traceroute Command: Tutorial & Examples

Display the network path to a host

The traceroute command is a command-line utility used to trace the path that network packets take from the source host to a destination host. It works by sending packets with increasingly high "time to live" (TTL) values and monitoring the responses that are returned. The basic syntax of the command is traceroute [options] hostname.

When traceroute is run, it sends a series of packets to the destination host with a TTL value of 1. The first router in the path decrements the TTL value by 1, discarding the packet and sending an ICMP Time Exceeded message back to the source host. traceroute then repeats the process, incrementing the TTL value by 1 each time, until the destination host is reached.

As the packets are passed through each router, the IP address of the router and the time it takes for the packet to pass through that router is recorded. This information is then displayed, showing the route taken by the packets and the amount of time it took to pass through each router.

Here is an example of what the output of the traceroute command might look like when run on a Linux system:

traceroute www.example.com
traceroute to www.example.com (192.0.2.1), 30 hops max, 60 byte packets
1  192.168.1.1 (192.168.1.1)  1.936 ms  1.811 ms  1.828 ms
2  10.1.1.1 (10.1.1.1)  4.902 ms  4.874 ms  4.859 ms
3  10.2.2.2 (10.2.2.2)  9.732 ms  9.706 ms  9.689 ms
4  74.125.31.81 (74.125.31.81)  15.782 ms  15.766 ms  15.749 ms
5  74.125.31.77 (74.125.31.77)  20.741 ms  20.724 ms  20.707 ms
6  216.239.46.129 (216.239.46.129)  25.689 ms  25.672 ms  25.655 ms
7  216.239.46.133 (216.239.46.133)  30.637 ms  30.620 ms  30.603 ms
8  108.170.241.1 (108.170.241.1)  35.585 ms  35.568 ms  35.551 ms
9  192.0.2.1 (192.0.2.1)  40.534 ms  40.517 ms  40.500 ms

In this example, the traceroute command is run to trace the path from the source host to the destination host www.example.com with IP address 192.0.2.1. The output shows that the packet passed through 9 routers to reach the destination host. Each line of the output shows the hop number, the IP address of the router, and the time it took for the packet to pass through that router.

The first hop is the router at IP address 192.168.1.1, which took 1.936 milliseconds to pass through. The second hop is the router at IP address 10.1.1.1, which took 4.902 milliseconds to pass through. This continues until the final hop, which is the destination host itself.

It is important to note that the traceroute will not reach the final destination if there is a firewall in the path that blocks ICMP packets, in that case a * will be shown in the output to indicate that the packet was not received.

The -I option can be used to use ICMP ECHO instead of UDP datagrams, which is useful when the destination host has firewalls that block UDP traffic. The -m option can be used to set the maximum number of hops to search for the target, and -w option can be used to set the time to wait for a response before giving up.

traceroute is a useful tool for troubleshooting network problems, as it can help identify the specific router or link that is causing a problem. It is also useful for understanding the path that network traffic takes through a network and for measuring the performance of different parts of a network.

Except where otherwise noted, content on this site is licensed under a CC BY-SA 4.0 license CC BY SA