How to Read a Traceroute

The traceroute tool is one of the simplest yet most helpful tools you can use to troubleshoot network issues. This tool is built into virtually every operating system, so no matter what type of computer you are working on, you will have it available. Traceroute runs a connection test from one computer to another device, showing each “hop” that it takes between devices on the network.

A simple example of this would be to run a traceroute from your computer to Catchpoint’s servers. The specific results will be different for each person. However, in most cases, the results will show you somewhere around 15-20 “hops” that data takes to get from your computer to Catchpoint’s servers and back. The first one would likely be your local router, and from there the data will take multiple “hops” through your internal network and out through your internet service provider (ISP) and over the Internet, before finally reaching Catchpoint’s servers.

Figure 1 shows an example of what you might see.

Microsoft Windows [Version 10.0.19043.1288]
(c) Microsoft Corporation. All rights reserved.
C:\Users\Michael>tracert catchpoint.com
Tracing route to catchpoint.com []
Over a maximum of 30 hops: 
1	2ms	1ms	1ms
2 	10ms	10ms	10ms
3	10ms	11ms	12ms
4	10ms	16ms	10ms
5	19ms	16ms	20ms
6	15ms	19ms	14ms
7          	19ms 	22ms 	21ms 	be-32121-cs02.350ecermak.il.ibone.comcast.net []
8          	22ms 	34ms 	22ms 	be-2204-pe04.350ecermak.il.ibone.comcast.net []
9          	22ms 	20ms 	20ms
10       	51ms 	50ms 	49ms 	ae18-0.cr02.dlls02-tx.us.windstream.net []
11       	73ms 	72ms 	72ms 	ae4-0.agr03.phnd01-az.us.windstream.net []
12       	84ms 	73ms 	75ms 	ae1-0.pe05.phnd01-az.us.windstream.net []
13       	85ms 	84ms 	85ms 	h241.23.132.40.static.ip.windstream.net []
14       	*         	82ms 	78ms 	be181.las-n10s1-core1.switch.com []
15       	79ms 	77ms 	80ms 	bell011.las-agg7s5-1.switch.com []
16       	79ms 	77ms 	79ms
17       	77ms 	77ms 	87ms
Trace complete

Understanding how to run this tool, and what all the different information displayed when you run a traceroute command means, will help you when troubleshooting various types of problems.

How to run the Traceroute command

Running a traceroute is very simple. The first step is to bring up a command prompt on your computer. The specific method to bring this up will depend on what operating system you are using. For Windows 10, for example, you can simply click on the start button and type CMD to bring up the options below.

Figure 2: Command Prompt options in Windows 10.

From here, simply click on the Command Prompt app to open it up. When your command prompt has loaded, just type the command tracert followed by the destination you want to use to run the test. For example, to run a test to catchpoint.com you would type tracert catchpoint.com and hit enter. (For Linux and macOS devices, you would type traceroute catchpoint.com instead.)

Available options for the Traceroute command

In most cases, the default traceroute command will give you the information you need. There are, however, some additional options that you can use to get more details or change how the command runs.

Accessing these options is done by adding in one or more option flags after the traceroute command and before the destination. On Windows-based machines, the flags for various options start with a “/”. For example: tracert /d catchpoint.com.

The following are the most commonly used options that you can choose from and what they do:

  • /d — This flag stops the attempt to resolve an IP address to a domain name at each hop. This can speed up the trace and provide you with a clear list of IPs at each hop that is not cluttered with full domain names.
  • /h — Use this flag to specify the maximum number of hops; the default is 30. Increasing this limit may be necessary for destinations that are far away. To set the maximum number of hops to 45, for example, you would type tracert /h 45 catchpoint.com .
  • /w — This sets the amount of time that the command will wait at a hop before timing out, measured in milliseconds. The default is 4 seconds (4,000 milliseconds). Type /w 6000, for example, to set the timeout to 6 seconds.
  • /4 or /6 — Using the /4 or /6 flag makes it so the traceroute command will only use either IPv4 or IPv6 hops for the command.
  • /h — This will bring up help information about the traceroute command.


How to read the results from a Traceroute

One of the best things about the traceroute tool is that once you learn how to read the results, you can understand the information it provides with just a quick glance. When you look at the example results of the traceroute listed above, you will see several key pieces of information.

The following table breaks down the key information you will see:

Hop Number RTT Attempt 1 RTT Attempt 2 RTT Attempt 3 Hop Details
1 2ms 1ms 1ms
2 10ms 10ms 10ms
3 10ms 11ms 12ms

Hop Number

Hop Number RTT Attempt 1 RTT Attempt 2 RTT Attempt 3 Hop Details
1 2ms 1ms 1ms
2 10ms 10ms 10ms
3 10ms 11ms 12ms

The first column just tells you which hop the trace is on. Whenever you access the Internet (or even data on an internal network), the data travels from one piece of hardware to another. These will typically be routers, but could also be switches, servers, or even computers. Each of these pieces of hardware that the data goes through is considered a hop.

The total number of hops that a connection goes through will depend on many factors, the most important of which is the physical locations where you run the command and the destination.

