Open Ticket 
+373 79 600002 
Telegram Live Chat 
F.A.Q 
English
Π ΡΡΡΠΊΠΈΠΉ 
RomΓ’nΔ 
Deutsch 
Français 
Türkçe 
EspaΓ±ol 
PortuguΓͺs 
Π£ΠΊΡΠ°ΡΠ½ΡΡΠΊΠ° 
Π±ΡΠ»Π³Π°ΡΡΠΊΠΈ 
Polski 
Indonesia 
δΈζ (δΈε½) 
Linux 
WindowsHow to Run a Traceroute on Windows, Mac, and Linux
A traceroute is a network diagnostic utility that maps the exact path IP packets travel from your machine to a target host, recording every intermediate router (hop) along the way and measuring the round-trip time (RTT) to each one. It is the single most effective tool for isolating whether a latency spike, packet loss, or routing anomaly originates within your local network, your ISP's infrastructure, a transit backbone, or the destination server itself.
When you run a traceroute, your system sends a series of probe packets with incrementally increasing TTL (Time To Live) values. Each router that decrements the TTL to zero returns an ICMP "Time Exceeded" message, revealing its identity and response time. This mechanism is what makes traceroute fundamentally different from a simple `ping` β it exposes the full routing topology, not just end-to-end reachability.
How Traceroute Works Under the Hood
Understanding the underlying mechanics prevents misinterpretation of results β a mistake even experienced administrators make.
- Windows (`tracert`) sends ICMP Echo Request packets by default.
- Linux and macOS (`traceroute`) send UDP datagrams to high-numbered ports (33434+) by default, though this is configurable.
- Each probe is sent three times per hop, producing three RTT measurements per line.
- A router that rate-limits or drops ICMP/UDP will show asterisks (`* * *`), but this does not necessarily mean the path beyond it is broken.
This behavioral difference between operating systems is critical: a hop that appears unresponsive on Linux may respond normally on Windows, simply because the router's ACL blocks UDP but permits ICMP.
How to Run a Traceroute on Windows
Step 1: Open Command Prompt
Press `Win + R`, type `cmd`, and press Enter. Alternatively, search for Command Prompt in the Start menu. For environments where ICMP is restricted, consider running as Administrator.
Step 2: Execute the Command
“`
tracert example.com
“`
Replace `example.com` with the target domain name or IP address. Windows resolves the hostname to an IP before sending the first probe.
Step 3: Read the Output
“`
Tracing route to example.com [93.184.216.34] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 192.168.0.1
2 10 ms 11 ms 10 ms 10.0.0.1
3 15 ms 16 ms 15 ms isp.gateway.net [203.0.113.1]
4 * * * Request timed out.
5 22 ms 21 ms 23 ms core1.backbone.net [198.51.100.5]
“`
Key `tracert` Options on Windows
| Flag | Function |
|---|
| — | — |
|---|
| `-d` | Skips reverse DNS lookups, significantly speeds up output |
|---|
| `-h <max_hops>` | Sets the maximum hop count (default: 30) |
|---|
| `-w <timeout>` | Sets the wait time in milliseconds per probe (default: 4000 ms) |
|---|
| `-4` | Forces IPv4 |
|---|
| `-6` | Forces IPv6 |
|---|
Example with options:
“`
tracert -d -h 20 -w 2000 example.com
“`
Pro tip: On Windows, `tracert -d` is the fastest way to get results when you only care about IP-level routing and not hostnames. Reverse DNS lookups can add several seconds per hop on congested networks.
How to Run a Traceroute on macOS
Step 1: Open Terminal
Press `Command + Space`, type Terminal, and press Enter. Or navigate to Applications > Utilities > Terminal.
Step 2: Execute the Command
“`
traceroute example.com
“`
macOS ships with `traceroute` pre-installed as part of its BSD networking toolkit. No additional installation is required.
Step 3: Read the Output
“`
traceroute to example.com (93.184.216.34), 64 hops max, 52 byte packets
1 192.168.0.1 (192.168.0.1) 1.206 ms 0.930 ms 0.799 ms
2 10.0.0.1 (10.0.0.1) 10.123 ms 10.456 ms 10.678 ms
3 isp.gateway.net (203.0.113.1) 15.789 ms 15.012 ms 15.234 ms
“`
Notice that macOS defaults to 64 hops max versus Windows' 30 β relevant when tracing paths to geographically distant or complex network destinations.
Key `traceroute` Options on macOS
| Flag | Function |
|---|
| — | — |
|---|
| `-n` | Suppresses hostname resolution, shows raw IPs only |
|---|
| `-q <nqueries>` | Changes the number of probes per hop (default: 3) |
|---|
| `-m <max_ttl>` | Sets maximum TTL / hop count |
|---|
| `-w <waittime>` | Timeout in seconds per probe |
|---|
| `-I` | Uses ICMP Echo instead of UDP (useful when UDP is blocked) |
|---|
| `-T` | Uses TCP SYN probes (requires root; bypasses many firewalls) |
|---|
Example β ICMP mode to bypass UDP filtering:
“`
sudo traceroute -I example.com
“`
Example β TCP SYN mode on port 80 (most firewall-friendly):
“`
sudo traceroute -T -p 80 example.com
“`
How to Run a Traceroute on Linux
Step 1: Open Terminal
Press `Ctrl + Alt + T` or locate the terminal in your application launcher.
Step 2: Install `traceroute` if Needed
On many minimal or server-grade Linux distributions, `traceroute` is not installed by default.
