traceroute explained (how it works and how to use it)

Topic: Networking basics

traceroute shows the path packets take to a destination by using TTL expiry or ICMP/UDP probes. Use it to see where a path fails or which hop adds latency. Use this when debugging connectivity or path issues and when you need to interpret traceroute output.

Intent: How-to

Quick answer

  • traceroute sends packets with TTL 1, 2, 3, ... so each hop sends back a time-exceeded (or port unreachable) reply. Each line is one hop; asterisks mean no reply (firewall, or reply not returned). Run traceroute DEST_IP or traceroute -n DEST to avoid DNS lookups.
  • Linux often uses UDP (high port) by default; some use ICMP (-I) or TCP (-T). Windows uses ICMP. If UDP is blocked, try traceroute -I (ICMP) or traceroute -T 80 (TCP to port 80).
  • Use output to see where the path stops (last hop before timeouts) or where latency jumps. Asymmetric paths mean return may take a different route; traceroute shows the path from you to destination, not necessarily the reverse.

Prerequisites

Steps

  1. Run traceroute

    traceroute DEST_IP or hostname. traceroute -n to skip DNS. Each line is a hop; RTT is round-trip time to that hop. Asterisks mean no response (may be filtered or not replying).

  2. Interpret output

    First hop is usually your gateway; last hop before timeouts is where the path fails or where something filters. Large latency jump at a hop may indicate congestion or a slow link. Compare to a known-good path if available.

  3. Try different protocols

    If all hops show asterisks, UDP may be blocked. Try traceroute -I (ICMP) or traceroute -T 80 (TCP). Some networks allow ICMP but not UDP high ports, or vice versa.

  4. Asymmetry and limits

    traceroute shows the path from source to destination; return path can differ. Some hops may not respond (policy); that does not mean the path is broken. Use with ping and other tests to confirm.

Summary

traceroute shows the path to a destination using TTL expiry. Use it to find where the path fails or where latency increases. Try ICMP or TCP if UDP is blocked. Use this when debugging path or connectivity issues.

Prerequisites

Steps

Step 1: Run traceroute

Run traceroute to the destination; use -n to avoid DNS. Read each hop and RTT.

Step 2: Interpret output

First hop is typically the gateway; the last hop before timeouts is where the path fails or is filtered. Use latency jumps to spot slow hops.

Step 3: Try different protocols

If all hops are asterisks, try -I (ICMP) or -T 80 (TCP).

Step 4: Asymmetry and limits

Path can be asymmetric; non-responding hops do not always mean failure. Correlate with ping and other tests.

Verification

You can run traceroute and interpret where the path fails or where latency increases.

Troubleshooting

All asterisks — Try ICMP or TCP; some hops may not respond by policy. Stops at firewall — Expected if the firewall does not send time-exceeded; use other tests (ping, port probe) to confirm connectivity.

Next steps

Continue to