How to Read a Traceroute

The traceroute tool is one of the simplest yet most helpful tools you can use to troubleshoot network issues. This tool is built into virtually every operating system, so no matter what type of computer you are working on, you will have it available. Traceroute runs a connection test from one computer to another device, showing each “hop” that it takes between devices on the network.

A simple example of this would be to run a traceroute from your computer to Catchpoint’s servers. The specific results will be different for each person. However, in most cases, the results will show you somewhere around 15-20 “hops” that data takes to get from your computer to Catchpoint’s servers and back. The first one would likely be your local router, and from there the data will take multiple “hops” through your internal network and out through your internet service provider (ISP) and over the Internet, before finally reaching Catchpoint’s servers.

Figure 1 shows an example of what you might see.

Understanding how to run this tool, and what all the different information displayed when you run a traceroute command means, will help you when troubleshooting various types of problems.

How to run the Traceroute command

Running a traceroute is very simple. The first step is to bring up a command prompt on your computer. The specific method to bring this up will depend on what operating system you are using. For Windows 10, for example, you can simply click on the start button and type CMD to bring up the options below.

Figure 2: Command Prompt options in Windows 10.

From here, simply click on the Command Prompt app to open it up. When your command prompt has loaded, just type the command tracert followed by the destination you want to use to run the test. For example, to run a test to catchpoint.com you would type tracert catchpoint.com and hit enter. (For Linux and macOS devices, you would type traceroute catchpoint.com instead.)

Available options for the Traceroute command

In most cases, the default traceroute command will give you the information you need. There are, however, some additional options that you can use to get more details or change how the command runs.

Accessing these options is done by adding in one or more option flags after the traceroute command and before the destination. On Windows-based machines, the flags for various options start with a “/”. For example: tracert /d catchpoint.com.

The following are the most commonly used options that you can choose from and what they do:

/d — This flag stops the attempt to resolve an IP address to a domain name at each hop. This can speed up the trace and provide you with a clear list of IPs at each hop that is not cluttered with full domain names.
/h — Use this flag to specify the maximum number of hops; the default is 30. Increasing this limit may be necessary for destinations that are far away. To set the maximum number of hops to 45, for example, you would type tracert /h 45 catchpoint.com .
/w — This sets the amount of time that the command will wait at a hop before timing out, measured in milliseconds. The default is 4 seconds (4,000 milliseconds). Type /w 6000, for example, to set the timeout to 6 seconds.
/4 or /6 — Using the /4 or /6 flag makes it so the traceroute command will only use either IPv4 or IPv6 hops for the command.
/h — This will bring up help information about the traceroute command.

{{banner-3="/design/banners"}}

How to read the results from a Traceroute

One of the best things about the traceroute tool is that once you learn how to read the results, you can understand the information it provides with just a quick glance. When you look at the example results of the traceroute listed above, you will see several key pieces of information.

The following table breaks down the key information you will see:

Hop Number	RTT Attempt 1	RTT Attempt 2	RTT Attempt 3	Hop Details
1	2ms	1ms	1ms	10.0.0.1
2	10ms	10ms	10ms	96.120.40.245
3	10ms	11ms	12ms	96.110.175.85

Table 1: Representation of traceroute results.

Hop Number

Hop Number	RTT Attempt 1	RTT Attempt 2	RTT Attempt 3	Hop Details
1	2ms	1ms	1ms	10.0.0.1
2	10ms	10ms	10ms	96.120.40.245
3	10ms	11ms	12ms	96.110.175.85

Table 2: Example of traceroute details highlighting the hop number column.

The first column just tells you which hop the trace is on. Whenever you access the Internet (or even data on an internal network), the data travels from one piece of hardware to another. These will typically be routers, but could also be switches, servers, or even computers. Each of these pieces of hardware that the data goes through is considered a hop.

The total number of hops that a connection goes through will depend on many factors, the most important of which is the physical locations where you run the command and the destination.

Round Trip Time (RTT) Results

Hop Number	RTT Attempt 1	RTT Attempt 2	RTT Attempt 3	Hop Details
1	2ms	1ms	1ms	10.0.0.1
2	10ms	10ms	10ms	96.120.40.245
3	10ms	11ms	12ms	96.110.175.85

Table 3: Example of traceroute results highlighting the round trip time (RTT) results.

The next three columns (Table 3) show the amount of time it took data to go from the source (typically your computer) to that hop and back. This is measured in milliseconds.

When running the traceroute command, you are sending data to each hop three times. The first column is the amount of time it took the first time, the second is for the second attempt, and the third is for the last attempt. When everything is running properly, the round-trip time for each attempt should be similar.

Hop Name and IP Address

Hop Number	RTT Attempt 1	RTT Attempt 2	RTT Attempt 3	Hop Details
1	2ms	1ms	1ms	10.0.0.1
2	10ms	10ms	10ms	96.120.40.245
3	10ms	11ms	12ms	96.110.175.85

Table 4: Explanation of traceroute results highlighting the hop details.

The final column is where the name, IP address, or other information about the hop is displayed. The information displayed here is determined by the settings on the hop itself.

Some devices are set to only display their IP addresses. Others will also display the device name or other information. In some cases, the owner of the device has set it up so that it will not reveal any information at all, in which case you will simply see an asterisk (*) for that particular hop.

Common problems discovered with Traceroute

You can use this command to look for a variety of different types of network issues to determine what types of problems may be present based on the results displayed.

Asterisks (Timeouts) at various points

The most common issue you will see with a traceroute is a timeout response, which is represented by an asterisk (*). These happen quite frequently and for a variety of different reasons. In the following example, you can see multiple hops have asterisks when attempting to run a traceroute to google.com.

