What is Traceroute and How Does It Work?

The traceroute report lists data pertaining to every router the packets pass through as they head to their destination. The hops get numbered on the left side of the report window. Each line in the report has the domain name—if that was included—as well as the IP address belonging to the router.

There are also three measurements of time, displayed in milliseconds. These tell you the length of time to send the ICMP packets from your computer to that router and back.

A “hop” refers to the move data makes as it goes from one router to the next. The first hop within the report provides information about the first router, which would be on your local-area network (LAN). The hops that come after provide data about routers controlled by your internet service provider (ISP).

When the ICMP packets get beyond the ISP’s domain, they go to the general internet, and you will likely see that the hop times increase, typically due to geographical distance.

Sometimes, a traceroute has a hard time accessing a device. In these situations, it may show a message saying, “Request timed out,” along with an asterisk. This indicates that the router it reached was configured to deprioritize or automatically reject ICMP packets, which is done because ICMP is not categorized as essential traffic by many routers.

If you get several timeouts in a row, it can be because:

1. The packets arrived at a router with a firewall that prevents traceroute online requests.
2. The packets arrived at the subsequent router, but they were not able to return to the computer that sent them.
3. The router has a connection problem.

The physical distance between your computer and its final destination is one of the primary factors impacting hop times. This should be kept in mind while network troubleshooting. The bigger the distance, the longer the hop time. Another contributing factor is the kind of connection facilitating each hop. Computers with faster connections, such as those with Gigabit Ethernet (GE), will most likely provide faster hops than those with slower connections.

In addition, the way the data is delivered may make a difference. For example, if data is sent over a wireless router shared between several devices, the round-trip times can be slower than for one dedicated to a single computer via an Ethernet or fiber-optic connection.

High latency matters whenever you have data that needs to get to its destination without delay to facilitate adequate functionality. For example, if still images are being sent, the latency may not be a big factor. On the other hand, if you are making Voice over Internet Protocol (VoIP) calls or conducting videoconferences, latency can significantly impact the user experience.

You can also use the traceroute report to pinpoint issues with your internet service or network. For instance:

1. There can be an issue with your network setup if the round-trip times are high for the first entries in the report. If there is an issue, you can use Simple Network Management Protocol (SNMP) to diagnose the problem. This provides information about managed devices on your network. If you use a managed service provider (MSP), you can ask them about what can be causing the problem.
2. You may notice a drop in network speed, and this can be an issue with your service provider. Check your agreement with the ISP before reaching out to support, however, because the speed you are getting may be all that you are entitled to.
3. If you notice latency toward the end of the report, the issue is likely with the destination’s server. This can be your VoIP or videoconferencing provider, for example. If they have a tool like Cisco’s NetFlow, they may be able to pinpoint the issue. Your provider can also use synthetic application performance monitoring (APM) to isolate performance issues.

ICMP requests can be used to execute distributed denial-of-service (DDoS) attacks, which can bog down your website or force it to go offline. In a DDoS attack, instead of using ICMP for traceroute, the ICMP requests are used to tie up your site. 

With FortiDDoS, you are protected from the abuse of ICMP for DDoS assaults. FortiDDoS can identify unusual ICMP messages, then flag them so the attack can be stopped. FortiDDoS has protection profiles, a dashboard, global settings, and a simple graphical user interface (GUI) that makes it straightforward to use.

A traceroute provides a map of how data on the internet travels from your computer to its destination.

A traceroute works by sending Internet Control Message Protocol (ICMP) packets, and every router involved in transferring the data gets these packets. The ICMP packets provide information about whether the routers used in the transmission are able to effectively transfer the data.

Traceroute is helpful for figuring out the routing hops data has to go through, as well as response delays as it travels across nodes, which are what send the data toward its destination. Traceroute also enables you to locate points of failure.

The primary difference between ping and traceroute is that while ping simply tells you if a server is reachable and the time it takes to transmit and receive data, traceroute details the precise route, router by router, as well as the time it took for each hop.