← Return to Blog Archive

Everything You Need to Know About traceroute and tracert

Published on September 5, 2025 by Naveen Bose

When your internet feels slow or a website won’t load, ever wonder where the problem really is? Is it your router, your ISP, or something miles away on the internet? That’s exactly what traceroute (on Linux/Mac) and tracert (on Windows) are for. These tools follow your data packets hop-by-hop across the internet, showing you exactly where the delays or drops are happening.

Visual representation of a traceroute path

Why Do You Even Need This?

The internet isn’t a single, straight line—it’s a massive web of connected routers and networks. Before your data gets to a website, it might pass through dozens of devices. If even one of those routers is overloaded or misconfigured, it can mess up your whole connection.

Traceroute helps you:

  • See the Path: It reveals the exact route your packets take.
  • Spot Bottlenecks: It shows you where the connection slows down.
  • Find Packet Loss: It tells you if a router is dropping your data.

How Does It Actually Work? The TTL Trick

Traceroute uses a clever trick with the TTL (Time To Live) field in IP packets. TTL is basically a countdown timer to prevent packets from getting stuck in an endless loop.

  1. Every router the packet passes through decreases the TTL by 1.
  2. When the TTL hits zero, the router drops the packet and sends back an ICMP "Time Exceeded" message.

Traceroute exploits this by sending out probes with increasing TTLs:

  • TTL = 1: The first router in the path gets the packet, the TTL hits zero, and it sends a message back. Hop 1 revealed.
  • TTL = 2: The packet passes the first router, but the second router stops it. Hop 2 revealed.
  • ...and so on, until it reaches the final destination.
  • The final hop is a little different depending on your system. Windows tracert uses ICMP (like a ping), while Linux/Mac traceroute uses UDP packets by default. The Linux version is more flexible—you can easily switch it to ICMP (-I) or TCP (-T) if you need to.
Traceroute on Windows
Screenshot of tracert command on Windows
Traceroute on Linux
Screenshot of traceroute command on Linux

Why Do You See Three Times (e.g., 41 ms 36 ms 39 ms)?

A colleague asked me this, and it’s a great question. By default, most traceroute tools send three probe packets to each hop. That’s why you see three round-trip times (RTTs) listed for every router.

This helps you judge the stability of that hop. If the three times are close together, the connection there is stable. If they are all over the place or you see asterisks (*), it could be a sign of a problem. For example, if you see 41 ms 36 ms 39 ms, you know that hop is working fine. However, you can change this default with the –q option in traceroute (in Windows, there is no direct option for this).

Why do asterisks (***) show on some hops?

Seeing asterisks doesn't always mean there's a catastrophic failure. Common reasons include:

  • Most firewalls on devices are configured to not respond to ICMP packets.
  • Routers are often configured with QoS (Quality of Service) to prioritize actual user traffic over diagnostic packets.
  • Asymmetric routing (where the return path is different from the outbound path) can sometimes mislead the results.

Useful Traceroute Flags

  • -4 or -6: Forces traceroute to use either IPv4 or IPv6.
  • -m max_ttl: Sets the maximum number of hops (max TTL) before giving up. The default is usually 30.
  • -f first_ttl: Tells traceroute to start at a specific hop number instead of 1.
  • -n: Don't resolve IP addresses to hostnames. This can make the trace run much faster.
  • -q nqueries: Sets the number of probe packets sent to each hop (e.g., -q 5).
  • -p port: Sets the destination port for UDP or TCP probes.

Reference: GeeksForGeeks - Traceroute Command in Linux

Beyond Traceroute: MTR

While not installed by default, MTR (My TraceRoute) combines traceroute and ping. It continuously updates latency and packet loss stats for each hop, making it much easier to spot ongoing issues. On Windows, the equivalent is a third-party tool called WinMTR.

Animation showing MTR results updating

Conclusion

Traceroute and tracert are more than just old-school utilities—they’re windows into the hidden highways of the internet. By sending controlled probes, they map the journey of your packets, hop by hop, and help you pinpoint where trouble might begin. Next time your connection slows, don’t just restart your router. Fire up traceroute and see the secret road trip your packets are taking.