What Is the Traceroute Command?

Routers are a crucial component of the Internet. Behind the scenes, they communicate with each other so that they can route data packets to their correct destination. Traceroute is a tool designed to trace the path these data packets take from the source to the specific destination on the Internet. Almost every operating system includes it. In this article, learn what the traceroute command is on Linux and MacOS, how to use it, and how to interpret its result. 

What is the traceroute command? 

The traceroute command is a network diagnostic tool used to trace the exact path packets take across an IP network from the source to the destination, which is usually a server or another computer on a network. It shows each step along the way, known as a hop, and the time it takes for each hop to respond.

A graphic portraying the traceroute command on a computer

A hop in networking is a layer 3 device that a data packet must pass through to get to its destination. Typically a router or gateway a packet encounters along its path is considered a hop.

The traceroute tool collects the IP address and sometimes the domain name of each router that the packet passes through before the TTL expires. When you run the command, you can comprehensively visualize the path your network’s traffic takes in a few seconds. 

Traceroute is similar to the ping command. It uses the Internet Control Message Protocol (ICMP) in an attempt to establish communication with a remote host. What traceroute does differently is that it gives more information than the ping command. 

Instead of telling us whether a host can be reached or not, traceroute pings each hop on its journey to the destination. The way traceroute lists hops is clever; it uses the Time-To-Live (TTL) mechanism to measure the round-trip time packets take from each router to the destination.

Many network administrators use the traceroute command daily. It has become a troubleshooting command for identifying where the problem is arising. For example, if the traceroute shows that packets are dropping at a particular router, you can investigate that router further.

Traceroute is a convenient tool for different operating systems. The Linux command for traceroute is traceroute, and it is named traceroute in other Unix-like systems such as MacOS. The command is tracert in Windows. 

How traceroute works 

When you initiate a traceroute, your device sends out an IP packet with the destination address - the final target you want to reach - along with a special value known as TTL. 

Each packet includes a TTL value. It is what limits how many times the packet can be forwarded by routers before being discarded.

As the packet travels, it passes through various routers, which are like checkpoints on the Internet. Each time the packet reaches a router, the TTL decreases by 1. When the TTL reaches 0, the router discards the packet and sends a message back to your device, letting you know it has reached that particular checkpoint.

This message is called an ICMP Time Exceeded message. The important part of this message is that it includes the IP address of the router that discarded the packet. Traceroute uses these messages to learn the identity and location of each router the packet encounters.

It starts with a low TTL, so the packet is discarded early in the journey. Then, with each new packet, the TTL gradually increases. This way, each hop in the journey is revealed one by one.

Ultimately, the tool provides a detailed map of the path your data follows. This information is crucial for diagnosing where delay is happening in the network. 

On most systems, traceroute sends either ICMP packets or UDP (User Datagram Protocol) packets to the destination.

Syntax and options for traceroute command

Basic syntax

The basic syntax of the traceroute command is as follows:

Traceroute [options] destination [maximum_hops] [packet_size]

Each term or element in the command means something different in reference to the command.

  • destination is the domain name or IP address of the target you want to trace the route to. This is the required argument, like traceroute google.com
  • [options] contains optional flags that modify the behavior of the traceroute command.
  • [maximum_hops] specifies the maximum number of hops the command will trace before stopping. The default is usually 30. An example is traceroute -m 20 google.com, which limits to 20 hops.
  • [packet_size] specifies the size of the packet sent in bytes. The default varies depending on the operating system but is typically 60 bytes. The command traceroute google.com 56, for example, sets the packet size to 56 bytes.

Common options 

You can use various options to customize the behavior of the traceroute command. These primarily allow you to specify parameters such as the maximum number of hops, number of probe packets sent at each hop, and the timeout in seconds for each probe.

Some optional flags that modify how the traceroute command behaves include:

  • -q: Specifies the number of probe packets sent at each hop (default is 3).
  • -m: Sets the maximum number of hops (TTL) the traceroute will attempt before stopping.
  • -w: Sets the timeout (in seconds) for each probe.
  • -n: Prevents the resolution of IP addresses to hostnames, displaying only numeric IP addresses.
  • -I: Uses ICMP Echo Request packets instead of the default UDP packets.
  • -p: Specifies the protocol to use (e.g., ICMP, UDP).
  • -m max_tt: Specifies the maximum number of hops for the tracing process. The default max_ttl value is 30.
  • -g gateway_addr: Directs the outgoing data packets to a certain gateway using the IP source routing option.
  • /4 or /6: Traceroute will only use either IPv4 or IPv6 hops for the command.

When to use traceroute command 

You’ll find the traceroute command necessary in various scenarios. If you're experiencing a sluggish website, running a traceroute can reveal bottlenecks in the network path between your computer and the website's server. When experiencing slow Internet speeds in general, traceroute helps pinpoint the specific hop where the slowdown occurs.

Additionally, when you want to assess the quality of the connection to the mail server, you need to check if there are network issues causing delays or dropped messages. If you suspect incorrect routing or misconfigurations on your network, traceroute helps identify problematic areas. You can also measure average response times and track the path that data packets use within your network to understand its structure.

How to run traceroute command 

Perhaps the biggest benefit of running the traceroute command on various operating systems is that it is done in a few steps. But this depends on the device you’re working on.

Traceroute on Linux

Many Linux distributions come with traceroute pre-installed. To check if it's available on your system, follow these steps.

