My IP Help

Traceroute

Also known as: tracert, tracepath

A network diagnostic tool that discovers each hop on the path from your device to a destination, listing every router in between and the latency to each.

Last updated:

What is traceroute?

Traceroute is a diagnostic tool that reveals every router ("hop") a packet passes through on its way from your device to a destination, and how long the round-trip to each hop takes. The result is a numbered list of intermediate routers, their IP addresses, their hostnames (via reverse DNS), and their round-trip latency in milliseconds.

Traceroute is the first tool you reach for when a connection feels slow or broken — it tells you exactly where on the path the problem is, and which network operator owns that link.

How traceroute works

Traceroute exploits the TTL (Time-to-Live) field in the IP header. Every router that forwards a packet decrements its TTL by 1; when the TTL reaches 0, the router drops the packet and sends back an ICMP "Time Exceeded" message naming itself. Traceroute takes advantage of this:

  1. Send a probe with TTL = 1 — the first router on the path drops it and reveals itself
  2. Send a probe with TTL = 2 — the second router reveals itself
  3. Continue incrementing the TTL until the destination itself responds
  4. Print each hop's IP, reverse DNS, and round-trip time

Each hop is typically probed three times to show variance (20ms 19ms 21ms). Some hops show * * * — that means the router either didn't respond (ICMP rate-limited) or the packets timed out.

Variants

  • Unix traceroute — defaults to UDP probes on high ports, relying on ICMP Port Unreachable to know the destination was reached
  • Windows tracert — uses ICMP Echo Request probes
  • traceroute -I — force ICMP probes on Unix
  • traceroute -T -p 443 — TCP-based, useful when ICMP/UDP are filtered and you want to test the actual TCP path
  • mtr — a continuously-updating hybrid of ping and traceroute that runs many iterations to smooth out jitter

Reading a traceroute

A healthy traceroute shows monotonically increasing latency as you get further from the source. A sudden jump of tens or hundreds of milliseconds at one hop usually means a long-haul link (transoceanic cable, satellite); a sudden jump that stays elevated often indicates a congested peering link. Repeated * * * at the final hops usually means the destination blocks ICMP responses — this is not a failure.

Traceroute shows an asymmetric path back to source, so the apparent latency can include a long return route. mtr helps distinguish which direction is slow.

Run a traceroute from our infrastructure to any host with the visual traceroute tool.

Frequently Asked Questions

Ping checks whether a single destination is reachable and reports the round-trip time to it. Traceroute lists every router between you and the destination and the latency to each one. Use ping to answer "is it up?"; use traceroute to answer "where on the path is the problem?". Tools like `mtr` combine both — they continuously ping every hop discovered by traceroute.
Three asterisks mean no reply was received within the timeout for any of the three probes to that hop. The most common reasons are ICMP rate limiting on the router (it processed your packet but throttled the reply), a firewall silently dropping the probe, or the destination configured to ignore traceroute traffic. Asterisks do not necessarily mean the path is broken — if hops continue past them, the missing hop just chose not to respond.
For hops on the same continent, single-digit to low-double-digit milliseconds is normal. Transcontinental hops typically add 40-80 ms (US-EU) or 130-180 ms (US-Asia). What matters more than the absolute number is the pattern: latency should increase monotonically as you move further from source. A sudden 50 ms+ jump that stays elevated suggests a congested link or a long-haul hop you didn't expect.
`tracert` is the Windows version; `traceroute` is the Unix and Linux version. Functionally they do the same thing but use different default probe types — `tracert` sends ICMP Echo Request, while `traceroute` defaults to UDP probes on high port numbers. Networks that filter one protocol but not the other can produce different traces from the same source. `traceroute -I` forces ICMP mode on Unix to match `tracert`'s behavior.
Traceroute reports each router's IP, then a separate geolocation lookup maps that IP to a city. Router IPs are often registered to the operator's headquarters address even when the device sits in another country, so a router physically in Frankfurt might show the operator's New York HQ. Latency is the more reliable signal — a hop that resolves to "New York" but adds only 5 ms from Frankfurt is clearly still in Europe, regardless of what the geo data says.
Back to glossary