Control your server's `traceroute` reply
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Scuttle is a tool that lets you control the output when your server is tracerouted. It currently supports both ICMP and UDP traceroute.


You'll need a set of IP addresses you can control the reverse DNS entries for, and a Linux server that supports IP spoofing.

Vultr will let you buy as many IPs as you want, and control their reverse DNS entries, for $3/month each. AWS EC2 will let you spoof IPs – make sure you enable all inbound UDP and ICMP traffic, and disable the source/dest check (in the console, right click => Networking => Change source/dest check). Note that us-west-2 (Oregon) has unreliable route lengths, which breaks scuttle, but us-west-1 (N. California) works fine.

Run the following commands on your server, to disable kernel-level ICMP and UDP replies:

# Disable the kernel's responses to ICMP echo packets, which would interfere with our own replies.
sudo echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all

# Prevent the kernel from sending "destination port unreachable" messages, which would interfere
# with our UDP traceroute implementation. FreeBSD has a blackhole sysctl that would do this for
# us, but on Linux we don't have as much luck, so have to resort to this hack.
# Allow all outbound ICMP packets except "destination port unreachable".
sudo iptables -A OUTPUT -p icmp -m icmp ! --icmp-type port-unreachable -j ACCEPT

# Drop all outbound "destination port unreachable" packets except those sent by root.
sudo iptables -A OUTPUT -p icmp -m owner ! --uid-owner root -j DROP

Add the IPs you'd like to a newline delimited file named redirect_ips.txt, for example


Run sudo python redirect_ips.txt to serve responses infinitely.