How Traceroute Works: Network Path Analysis Guide
When you connect to a website, your data doesn't travel in a straight line — it bounces through multiple routers and networks before reaching its destination. Traceroute is a diagnostic tool that reveals every hop along this path, showing you exactly where delays, failures, or routing issues occur. Understanding traceroute is essential for network troubleshooting and performance analysis.
What is Traceroute?
Traceroute (called tracert on Windows) is a network diagnostic tool that maps the route packets take from your device to a destination. It sends a series of specially crafted packets with increasing TTL (Time To Live) values, forcing each router along the path to respond, revealing its IP address and response time.
Each line in a traceroute output represents a hop — a router or network device that your data passes through. A typical traceroute shows 10-20 hops for most destinations, with response times for each hop measured in milliseconds.
How Traceroute Works Step by Step
- Hop 1: Traceroute sends a packet with TTL=1. The first router decrements TTL to 0 and sends back an ICMP "Time Exceeded" message, revealing its IP address.
- Hop 2: Traceroute sends a packet with TTL=2. The first router passes it through, the second router decrements TTL to 0 and responds with its IP address.
- Hop 3: TTL=3, revealing the third router. This continues until the destination is reached.
- Final hop: When the destination responds, traceroute knows it has reached the target and stops.
By default, traceroute sends 3 packets per hop to measure consistency and average response times.
Traceroute Commands by OS
Windows (tracert)
tracert example.com tracert -d example.com # Don't resolve hostnames (faster) tracert -h 30 example.com # Maximum 30 hops tracert -w 5000 example.com # 5 second timeout per hop
macOS / Linux (traceroute)
traceroute example.com traceroute -n example.com # Don't resolve hostnames traceroute -m 30 example.com # Maximum 30 hops traceroute -w 5 example.com # 5 second timeout traceroute -I example.com # Use ICMP instead of UDP
How to Read Traceroute Output
traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets 1 192.168.1.1 1.234 ms 0.987 ms 1.123 ms 2 10.0.0.1 5.456 ms 5.123 ms 5.789 ms 3 72.14.215.85 12.345 ms 11.234 ms 12.567 ms 4 * * * 5 142.250.68.1 18.234 ms 17.890 ms 18.456 ms 6 93.184.216.34 22.123 ms 21.987 ms 22.345 ms
Each line shows:
- Hop number: Sequential position in the path
- IP address: The router's IP at this hop li>Three latency measurements: Response times in milliseconds for each of the 3 probes
- * * *: The router at this hop did not respond (common for firewalls that block ICMP)
Common Traceroute Patterns
High Latency at One Hop
If one hop shows significantly higher latency than the others (e.g., 200ms when others are 10-20ms), that router or network is a bottleneck. This could indicate congestion, a long physical distance, or a slow link.
* * * (Three Asterisks)
Asterisks mean the hop didn't respond. This is normal and usually means the router is configured to ignore traceroute packets or rate-limit ICMP responses. It doesn't necessarily indicate a problem — your packets are still passing through.
Sudden Jump in Latency
If latency jumps dramatically between two consecutive hops (e.g., from 5ms to 150ms), this usually indicates a trans-oceanic link or a different ISP's network. The physical distance between routers can cause legitimate latency increases.
Routing Loops
If you see the same IP address appearing multiple times, there may be a routing loop. This is a serious issue that needs to be reported to the network operator.
Traceroute vs Ping
| Feature | Ping | Traceroute |
|---|---|---|
| Purpose | Test reachability and latency | Map the complete network path |
| Shows path | No — only end-to-end | Yes — every hop |
| Shows latency | Overall round-trip time | Latency at each hop |
| Identifies bottlenecks | No | Yes |
| Speed | Fast (seconds) | Slower (10-60 seconds) |
| Use case | Quick connectivity test | Detailed path analysis |
Practical Use Cases
- Website loading slowly? Traceroute shows which hop is causing the delay
- Can't reach a server? Traceroute shows where the connection fails
- VPN issues? Compare traceroute with and without VPN to see the routing difference
- Choosing a hosting provider? Traceroute from your location shows the actual path and latency
- DNS issues? Combine traceroute with DNS lookup for complete diagnosis
FAQ
Why do some hops show * * *?
Routers or firewalls may be configured to block ICMP Time Exceeded messages. This is common and doesn't indicate a problem — your packets still pass through normally.
Is traceroute the same as tracert?
They serve the same purpose but use different protocols. traceroute (Linux/macOS) uses UDP packets by default, while tracert (Windows) uses ICMP. Use traceroute -I on Linux/macOS to match Windows behavior.
Can traceroute show my IP address?
Yes, the first hop (hop 1) shows your router's IP. Your public IP address is usually visible at hop 2 or 3, depending on your network configuration.
Check your IP and test your connection at miip.link — free network tools.