How to Read a Traceroute
The traceroute tool is one of the simplest yet most helpful tools you can use to troubleshoot network issues. This tool is built into virtually every operating system, so no matter what type of computer you are working on, you will have it available. Traceroute runs a connection test from one computer to another device, showing each “hop” that it takes between devices on the network.
A simple example of this would be to run a traceroute from your computer to Catchpoint’s servers. The specific results will be different for each person. However, in most cases, the results will show you somewhere around 15-20 “hops” that data takes to get from your computer to Catchpoint’s servers and back. The first one would likely be your local router, and from there the data will take multiple “hops” through your internal network and out through your internet service provider (ISP) and over the Internet, before finally reaching Catchpoint’s servers.
Figure 1 shows an example of what you might see.
Understanding how to run this tool, and what all the different information displayed when you run a traceroute command means, will help you when troubleshooting various types of problems.
How to run the Traceroute command
Running a traceroute is very simple. The first step is to bring up a command prompt on your computer. The specific method to bring this up will depend on what operating system you are using. For Windows 10, for example, you can simply click on the start button and type CMD to bring up the options below.

From here, simply click on the Command Prompt app to open it up. When your command prompt has loaded, just type the command tracert followed by the destination you want to use to run the test. For example, to run a test to catchpoint.com you would type tracert catchpoint.com and hit enter. (For Linux and macOS devices, you would type traceroute catchpoint.com instead.)
Available options for the Traceroute command
In most cases, the default traceroute command will give you the information you need. There are, however, some additional options that you can use to get more details or change how the command runs.
Accessing these options is done by adding in one or more option flags after the traceroute command and before the destination. On Windows-based machines, the flags for various options start with a “/”. For example: tracert /d catchpoint.com.
The following are the most commonly used options that you can choose from and what they do:
- /d — This flag stops the attempt to resolve an IP address to a domain name at each hop. This can speed up the trace and provide you with a clear list of IPs at each hop that is not cluttered with full domain names.
- /h — Use this flag to specify the maximum number of hops; the default is 30. Increasing this limit may be necessary for destinations that are far away. To set the maximum number of hops to 45, for example, you would type tracert /h 45 catchpoint.com .
- /w — This sets the amount of time that the command will wait at a hop before timing out, measured in milliseconds. The default is 4 seconds (4,000 milliseconds). Type /w 6000, for example, to set the timeout to 6 seconds.
- /4 or /6 — Using the /4 or /6 flag makes it so the traceroute command will only use either IPv4 or IPv6 hops for the command.
- /h — This will bring up help information about the traceroute command.
{{banner-3="/design/banners"}}
How to read the results from a Traceroute
One of the best things about the traceroute tool is that once you learn how to read the results, you can understand the information it provides with just a quick glance. When you look at the example results of the traceroute listed above, you will see several key pieces of information.
The following table breaks down the key information you will see:
Hop Number
The first column just tells you which hop the trace is on. Whenever you access the Internet (or even data on an internal network), the data travels from one piece of hardware to another. These will typically be routers, but could also be switches, servers, or even computers. Each of these pieces of hardware that the data goes through is considered a hop.
The total number of hops that a connection goes through will depend on many factors, the most important of which is the physical locations where you run the command and the destination.
Round Trip Time (RTT) Results
The next three columns (Table 3) show the amount of time it took data to go from the source (typically your computer) to that hop and back. This is measured in milliseconds.
When running the traceroute command, you are sending data to each hop three times. The first column is the amount of time it took the first time, the second is for the second attempt, and the third is for the last attempt. When everything is running properly, the round-trip time for each attempt should be similar.
Hop Name and IP Address
The final column is where the name, IP address, or other information about the hop is displayed. The information displayed here is determined by the settings on the hop itself.
Some devices are set to only display their IP addresses. Others will also display the device name or other information. In some cases, the owner of the device has set it up so that it will not reveal any information at all, in which case you will simply see an asterisk (*) for that particular hop.
Common problems discovered with Traceroute
You can use this command to look for a variety of different types of network issues to determine what types of problems may be present based on the results displayed.
Asterisks (Timeouts) at various points
The most common issue you will see with a traceroute is a timeout response, which is represented by an asterisk (*). These happen quite frequently and for a variety of different reasons. In the following example, you can see multiple hops have asterisks when attempting to run a traceroute to google.com.
When you see an asterisk, it will mean one of the following things:
- Single Asterisk on a Hop: This means that the request timed out on just one of the three attempts. This can be a sign that there is an intermittent problem at that hop.
- Three Asterisks, Then Failure: If you see all three attempts at a hop have asterisks and then the traceroute errors out, it means that the hop is completely down.
- Three Asterisks, Then Success: If you see three attempts at a hop failing but then the rest of the traceroute continues without an issue, that is actually not a problem at all. This simply means that (as mentioned earlier) the device at that hop is configured not to respond to pings or traceroutes so the attempt times out.
Elevated latency after one hop
If everything looks fine for several hops but then the response times jump up significantly at one point and each hop after that remains high, it likely means a problem either at that hop or on the connection between it and the previous one. Since the connection from you to each successive hop has to go through that one, they will all be impacted by the latency it is causing.
If you can identify where that hop is located, you can work with the owner of that connection to troubleshoot the problem. The issue will most often be with their data circuit.
If you do not know the owner of that connection and this latency is causing significant problems, you may be able to work with your Internet service provider to have your traffic routed around that point.
One hop of elevated latency
If you see one hop that has an elevated response time but then the rest of the hops return to normal, this is not anything to be concerned about. It simply means that the device at that hop is configured so that responding to traceroutes is a low priority, which causes this type of delay. While there may appear to be latency on the traceroute, that slowness will not impact normal internet traffic.
Alternatives to Traceroute
There is no doubt that the traceroute command is one of the most frequently used tools when troubleshooting connectivity issues. In many cases, it will provide you with the exact information you need to rule out a specific problem. If you need additional information or more complex options, you will want to turn to advanced tools such as Catchpoint’s Network Observability tool.
Our Network Observability tool will provide you with the same helpful information that you can find with traceroute and much more. For example, you can take advantage of DNS, CDN, and BGP monitoring to get detailed information about the connectivity between two (or more) points. You will also be able to keep the data over time so that it can be referenced if needed.
For most network administrators, help desk support people, and other individuals who engage in this type of troubleshooting, having access to both the simplicity of traceroute and the functionality of Catchpoint’s Network Observability tool is the perfect balance.
{{banner-sre="/design/banners"}}
Get started with Traceroute today
Anyone who wants to be able to troubleshoot connectivity issues over a public network will need to understand how to use the traceroute command. While it is not complex, it does take some getting used to.
Taking the time to experiment with the various traceroute options and learning how to understand the results generated from this command will provide essential understanding for those working anywhere in the IT industry.