When you see an asterisk, it will mean one of the following things:

Single Asterisk on a Hop: This means that the request timed out on just one of the three attempts. This can be a sign that there is an intermittent problem at that hop.
Three Asterisks, Then Failure: If you see all three attempts at a hop have asterisks and then the traceroute errors out, it means that the hop is completely down.
Three Asterisks, Then Success: If you see three attempts at a hop failing but then the rest of the traceroute continues without an issue, that is actually not a problem at all. This simply means that (as mentioned earlier) the device at that hop is configured not to respond to pings or traceroutes so the attempt times out.

Elevated latency after one hop

If everything looks fine for several hops but then the response times jump up significantly at one point and each hop after that remains high, it likely means a problem either at that hop or on the connection between it and the previous one. Since the connection from you to each successive hop has to go through that one, they will all be impacted by the latency it is causing.

If you can identify where that hop is located, you can work with the owner of that connection to troubleshoot the problem. The issue will most often be with their data circuit.

If you do not know the owner of that connection and this latency is causing significant problems, you may be able to work with your Internet service provider to have your traffic routed around that point.

One hop of elevated latency

If you see one hop that has an elevated response time but then the rest of the hops return to normal, this is not anything to be concerned about. It simply means that the device at that hop is configured so that responding to traceroutes is a low priority, which causes this type of delay. While there may appear to be latency on the traceroute, that slowness will not impact normal internet traffic.

Alternatives to Traceroute

There is no doubt that the traceroute command is one of the most frequently used tools when troubleshooting connectivity issues. In many cases, it will provide you with the exact information you need to rule out a specific problem. If you need additional information or more complex options, you will want to turn to advanced tools such as Catchpoint’s Network Observability tool.

Our Network Observability tool will provide you with the same helpful information that you can find with traceroute and much more. For example, you can take advantage of DNS, CDN, and BGP monitoring to get detailed information about the connectivity between two (or more) points. You will also be able to keep the data over time so that it can be referenced if needed.

For most network administrators, help desk support people, and other individuals who engage in this type of troubleshooting, having access to both the simplicity of traceroute and the functionality of Catchpoint’s Network Observability tool is the perfect balance.

{{banner-sre="/design/banners"}}

Get started with Traceroute today

Anyone who wants to be able to troubleshoot connectivity issues over a public network will need to understand how to use the traceroute command. While it is not complex, it does take some getting used to.

Taking the time to experiment with the various traceroute options and learning how to understand the results generated from this command will provide essential understanding for those working anywhere in the IT industry.

Chapters

Network Admin’s Guide to Synthetic Monitoring

See how Network Administrators are using Active Monitoring - Synthetic Monitoring - as the basis for building a strong digital observability strategy.

Internet Exchange Point

In our overview article, you’ll learn about tiers of Internet Service Providers (ISP), Autonomous Systems (AS), and the Internet Exchange Points (IXP) ISPs use to exchange traffic via the BGP routing protocol. You’ll also be given some context for related technologies (such as SD-WAN and IPv6) and troubleshooting tools (such as ping and traceroute).

IP Transit

This chapter tackles the ISP arrangement known as “IP transit,” which is used to transport traffic to its destination, and understand how it differs from IP peering. You’ll also learn about supporting concepts like AS path, dual-homing, BGP communities, and Resource Public Key Infrastructure (RPKI), which helps protect against threats such as BGP leaks and hijacking

The Benefits and Challenges of SD-WAN Architecture

Software-defined wide area networks (SD-WAN) are the most popular way to connect remote corporate networks. In this article, we present the benefits and challenges of SD-WANs, and compare SD-WANs to dedicated connections based on the Multiprotocol Label Switching (MPLS) protocol.

Free Online Network Tools Every Engineer Should Bookmark

Put your newfound knowledge to use by accessing 16 free online tools. Each tool has a specific and useful functionality, such as testing website speeds from global locations, checking MX records, performing Organizationally Unique Identifier (OUI) lookups, browsing the most updated BGP route servers list on the internet, and more.

SD-WAN vs MPLS

Learn the differences between Software-defined wide area networks (SD-WAN) and Multiprotocol Label Switching (MPLS) protocol in supporting your multi-site connectivity. In this article, we provide tabular side-by-side comparison, and explain the pros, cons and benefits of each solution.

MQTT Broker

Introduction page blurb: MQTT is a lightweight protocol that supports the Internet of Things (IoT). This article explains the functionality of its central hub known as the MQTT broker, compares its various implementations, and reviews its use cases, features, and best practices.

Inter-VLAN Routing

Learn why inter-VLAN routing is required, understand the different models used for implementing it, and follow examples to configure it.

DNS sinkhole

A DNS sinkhole is used to block malicious DNS requests. In this article, learn how the DNS sinkhole works, understand its limitations and best practices, and follow step by step instructions for setting it up.

How to Read a Traceroute

Learn how to run a traceroute command, interpret the results, and understand the common problems that it reveals.

Switching Loops

Understand how switching loops are created and learn the best practices for preventing them using the spanning tree protocol and portfast mode.

SD-WAN Security

Learn the best practices for designing and implementing SD WAN security including Internet Key Exchange (IKE), Authentication Headers (AH), and Encapsulating Security Payload (ESP).

IP Multicast

Learn multicast concepts and the different types of multicast forwarding path trees and multicast routing protocols by following examples.

DNS Tunneling

Learn how attackers conduct DNS tunneling by following their actions step by step and understand how you can detect it in time and prevent the attackers from succeeding.