  1. Open Terminal on your computer. Press Ctrl + Alt + T or search for "Terminal" in your Applications menu.
  2. Type the traceroute command. Type traceroute [hostname] and replace "hostname” with the website or address of the target you want to trace. 
  3. Press Enter and analyze the results. Wait for the trace to complete and review the results. The output of traceroute will display the hop number, IP address, hostname, and response times. 

Traceroute on MacOS

Like the Linux systems, MacOS systems' traceroute is included by default. Here’s how to run the tool on your Mac.

  1. Open the Terminal app. Press cmd + Space to open Spotlight Search, type Terminal, and press Enter.
  2. Type the traceroute command. Type traceroute [domain name] replace “domain name” with the website or address you want to trace.
  3. Press Enter and review the results. Wait for the trace to complete and review the results.

Traceroute on Windows

For your Windows computer, follow these steps.

  1. Open Command Prompt. Press Win + R, type cmd, and press Enter to open the Command Prompt.
  2. Type the tracert command. Type the command tracert [hostname]. Replace “hostname” with the domain name or IP address you want to trace.
  3. Press Enter and analyze the results. The command will return output indicating the hops tracked and time for each hop.

Interpreting the traceroute output

After running the traceroute command, then the system displays the results in a series of rows. Each row corresponds to a hop, which represents one of the steps a packet takes on its journey from your computer to the destination server. 

Consider the following example of a traceroute report.

  1   10 ms   11 ms   10 ms  192.168.1.1

  2   15 ms   14 ms   16 ms  10.0.0.1

  3   20 ms   21 ms   20 ms  example-router.com [203.0.113.1]

  4   35 ms   36 ms   35 ms  198.51.100.1

  5   45 ms   44 ms   46 ms  destination.com [203.0.113.5]

  • Hop number. The first column lists the hop number, starting with 1, 2, 3. Each row represents a different hop that the packet takes through a network device on its way to the final destination. The purpose of a hop number is to help track the packet's progress.
  • RTT (Round-Trip Time). The next three columns display the RTT for each packet sent.
    RTT is the time it takes for a packet to travel from your computer to the destination and back again. The traceroute command sends three packets by default, so you’ll see three RTT values for each hop. RTT intends to measure the latency at each hop.
  • IP address or hostname. The final column shows the IP address or hostname of the router at each hop. If the device has a hostname that can be resolved, traceroute may display it instead of the IP address. This information identifies the specific devices your packet is passing through.

We analyze a traceroute report for many concrete reasons. You can identify where delays are during transmission of data packets. 

If a particular hop consistently shows high RTT values, it might indicate a network issue at that specific point. 

Traceroute command errors

Even when properly executed, the command can sometimes return errors. Familiarize yourself with these common problems with the traceroute command before you use it to map or troubleshoot on your network. 

  • Asterisks (*) at various points. An asterisk indicates that the request timed out. This means the traceroute tool was unable to receive a response from a particular hop within the specified timeout period. This is potentially problematic because it could be that the router at a hop is configured to block ICMP packets used by traceroutes. 
  • Destination not reachable. This error occurs when the IP packets cannot find a route to the destination address. Common causes include a nonexistent destination IP address.
  • Elevated latency after one hop. This usually means there's a problem with that hop or the connection between it and the previous one. Since all following hops rely on the same path, their latency will also be affected. 
  • Packet loss. The packets sent by traceroute might be dropped somewhere along the path, preventing a response from reaching the sender.

Common uses of the traceroute command

As mentioned, the traceroute command is a common and essential tool for users attempting to troubleshoot or analyze their network performance. Common uses of the command include:

  • Port and protocol troubleshooting. Traceroute can be a tool for identifying specific protocol or port blocking issues. If a firewall is blocking UDP traffic to that port, then you’d likely see timeouts.
  • Analyzing network performance. It provides the round-trip time (RTT) for each hop, which can be useful for analyzing network performance and identifying network bottlenecks.
  • Mapping the Internet. The command is used to map the routes across the Internet because it provides a rough idea of the physical journey data takes across networks and ISPs.
  • Load balancing accuracy. Running traceroute increases the accuracy of results when you suspect load balancing is causing inconsistent paths. It can add the number of queries sent per hop though, by default, traceroute sends three packets per hop.

Frequently asked questions

What is the difference between dig and traceroute command? 

The dig command queries DNS records for domain information, while the traceroute command traces the network path packets take to a destination.

What information does traceroute provide?

Traceroute provides hop-by-hop details, IP addresses, and round-trip times for packets to reach a destination.

What is the traceroute command in Linux?

The Linux traceroute command is traceroute.

What is the traceroute command on Mac?

The Mac traceroute command is traceroute.

Author

Written by Lizzy Schinkel & WhatIsMyIP.com® Editorial Contributors

Lizzy is a tech writer for WhatIsMyIP.com®, where she simplifies complex tech topics for readers of all levels. A Grove City College graduate with a bachelor’s degree in English, she’s been crafting clear and engaging content since 2020. When she’s not writing about IP addresses and online privacy, you’ll likely find her with a good book or exploring the latest tech trends.

Reviewer

Technically Reviewed by Brian Gilbert

Brian Gilbert is a tech enthusiast, network engineer, and lifelong problem solver with a knack for making complicated topics simple. As the overseer of WhatIsMyIP.com®, he combines decades of experience with a passion for helping others navigate the digital world.