traceroute can tell you where packets are getting lost, but its real power is revealing the why behind network latency.
Let’s see it in action:
traceroute google.com
Output might look like this:
traceroute to google.com (172.217.160.142), 64 hops max, 52 byte packets
1 _gateway (192.168.1.1) 0.783 ms 1.011 ms 1.245 ms
2 10.0.0.1 (10.0.0.1) 8.912 ms 9.103 ms 9.345 ms
3 72.14.223.177 (72.14.223.177) 15.678 ms 15.901 ms 16.123 ms
4 108.170.245.161 (108.170.245.161) 20.112 ms 20.345 ms 20.567 ms
5 142.250.11.137 (142.250.11.137) 25.456 ms 25.678 ms 25.901 ms
6 142.250.224.21 (142.250.224.21) 30.789 ms 30.901 ms 31.123 ms
7 142.251.52.101 (142.251.52.101) 35.112 ms 35.345 ms 35.567 ms
8 lhr26s33-in-f14.1e100.net (172.217.160.142) 40.789 ms 40.901 ms 41.123 ms
Here’s the mental model: traceroute works by sending out a series of UDP packets (or ICMP echo requests, depending on the implementation) with incrementally increasing Time-To-Live (TTL) values.
- TTL: Think of TTL as a hop counter. Each router a packet passes through decrements the TTL by one. When a router receives a packet with TTL 0, it discards the packet and sends back an ICMP "Time Exceeded" message to the source.
- The Trace:
- The first set of packets goes out with TTL 1. The first router decrements TTL to 0, discards the packet, and sends back an ICMP message.
tracerouterecords the IP address and round-trip time (RTT) of this router. - The second set of packets goes out with TTL 2. The first router decrements TTL to 1 and forwards the packet. The second router decrements TTL to 0, discards it, and sends back an ICMP message.
tracerouterecords the second router’s IP and RTT. - This continues, incrementing the TTL by one for each subsequent set of packets, until the destination is reached or the maximum TTL (usually 64) is exhausted.
- The first set of packets goes out with TTL 1. The first router decrements TTL to 0, discards the packet, and sends back an ICMP message.
The output shows you each hop (router) along the path and the time it took for the packet to reach that hop and for the ICMP response to come back. This RTT is a good proxy for latency at that specific point in the network.
The real magic is in interpreting the output.
- Sudden Latency Spikes: If you see a consistent jump in latency at a particular hop that persists across multiple
tracerouteruns, it suggests congestion or a slow link at that hop or the link leading to it. - High Latency Early On: If the first few hops from your local network show high latency, the problem is likely within your home/office network or your ISP’s edge.
- Consistent High Latency Throughout: If every hop shows high latency, it’s a broader network issue, potentially with your ISP or upstream providers.
- Packet Loss (Asterisks): If you see asterisks (
* * *) for a hop, it means no ICMP "Time Exceeded" message was received. This could be due to:- The router is configured to not send ICMP messages (common for security).
- A firewall is blocking the ICMP response.
- The router or the link to it is overloaded and dropping packets.
The IP addresses you see are not necessarily the "names" of the routers, but their network interfaces. You can use tools like whois or online IP lookup services to get more information about the network owner associated with an IP address, which can help pinpoint which ISP or organization controls that segment of the network.
What trips people up is thinking the asterisks always mean a dead router. Often, it’s just a router configured to be silent, and the actual path continues fine. The key is to look for consistent latency increases or packet loss before a silent hop, or if the asterisks persist and the trace eventually times out.
The next step is to use mtr (My Traceroute), which combines traceroute and ping to provide a continuous, real-time view of network performance to each hop.