Mar 28 2009

Google Earth as a traceroute viewer

[Update 03/30/2009: After making sure that people won’t be able to bring down my server, you can try a live example, by clicking the following link (you will still need Google Earth on your computer): Trace the path from my server to your system ]

[Update 04/07/2009: If you like this post, you may also want to take a look at the Google Earth Forensics post, which is IMHO a lot cooler ๐Ÿ™‚ ]

[Update 04/16/2009: I added a link to source code at the end of this post. ]

I played a bit more with the idea that I presented in “Apache access_log to Google Earth KML” and, I think, I came up with something extremely cool.

When you surf around on the Internet (or use any TCP/IP service), your data is being routed through an endless list of gateways. Your packets are hopping from one system to the next one, until the final destination has been reached. And data served by the remote destination is hopping it’s way back to you.

On Unix we have the traceroute utility (on Windows it’s called ‘tracert’) that allows you to figure out the route that your packets are taking to a remote destination.

In my web server’s access_log I can see a line where a host at the ip-address accessed a certain url on my server. Resolving that ip-address to a name (via “host”) reveals that it is one of’s crawlers. Using traceroute on the same address shows the following (I changed my internal network address to aaa.bbb.ccc.ddd below):

$ traceroute -q 1 -e -I
traceroute to (, 64 hops max, 60 byte packets
 1  netgear (aaa.bbb.ccc.ddd)  0.781 ms
 2 (  12.871 ms
 3 (  35.880 ms
 4 (  54.828 ms
 5 (  40.534 ms
 6 (  39.042 ms
 7 (  54.288 ms
 8 (  51.418 ms
 9 (  45.766 ms
10 (  49.140 ms
11 (  72.021 ms
12 (  73.443 ms
13 (  73.514 ms
14 (  76.818 ms
15 (  79.453 ms
16 (  76.748 ms

This output tells me that it takes roughly 80 milliseconds to get packets from my system to the final destination at Yahoo. However, it does not tell me what geographical path my packets take.

Hold on to your socks, because here’s the same path after I ran it through my little traceroute visualization tool (displayed in Google Earth):

Traceroute in Google Earth

The tool I created this morning, will automatically run a traceroute to any ip-address and it will create a Google Earth compatible KML file. Again we are using Marc’s free database to map ip-addresses to locations on the map. For each hop it records the hop’s ip-address, name and, if available, location. The tool also creates a tour that allows to jump from hop to hop in an animated fashion, until you arrive at your final destination where even more information (Whois) is displayed.

When you try one of the sample files below in Google Earth, just double-click the “Animate Route (play me)” item in the “Places” area:

Animate Route

As you jump from hop to hop, information about the current gateway is being displayed roughly in the geo location where that gateway is physically located (the free database mentioned above does have some hosts that are not mapped and I’m skipping those automatically).

And here are two KMZ files that you can download to Google Earth in order to see the stuff:

“Complete” above means that I was able to trace the route all the way to the destination host. And “Incomplete” means that I aborted the trace after a number of systems along the path did not respond to my trace queries.

And if you want to see a live example, click the following link to see the path from my server to your system.

The perl code for the little tool is now available at: (gzip compressed perl file – 2.5KB).

12 Responses to “Google Earth as a traceroute viewer”

  • // popular today Says: // popular today…

    story has entered the popular today section on…

  • This is what a reddit/wired/popurls spike looks like | kahunaburger Says:

    […] on today I was stooopid enough to post a link to my Google Earth traceroute visualization on […]

  • Kevin Theisen Says:

    This looks extrememly interesting. I can hardly wait to see the final version. But, I noticed that the locations on the yahoo sample seemed a bit off. How accurate are the locations of the hops relative to the google earth images?

  • Haarith Devarajan Says:

    Yup..Tobias access log code was too good. so i cant wait to get my hands on this as well .. There is nothing like showing it on a map when troubleshooting.

    Kevin, the discrepancy could be from the Ip2Loc database. Marc uploaded a new one on April and that has improved accuracy overall.

    It will be nice to have auto animate as default. Like when you open the kml it automatically starts tracking. I tried to hack it by calling a js inside kml, but google earth doesnt like it.
    It so doesnt like it that it crashed my comp. Thrice ๐Ÿ™


  • Haarith Devarajan Says:


    sample code pleaaaasee :).

    How did you force it to skip hosts that were not mapped. Like if it was part of the route , does the map automatically move to the next one and add the total wait time . I think traceroute sums the time automatically, but curios if you are pulling that data directly.

  • Tobias Says:

    Haarith – done. I added a link to the compressed perl sources. This one used FreeBSD’s traceroute (8.0-current) – if you try to run it on a different platform, you may have to adjust the options.

    I noticed for a number of hosts that we always got the same latitude/longitude smack in the middle of the US. I assume, those are ones that don’t have a good location information. When I see that specific lat/long I simply skip it and look at the next hop. The traceroute timing info is displayed next to the hop.

  • Haarith Devarajan Says:

    Thanks a bunch !! .. Will take a look at it as soon as i have traceroute is probably 2 years old..time to upgrade :))

  • Haarith Devarajan Says:

    ABSOLUTELY AMAZING STUFF. Great job!!.. I am going to link a bunch of people on this.

    Before that, a couple of things that are required to make ti work in centos and the NEW DATABASE from Marc
    On line 197: it should be my($val)=((($a[0]*256+$a[1])*256+$a[2])*256); and not my($val)=($a[0]*256+$a[1])*256+$a[2]; { thats for the old DB ๐Ÿ™‚ }

    -e will not work for people using 1.10.. so this should do
    my $cmd=qq{traceroute -w $maxwait -q $probes -I $dest};

    **3 For those running centos 5&perl 5.8.8
    Direct install of ( Net::Traceroute; ) when done with perl -MCPAN -e shell is broken. There is a default option make test no that stops the install. Would suggest the following ( pull it directly from HA website)


    ->gunzip make
    ->make test

    No output from traceroute. Exec failure? at blib/lib/Net/ line 300.
    make: *** [test_dynamic] Error 2
    ->make install

  • Prieleallomma Says:

    I found this site using And i want to thank you for your work. You have done really very good site. Great work, great site! Thank you!

    Sorry for offtopic

  • Greg S. Says:

    Are these tools still available?

  • Tobias Says:

    Greg – which tools are you asking about? Thanks – T

  • Mike Says:


    I am completely new to perl, and was trying to make this program work using databases from this site. Could you provide me some guidance on how I could create KML files from tracert in a windows environment utilizing strawberry perl, these databases from a csv file ? I am at a loss on how to bridge the gap.

Leave a Reply