Round Trip Time (RTT) Results

Hop Number RTT Attempt 1 RTT Attempt 2 RTT Attempt 3 Hop Details
1 2ms 1ms 1ms
2 10ms 10ms 10ms
3 10ms 11ms 12ms

The next three columns (Table 3) show the amount of time it took data to go from the source (typically your computer) to that hop and back. This is measured in milliseconds.

When running the traceroute command, you are sending data to each hop three times. The first column is the amount of time it took the first time, the second is for the second attempt, and the third is for the last attempt. When everything is running properly, the round-trip time for each attempt should be similar.

Hop Name and IP Address

Hop Number RTT Attempt 1 RTT Attempt 2 RTT Attempt 3 Hop Details
1 2ms 1ms 1ms
2 10ms 10ms 10ms
3 10ms 11ms 12ms

The final column is where the name, IP address, or other information about the hop is displayed. The information displayed here is determined by the settings on the hop itself.

Some devices are set to only display their IP addresses. Others will also display the device name or other information. In some cases, the owner of the device has set it up so that it will not reveal any information at all, in which case you will simply see an asterisk (*) for that particular hop.

Common problems discovered with Traceroute

You can use this command to look for a variety of different types of network issues to determine what types of problems may be present based on the results displayed.

Asterisks (Timeouts) at various points

The most common issue you will see with a traceroute is a timeout response, which is represented by an asterisk (*). These happen quite frequently and for a variety of different reasons. In the following example, you can see multiple hops have asterisks when attempting to run a traceroute to google.com.

C:\Users>tracert google.com
Tracing route to google.com [2607:f8b0:4009:819::200e]
Over a maximum of 30 hops:
1          	1ms    	1ms    	1ms    	2601:404:cf00:75c0:e2db:d1ff:fe1d:23ad
2          	8ms    	*         	*         	2001:558:4020:30::1
3          	9ms    	11ms 	13ms 	2001:558:112:3c0a::1
4          	12ms 	9ms    	10ms 	2001:558:110:b02c::1
5          	*         	20ms 	*         	2001:558:110:f1::1
6          	34ms 	20ms 	27ms 	2001:558:110:71::2
7          	*         	21ms 	21ms 	be-32131-cs03.350cermak.il.ibone.comcast.net [2001:558:3:2ae::1]
8          	21ms 	*         	*         	be-2311-pe11.350cermak.il.ibone.comcast.net [2001:558:3:72::2]
9          	20ms 	20ms 	21ms 	2001:559::11b2
10       	19ms 	20ms 	20ms 	2607:f8b0:831d::1
11       	22ms 	23ms 	23ms 	ord38s30-in-x0e.1e100.net [2607:f8b0:4009:819::200e]
Trace Complete

When you see an asterisk, it will mean one of the following things:

  • Single Asterisk on a Hop: This means that the request timed out on just one of the three attempts. This can be a sign that there is an intermittent problem at that hop.
  • Three Asterisks, Then Failure: If you see all three attempts at a hop have asterisks and then the traceroute errors out, it means that the hop is completely down.
  • Three Asterisks, Then Success: If you see three attempts at a hop failing but then the rest of the traceroute continues without an issue, that is actually not a problem at all. This simply means that (as mentioned earlier) the device at that hop is configured not to respond to pings or traceroutes so the attempt times out.

Elevated latency after one hop

If everything looks fine for several hops but then the response times jump up significantly at one point and each hop after that remains high, it likely means a problem either at that hop or on the connection between it and the previous one. Since the connection from you to each successive hop has to go through that one, they will all be impacted by the latency it is causing.

If you can identify where that hop is located, you can work with the owner of that connection to troubleshoot the problem. The issue will most often be with their data circuit.

If you do not know the owner of that connection and this latency is causing significant problems, you may be able to work with your Internet service provider to have your traffic routed around that point.

One hop of elevated latency

If you see one hop that has an elevated response time but then the rest of the hops return to normal, this is not anything to be concerned about. It simply means that the device at that hop is configured so that responding to traceroutes is a low priority, which causes this type of delay. While there may appear to be latency on the traceroute, that slowness will not impact normal internet traffic.

Alternatives to Traceroute

There is no doubt that the traceroute command is one of the most frequently used tools when troubleshooting connectivity issues. In many cases, it will provide you with the exact information you need to rule out a specific problem. If you need additional information or more complex options, you will want to turn to advanced tools such as Catchpoint’s Network Observability tool.

Our Network Observability tool will provide you with the same helpful information that you can find with traceroute and much more. For example, you can take advantage of DNS, CDN, and BGP monitoring to get detailed information about the connectivity between two (or more) points. You will also be able to keep the data over time so that it can be referenced if needed.

For most network administrators, help desk support people, and other individuals who engage in this type of troubleshooting, having access to both the simplicity of traceroute and the functionality of Catchpoint’s Network Observability tool is the perfect balance.


Get started with Traceroute today

Anyone who wants to be able to troubleshoot connectivity issues over a public network will need to understand how to use the traceroute command. While it is not complex, it does take some getting used to.

Taking the time to experiment with the various traceroute options and learning how to understand the results generated from this command will provide essential understanding for those working anywhere in the IT industry.