Diagnostics

Traceroute

Network path diagnostic tool

Traceroute (tracert on Windows) is a network diagnostic tool that maps the path between your device and a destination, identifying each router hop along the way and measuring the round-trip latency to each one. It is one of the two essential tools (along with ping) for diagnosing where a network problem actually happens.

How traceroute works

Traceroute exploits the TTL (Time To Live) field in IP packets. TTL starts at some value (default 64 on Linux, 128 on Windows) and is decremented by 1 at each router hop. When a router decrements TTL to 0, it discards the packet and sends back an ICMP "Time Exceeded" message — naming itself in the source IP.

Traceroute sends probe packets with deliberately small TTL values, starting at 1:

  • TTL=1: first hop returns Time Exceeded. Traceroute records that router's IP and round-trip latency.
  • TTL=2: second hop returns Time Exceeded. Traceroute records hop 2.
  • TTL=3: third hop returns Time Exceeded.
  • And so on until the destination is reached, which responds with whatever the probe was (an Echo Reply for ICMP probes, or a "Port Unreachable" for UDP probes hitting a closed port).

Three probes per TTL is the default — that is why you see three latency values per row in traceroute output.

Sample output

$ traceroute google.com
traceroute to google.com (142.250.190.78), 30 hops max, 60 byte packets
 1  router.local (192.168.1.1)  1.234 ms  1.456 ms  1.345 ms
 2  10.21.5.1 (10.21.5.1)  8.123 ms  8.234 ms  8.345 ms
 3  cust-isp-bos.example.net (203.0.113.5)  9.5 ms  9.3 ms  9.4 ms
 4  * * *
 5  ae-12.cr1-nyc.ip4.gtt.net (213.155.144.4)  18.2 ms  17.9 ms  18.1 ms
 6  72.14.215.45  24.5 ms  24.3 ms  24.7 ms
 7  108.170.245.65 (108.170.245.65)  25.1 ms  25.2 ms  24.9 ms
 8  142.250.190.78 (142.250.190.78)  25.5 ms  25.4 ms  25.6 ms

Reading this:

  • Hop 1: home router (low latency, expected).
  • Hop 2-3: ISP equipment (single-digit ms; nearby).
  • Hop 4: asterisks — router did not respond; could be policy or dropped. Traffic continued through.
  • Hop 5: long-haul transit provider (GTT).
  • Hop 6-8: Google's network reaching the destination.
  • Final hop: destination IP, 25 ms RTT — that is the end-to-end latency that matters.

Common reasons for asterisks

An asterisk in output means no ICMP reply received within timeout. Causes:

  • Deliberate ICMP suppression. Many routers, especially in the middle of large networks, drop or rate-limit ICMP Time Exceeded responses for load and security reasons. The router is still passing traffic; it is just not announcing itself.
  • Firewall policies. Some networks block ICMP entirely at the perimeter.
  • Asymmetric routing. The Time Exceeded reply may take a different path back and be lost.
  • Genuine packet loss. Real packet loss exists at this hop. Pattern of asterisks across many probes from this hop suggests this.

Diagnosing common problems

"My internet is slow / laggy"

Traceroute to your common destinations (gaming server, video service). Compare hop-by-hop latency over time:

  • If only the last hop shows high latency, the destination service is congested.
  • If a specific intermediate hop suddenly jumped from 20 ms to 200 ms compared to earlier traces, that hop is the bottleneck.
  • If the FIRST hop (your home router) has high latency, your local network or WiFi is the problem.
  • If the SECOND hop (your ISP's first router) has high latency, the issue is on the access network between you and the ISP.

"Specific service is broken"

Compare traceroute to the broken service vs traceroute to a known-working service. The hop where the paths diverge is where the problem starts.

"I cannot reach a destination at all"

Traceroute often gets close to the destination then stalls. The last responsive hop tells you where the connection died — sometimes at your ISP's edge (suggesting upstream filtering), sometimes at the destination's ISP (suggesting their downstream filtering).

Modern alternatives

  • mtr (Matt's TraceRoute): Combines ping + traceroute in real-time, continuously sampling every hop. Shows packet loss percentage per hop as well as latency. More useful for diagnosing intermittent problems.
  • tcptraceroute: Uses TCP probes to a specific port — works through firewalls that block UDP and ICMP.
  • Paris traceroute: Accounts for load-balanced paths where ECMP causes inconsistent hop returns; reduces false "anomalies" in traditional traceroute output.
  • Online tools: RIPE Atlas, BGP.he.net traceroute service, looking glass tools at major ISPs — useful for tracing FROM other locations to your IP.

Limits

Traceroute output represents the forward path (your device to destination), not the reverse. Internet routing is often asymmetric — the response path may differ. Tools like mtr partially address this by measuring round-trip time per hop, but the actual reverse path is invisible from your side.

The 30-hop default is sufficient for almost all destinations (the actual internet diameter rarely exceeds 25 hops). Hops with consistent asterisks are often deliberately silent rather than missing.

Frequently Asked Questions

Why does traceroute show * for some hops?

Asterisks mean the router at that hop did not respond to the probe within the timeout (default 5 seconds). Two common reasons: the router is configured to deny ICMP responses (deliberate policy for security or load), or the response was dropped on its way back. The packet may have still passed through that hop and continued — the asterisk is about the router's response policy, not whether your traffic reached it. Many routers in the middle of the internet deliberately suppress traceroute responses.

What is the difference between traceroute on Linux and tracert on Windows?

Same concept, different defaults. Linux/macOS traceroute defaults to UDP probes (with options for ICMP or TCP). Windows tracert defaults to ICMP Echo Request probes — the same protocol as ping. Both produce equivalent output for the typical user. UDP traceroute is sometimes blocked where ICMP is not (and vice versa), so trying both can reveal different paths. Modern alternatives include mtr (Linux/macOS) which combines ping and traceroute into a real-time display.

Does high latency on one hop mean it is the bottleneck?

Not necessarily. A single hop showing high latency might be because that specific router de-prioritizes the ICMP responses it sends back — the actual data path through it may be fast. The relevant signal is the latency to the FINAL destination, not intermediate hops. Also, latency can vary widely per probe because routers send ICMP replies at low priority. Use the latency to the destination (last hop) as the meaningful metric; intermediate hops are informational about the path structure.

Can traceroute reveal the geographic path my packets take?

Approximately. Each router hop has an IP address that can be geolocated via WHOIS or commercial IP-geolocation databases. Tools like BGP.he.net or visual traceroute services overlay hops on a map. The geographic information is best-effort; some routers are operated remotely from their physical location, and geolocation databases have inaccuracies, especially for transit networks. The hop ASN (autonomous system) information is more reliable than physical geography.

Run a Speed Test

Related Terms

Ping

The companion diagnostic tool.

ICMP

The protocol traceroute uses.

TTL

The IP field that makes traceroute work.

RTT

Round-trip time — what traceroute measures per hop.

Full Glossary

All networking terms defined in plain English.

More From This Section

All Networking Terms

A-to-Z networking and internet glossary.

5G

5G (Fifth Generation Cellular): 5G is the fifth generation of cellular wireless technology, offering peak speeds of…

API

An API is a defined contract that lets one piece of software request data or services from another — the basis of every…

Run a Speed Test

Measure download, upload, ping, and jitter in your browser.