Networking/Computing Tips/Tricks

Rate this content:
5 of 5 - 7 votes
Thank you for rating this article.

Equal-Cost Multi-Path (ECMP) is a forwarding mechanism for routing packets along multiple paths of equal cost with the goal to achieve almost equally distributed link load sharing. This, of course, significantly impacts a router's next-hop (path) decision.

For further details, look at RFC 2991, "Multipath Issues in Unicast and Multicast Next-Hop Selection," and RFC 2992, "Analysis of an Equal-Cost Multi-Path Algorithm."
How can we see this?  Normal Traceroute expects the network to do traditional routing, where all your traffic follows the same path unless there is a failure in the network to trigger a routing table update.  Chances of this are extremely small in the real world.


So how can we detect if ECMP is in play in the network your traffic is traversing?  The answer is we need a special version of Traceroute that can figure out if ECMP is in play.

There are two solutions: Paris Traceroute and Dublin Traceroute.  

The initial version of traceroute was implemented by Van Jacobson based on a suggestion by Steve Deering (the inventor or Multicast and what is now IPv6).

Paris traceroute was implemented by Xavier Cuvellier. Debugged and enhanced by Brice Augustin.  The current version is available at:

Dublin Traceroute was built on top of Paris Traceroute and is written by Andrea Barberio from, you guessed it, Dublin.  You can find Dublin Traceroute at

What is the difference?  Dublin Traceroute uses the techniques invented by the authors of Paris-traceroute to enumerate the paths of ECMP flow-based load balancing, but introduces a new technique for NAT detection.

Let's look at Paris Traceroute first.

To check and see if you have this: simply type:


Screenshot from 2018 10 24 11 27 42

I did not have it, so I followed the instructions to install it on my Ubuntu Linux box.

sudo apt install paris-traceroute

Once done, I now get the proper response:

Screenshot from 2018 10 24 11 32 00

All is good.  You can use the following command to see what all the command line options are:

paris-traceroute -h

Now let's see if we have Dublin Traceroute installed:


Screenshot from 2018 10 24 14 17 12

Install it with:

sudo apt-get install dublin-traceroute

To get the help type:

dublin-traceroute --help


Let's run them both to see what happens when we traceroute to Google's public DNS at  First, here is a normal, regular traceroute:

Screenshot from 2018 10 24 14 32 52

Now, let's use Paris Traceroute:

Screenshot from 2018 10 24 14 36 31

Now Dublin Traceroute (you will note I add the '-n 3' parameter as this limits Dublin Traceroute to 3 probes which is the same as the Paris Traceroute default):

Screenshot from 2018 10 24 14 43 31 

Very different. 

To be fair, I am doing this from behind my home router which is a NAT.  So Dublin is successful as advertised in seeing there is some ECMP going on.  Look at the 8th hop.  We see there are two different IP addresses, and we see them toggling.  Same thing in the 12th hop.

If you want to dig a bit deeper, I have also enclosed a Wireshark packet capture of the three traceroutes for your perusal and deeper dissection.   archive Traceroute Comparison Capture pcapng for Wireshark (15 KB)

So cool!  I hope, like me, this is the last time you ever use regular traceroute!

Happy Tracerouting!!

I hope you find this article and its content helpful.  Comments are welcomed below.  If you would like to see more articles like this, please support us by clicking the patron link where you will receive free bonus access to courses and more, or simply buying us a cup of coffee!, and all comments are welcome!

Add comment


Did you learn something?
Did I save you time? 

Buy me a coffeeBuy me a coffee!

Find by Tag

5G Networks 6LoWLAN 6LoWPAN 802.11 802.11ah 802.11ax 802.11ay 802.11az ACL Addressing Analysis Ansible Architecture ARP Assessment AToM Backup Bandwidth BGP Bibliography Biography Briefings CBRS CellStream Cellular Central Office Cheat Sheet Chrome Cisco Clock Cloud Computer Consulting CPI Data Center Data Networking Decryption DHCPv4 DHCPv6 Display Filter DNS Documentation ECMP EIGRP Ethernet Flipping the Certification Model Follow Me Fragmentation Git GNS3 Google GQUIC Hands-On History Home Network HTTPS ICMP ICMPv6 IEEE 802.11p IEEE 802.15.4 In A Day Internet IOS Classic IoT IPv4 IPv6 L2 Switch L2VPN L3VPN LDP Learning Services Linux LLN Logging LoL M-BGP MAC MAC OSx Macro Microsoft mininet Monitoring Monitor Mode MPLS Multicast Name Resolution Netflow NetMon netsh Networking Network Science nmap Npcap nslookup Online Learning Online School OpenFlow OSPF OSPFv2 OSPFv3 OSX Parrot Passwords pcap pcap-ng PIM Ping Policy Port Mirror POTS POTS to Pipes PPP Profile Profiles Programming Project Management Python QoS QUIC Requirements RFC RIP Routing RPL RSVP SAS SDN Security Self Certification Service Provider Small Business Smartport SONET Span Port SSH SSL Subnetting T-Shark TCP TCP/IP Telco Telecom 101 Telecommunications Telnet Terminal TLS Tools Traceroute Traffic Analysis Traffic Engineering Training Travel Troubleshooting Tunnel Utility Video Virtualbox Virtualization Voice VoIP VXLAN Webex Wi-Fi Wi-Fi 4 Wi-Fi 5 Wi-Fi 6 Wi-Fi 6/6E Windows Wireless Wireless 5G Wireshark Wireshark Tip WLAN ZigBee Zoom

Twitter Feed