Traceroute in Azure
Is it possible to traceroute in Azure? Despite a lot of negative statements, it is totally possible. Take a look: IPv4: IPv6: All you need is to meet 2 conditions here: Add Network Security Group rule allowing Inbound ICMP to this VM from Any source Configure VM with explicit instance-level public IP. Here's explanation for these conditions: 1. ICMP All the NSG rules in Azure, explicit or implicit, are stateful. This includes ICMP. As you may know, traceroute works by sending IP packets with very short TTL (starting with 1). Each router on the path is decreasing TTL by one, and the router that decreases packet TTL to 0, must drop it and should send ICMP message packet TTL Expired in transit. ICMP message will return to VM from the router, not from VM we are sening probes to. But NSG rules are only ready to receive responses from the end host. Opening ICMP inbound for all the hosts allows ICMP "Expired in transit" packets to reach original VM, and work tracert properly. 2....