,12.559 Denmark (Capital Region)
|   14   166.25  core11.nbg1.hetzner.com (213.239.252.22)                   51.299,9.491 Germany ()
|   15   169.37  ex9k1.dc2.nbg1.hetzner.com (213.239.229.6)                 51.299,9.491 Germany ()
|_  16   162.96  kronos.alteregomedia.org (213.133.127.245)                 51.299,9.491 Germany ()

TRACEROUTE (using port 80/tcp)
HOP RTT       ADDRESS
1   0.72 ms   172.31.0.1
2   5.24 ms   192.168.86.1
3   6.47 ms   192.168.1.254
4   13.52 ms  108-193-0-1.lightspeed.sntcca.sbcglobal.net (108.193.0.1)
5   ...
6   8.32 ms   12.242.117.22
7   10.47 ms  192.205.37.58
8   11.58 ms  ae-9.r24.snjsca04.us.bb.gin.ntt.net (129.250.2.2)
9   69.12 ms  ae-2.r24.asbnva02.us.bb.gin.ntt.net (129.250.6.238)
10  68.20 ms  ae-0.r25.asbnva02.us.bb.gin.ntt.net (129.250.2.36)
11  151.56 ms ae-16.r21.frnkge13.de.bb.gin.ntt.net (129.250.4.97)
12  155.67 ms ae-8.r01.frnkge13.de.bb.gin.ntt.net (129.250.6.51)
13  157.79 ms 213.198.82.130
14  166.25 ms core11.nbg1.hetzner.com (213.239.252.22)
15  169.37 ms ex9k1.dc2.nbg1.hetzner.com (213.239.229.6)
16  162.96 ms kronos.alteregomedia.org (213.133.127.245)

Nmap done: 1 IP address (1 host up) scanned in 21.74 seconds


The output gives me the classic traceroute result, but also the coordinates of the IPs that can be geolocated. It has to be noted that sometimes fails without providing the coordinate information.

In addition, with the option --script-args traceroute-geolocation.kmlfile=coordinates-in.kml the coordinates were saved in a KML file that can be imported to Google maps and give you a cool view of the routing. 

To do that, open Google maps, and 

  1. Go to “My Maps” (the easiest way to find that is to google “My Maps” than trying to find it through the Google maps menu options).
  2. Click on “+CREATE A NEW MAP”
  3. Click on “Import” and import the file generated from the traceroute-geolocation NSE script above
  4. Voila! 

It’s a quick and easy way to visualize a traceroute path for your convenience, for showing it to customers, or for educational purposes.