The traceroute tool is a network diagnostic utility that discovers the network path available between two hosts. This command is essential for any network using the Internet Protocol suite. Along with ping, this tool identifies network issues like packet loss and poor routing.
In traceroute lingo, a hop is a router that forwards traffic between two endpoints. The information reported per hop generally includes IP address, DNS resolution, and a transmission time from the sender.
How to Run Traceroute
The command is available on all modern operating systems. To run it, the user should open the command prompt or terminal on their system.
In the Windows operating system, type “cmd” in the Run box to open the command prompt, then type tracert followed by the destination host or IP address.
For Macintosh or Linux, the user should open the terminal and type traceroute, followed by the destination host. After typing the command, the user should press Enter to execute it.
Here below we report the route tracing results to www.google.com including the round trip times to intermediate hops:
1 my.meraki.net (10.1.36.1) 10.140 ms 2.565 ms 3.272 ms
2 164.52.244.85 (164.52.244.85) 5.580 ms 4.006 ms 3.104 ms
3 64.58.254.226 (64.58.254.226) 4.069 ms 2.501 ms 5.308 ms
4 * * *
5 * * *
6 g-l3-60g.washingtondc.level3.net (4.68.71.186) 85.500 ms 9.336 ms 8.873 ms
7 108.170.246.1 (108.170.246.1) 10.156 ms 10.853 ms 13.887 ms
8 216.239.54.205 (216.239.54.205) 8.865 ms 9.400 ms 9.387 ms
9 iad30s08-in-f132.1e100.net (172.217.7.132) 9.145 ms 9.527 ms 12.434 msFor each result, the output reports:
- the hop number,
- the fully qualified domain name if available,
- the router’s IP address in parenthesis, and
- three RTT measurements.
By default, probes are sent using ICMP on Windows and UDP on Linux and Mac OS X. Either operating system also has the option to change the transport protocols.
Advanced options include reporting each hop’s Autonomous System, adjusting the probe packet’s Maximum Transmission Unit (MTU), and more.
By default, the utility sends three probes for each hop. As a result, trace route probes could discover more than one path. It will also return three RTT measurements for a specific hop.
How does traceroute work?
To discover the network topology, the utility uses the Internet Control Message Protocol (ICMP) Time Exceeded message. A host returns this Internet Protocol message to the sender when it receives an IP packet with Time To Live (TTL) set to 1.
When that happens, the router discards the packet, and sends an ICMP Time Exceeded message to the source IP address. This notifies the source that the router discarded the packet.
This mechanism helps IP networks avoiding routing loops. Routing loops occur when routers forward packets endlessly. In its current implementation, the maximum TTL value in IPv4 packets is 255.
TTL works the following way: when a router or host receives a packet, it decrements the TTL value by one. When a router receives a packet with TTL equal to 1, its time has exceeded. The router or host will discard the packet and send an ICMP error message Time Exceeded (Code 11) to the source. This mechanism prevents routing loops, which can cause issues similar to broadcast storms, common in layer two switching.
Example of a Time Exceeded packet notification as captured with tcpdump:
IP my.meraki.net > 10.1.36.5: ICMP time exceeded in-transit, length 60Example of a traceroute run
Let’s see what happens when you run a traceroute or tracert command. To discover the first hop, the command sends a UDP packet with a TTL equal to one. The first router to receive the packet inspects the TTL, reduces by one, and sends a Time Exceeded back to the source.
To discover the second hop, the utility sends a new UDP packet with the TTL set to two, and so on. Hop by hop, the command builds the list of routing hops to destination, including the round trip time to them.
The command terminates when it either reaches the destination host, or it reaches the maximum number of hops set. By default, most implementations set the maximum number to 30 hops. The user can change this value via the command line.
Traceroute Limits
Traceroute has limitations that can affect its ability to accurately map the network infrastructure. Network engineers should be aware of two main limitations when using this command.
Unresponsive hops: the notorious *
When a router doesn’t respond, an asterisk will appear instead of its IP address. As an example of this behavior, you can review hops number 4 and 5 of the example shown above. This can happen for different reasons …
The most common reason for an unresponsive hops are firewalls. Network administrators block the trace route probe packets from the source or the ICMP Time Exceeded packets from the hop. Another reason is virtual routers or other network devices that don’t process or support ICMP packets.
If a firewall blocks the probe packets, the user can change the destination UDP port or try different transport protocols (ICMP, TCP, or UDP). Certain firewalls may block all traffic, leaving limited options in such cases.
Using Traceroute in NetBeez
NetBeez supports the traceroute command to discover the hop count between a source agent and a destination hot. The dashboard lets the user select common options, including the preferred transport protocol (TCP, UDP, or ICMP). This multi-protocol support helps bypass firewall rules and network settings that may block specific types of traffic. The output data includes network latency, IP, FQDN, and MTU per hop (when using UDP or ICMP as the transport protocol).
Here’s a quick screenshot of a traceroute output in NetBeez:
Output of a traceroute results on the NetBeez network monitoring dashboard.
Conclusion on traceroute
Traceroute remains a fundamental network testing tool for network engineers. With it, IT professionals diagnose connection issues more effectively and optimize network performance. This tool is invaluable for troubleshooting latency, packet loss, and routing problems. As networks become more complex, tools like traceroute help maintain visibility and ensure reliable performance across distributed environments.
NetBeez collects real-time performance data from distributed agents, offering end-to-end visibility across complex network environments. Unlike traditional traceroute, which provides a snapshot in time, NetBeez delivers ongoing network path analysis, packet loss detection, and latency monitoring. The tool enables network engineers to detect and resolve issues before they impact end users.
