Skip to content Skip to navigation Skip to footer

What is Traceroute: What Does it Do & How Does It Work?

联系我们

When you connect with a website, the data you get must travel across multiple devices and networks along the way, particularly routers. A traceroute provides a map of how data on the internet travels from its source to its destination. 

A traceroute plays a different role than other diagnostic tools, such as packet capture, which analyzes data. Traceroute differs in that it examines how the data moves through the internet. Similarly, you can use Domain Name System time to live (DNS TTL) for tracerouting, but DNS TTL addresses the time needed to cache a query and does not follow the data path between routers.

What does Traceroute Do?

A traceroute works by sending Internet Control Message Protocol (ICMP) packets, and every router involved in transferring the data gets these packets. The ICMP packets provide information about whether the routers used in the transmission are able to effectively transfer the data.

What is Traceroute Used For?

An Internet Protocol (IP) tracer is helpful for figuring out the routing hops data has to go through, as well as response delays as it travels across nodes, which are what send the data toward its destination. Traceroute also enables you to locate where the data was unable to be sent along, known as points of failure. You can also perform a visual traceroute to get a visual representation of each hop.

How To Run a Traceroute, Explained

To run traceroute on a Mac or Linux system, do the following:

  • Open up an instance of Terminal.
  • Type in the phrase “traceroute [hostname]” and press enter.

On a Windows system, you can:

  • Go to the Start menu.
  • Select Run.
  • Type in “cmd” and then hit “OK.” This initiates a command prompt.
  • Type in “tracert [hostname]” and press enter.

The term “hostname” or host is the website you are interested in or the IP address of a server, router, or device. The traceroute reports on this destination point. After the traceroute is done, it terminates on its own.

How To Read a Traceroute Report

Hops and Round Trip Times (RTT)

The traceroute report lists data pertaining to every router the packets pass through as they head to their destination. The hops get numbered on the left side of the report window. Each line in the report has the domain name—if that was included—as well as the IP address belonging to the router.

There are also three measurements of time, displayed in milliseconds. These tell you the length of time to send the ICMP packets from your computer to that router and back.

Typical Hop Sequence

A “hop” refers to the move data makes as it goes from one router to the next. The first hop within the report provides information about the first router, which would be on your local-area network (LAN). The hops that come after provide data about routers controlled by your internet service provider (ISP).

When the ICMP packets get beyond the ISP’s domain, they go to the general internet, and you will likely see that the hop times increase, typically due to geographical distance.

Do You See an Asterisk? What Does It Mean?

Sometimes, a traceroute has a hard time accessing a device or is unreachable. In these situations, it may show a message saying, “Request timed out,” along with an asterisk. This indicates that the router it reached was configured to deprioritize or automatically reject ICMP packets, which is done because ICMP is not categorized as essential traffic by many routers.

If you get several timeouts in a row, it can be because:

  1. The packets arrived at a router with a firewall that prevents traceroute online requests.
  2. The packets arrived at the subsequent router, but they were not able to return to the computer that sent them.
  3. The router has a connection problem.

What Is the Difference Between Ping and Traceroute?

The primary difference between ping and traceroute is that while ping simply tells you if a server is reachable and the time it takes to transmit and receive data, traceroute details the precise route info, router by router, as well as the time it took for each hop.

Are Traceroute and Tracert the Same?

Traceroute and tracert accomplish the same general function. The only significant difference is that the command is “traceroute” on Mac and Linux systems and “tracert” on a Windows system.

Troubleshooting with Traceroute

What Factors Impact Hop Times?

The physical distance between your computer and its final destination is one of the primary factors impacting hop times. This should be kept in mind while network troubleshooting. The bigger the distance, the longer the hop time. Another contributing factor is the kind of connection facilitating each hop. Computers with faster connections, such as those with Gigabit Ethernet (GE), will most likely provide faster hops than those with slower connections.

In addition, the way the data is delivered may make a difference. For example, if data is sent over a wireless router shared between several devices, the round-trip times can be slower than for one dedicated to a single computer via an Ethernet or fiber-optic connection.

When Does High Latency Matter?

High latency matters whenever you have data that needs to get to its destination without delay to facilitate adequate functionality. For example, if still images are being sent, the latency may not be a big factor. On the other hand, if you are making Voice over Internet Protocol (VoIP) calls or conducting videoconferences, latency can significantly impact the user experience.

You can also use the traceroute report to pinpoint issues with your internet service or network. For instance:

  1. There can be an issue with your network setup if the round-trip times are high for the first entries in the report. If there is an issue, you can use Simple Network Management Protocol (SNMP) to diagnose the problem. This provides information about managed devices on your network. If you use a managed service provider (MSP), you can ask them about what can be causing the problem.
  2. You may notice a drop in network speed, and this can be an issue with your service provider. Check your agreement with the ISP before reaching out to support, however, because the speed you are getting may be all that you are entitled to.
  3. If you notice latency toward the end of the report, the issue is likely with the destination’s server. This can be your VoIP or videoconferencing provider, for example. If they have a tool like Cisco’s NetFlow, they may be able to pinpoint the issue. Your provider can also use synthetic application performance monitoring (APM) to isolate performance issues.

How Fortinet Can Help

ICMP requests can be used to execute distributed denial-of-service (DDoS) attacks, which can bog down your website or force it to go offline. In a DDoS attack, instead of using ICMP for traceroute, the ICMP requests are used to tie up your site. 

With FortiDDoS, you are protected from the abuse of ICMP for DDoS assaults. FortiDDoS can identify unusual ICMP messages, then flag them so the attack can be stopped. FortiDDoS has protection profiles, a dashboard, global settings, and a simple graphical user interface (GUI) that makes it straightforward to use.

FAQs

What is traceroute?

A traceroute provides a map of how data on the internet travels from your computer to its destination.

How does traceroute work?

A traceroute works by sending Internet Control Message Protocol (ICMP) packets, and every router involved in transferring the data gets these packets. The ICMP packets provide information about whether the routers used in the transmission are able to effectively transfer the data.

What is traceroute used for?

Running traceroute is helpful for figuring out the routing hops data has to go through, as well as response delays as it travels across nodes, which are what send the data toward its destination. Traceroute also enables you to locate points of failure.

What is the difference between ping and traceroute?

The primary difference between ping and traceroute is that while ping simply tells you if a server is reachable and the time it takes to transmit and receive data, traceroute details the precise route, router by router, as well as the time it took for each hop.