Debian / Ubuntu:
“`
sudo apt-get install traceroute
“`
CentOS / RHEL / AlmaLinux / Rocky Linux:
“`
sudo yum install traceroute
“`
Fedora:
“`
sudo dnf install traceroute
“`
Arch Linux:
“`
sudo pacman -S traceroute
“`
Step 3: Execute the Command
“`
traceroute example.com
“`
Step 4: Read the Output
“`
traceroute to example.com (93.184.216.34), 30 hops max, 60 byte packets
1 192.168.0.1 (192.168.0.1) 0.728 ms 0.457 ms 0.373 ms
2 10.0.0.1 (10.0.0.1) 9.862 ms 9.946 ms 10.123 ms
3 isp.gateway.net (203.0.113.1) 14.987 ms 14.123 ms 15.456 ms
“`
Key `traceroute` Options on Linux
| Flag | Function |
|---|
| — | — |
|---|
| `-n` | Disables reverse DNS resolution |
|---|
| `-I` | Sends ICMP Echo probes (requires root) |
|---|
| `-T` | Sends TCP SYN probes (requires root) |
|---|
| `-U` | Sends UDP probes (default behavior) |
|---|
| `-p <port>` | Specifies the destination port |
|---|
| `-m <max_ttl>` | Maximum number of hops |
|---|
| `-q <nqueries>` | Number of probes per hop |
|---|
| `-A` | Prints AS (Autonomous System) numbers alongside each hop |
|---|
The `-A` flag is particularly powerful for diagnosing inter-AS routing issues β it shows which ISP or network operator owns each hop, letting you pinpoint exactly where a handoff between carriers is causing latency.
“`
traceroute -A example.com
“`
`mtr` β The Superior Alternative on Linux
For ongoing or interactive diagnostics, `mtr` (Matt's Traceroute) combines `ping` and `traceroute` into a continuously refreshing display. It is the preferred tool among network engineers for real-time packet loss analysis.
“`
sudo apt-get install mtr
mtr example.com
“`
`mtr` accumulates statistics over time, making intermittent packet loss visible β something a single-pass `traceroute` will miss entirely.
Cross-Platform Comparison: tracert vs. traceroute
| Feature | Windows (`tracert`) | macOS (`traceroute`) | Linux (`traceroute`) |
|---|
| — | — | — | — |
|---|
| Default probe protocol | ICMP Echo Request | UDP | UDP |
|---|
| Default max hops | 30 | 64 | 30 |
|---|
| Default probes per hop | 3 | 3 | 3 |
|---|
| Packet size (default) | 40 bytes | 52 bytes | 60 bytes |
|---|
| ICMP mode | Default | `-I` flag (root) | `-I` flag (root) |
|---|
| TCP SYN mode | Not available natively | `-T` flag (root) | `-T` flag (root) |
|---|
| AS number lookup | Not available | Not available | `-A` flag |
|---|
| IPv6 support | `-6` flag | `traceroute6` command | `-6` flag |
|---|
| Built-in to OS | Yes | Yes | Often requires install |
|---|
Understanding Traceroute Output: A Technical Breakdown
Hop Number
Each line represents one router in the path. Hop 1 is almost always your default gateway (home router or LAN switch). Hop 2 is typically your ISP's first aggregation point.
Response Times (RTT)
Three RTT values are shown per hop. Healthy values generally follow a pattern of gradual increase as hops accumulate geographic distance. A sudden jump of 50+ ms at a specific hop that persists through all subsequent hops indicates a genuine bottleneck at that node.
Interpreting `* * *` (Asterisks)
Asterisks mean the probe timed out β the router did not return an ICMP response within the wait window. This is not automatically a problem. Many enterprise routers and backbone nodes deprioritize or silently drop ICMP/UDP probe packets for security reasons while still forwarding traffic normally. If the hops after the asterisks show normal RTTs, the path is intact.
High Latency at a Single Hop
If hop 7 shows 200 ms but hop 8 shows 25 ms, the 200 ms reading is almost certainly ICMP rate-limiting at hop 7's router β not a real bottleneck. The router is processing the probe at low priority while forwarding actual traffic at full speed. Always evaluate latency trends across the full path, not individual hops in isolation.
Asymmetric Routing
Traceroute only maps the forward path. Return packets may follow a completely different route. This means a latency spike you observe could originate on the return path, not the forward path shown. Tools like `traceroute` in both directions (from source and from destination) are needed for full visibility.
Routing Loops
If the same IP address appears at multiple consecutive hops, a routing loop exists. Packets are being forwarded between two routers indefinitely until TTL expires. This is a misconfiguration and will cause complete connectivity failure to that destination.
Common Traceroute Scenarios and What They Mean
Scenario 1: High latency starting at hop 2
Your ISP's first aggregation point is congested. This is outside your control. Document the output with timestamps and contact your ISP with evidence.
Scenario 2: All hops after hop 5 show `* * *` but the destination responds to ping
The destination's upstream routers block ICMP probes. Switch to TCP SYN mode (`-T -p 443`) to trace through firewalls.
Scenario 3: Latency spikes at a hop located in an unexpected country
Your traffic is being routed internationally before reaching a local destination β a BGP routing anomaly. This is common with misconfigured anycast or poorly peered ISPs.
Scenario 4: Traceroute completes but the website is still slow
The bottleneck may be server-side: overloaded CPU, slow application response, or database latency. Traceroute only measures network-layer performance. If you are hosting on a VPS and experiencing this, investigate server resource utilization with `top`, `htop`, or `vmstat`.
Scenario 5: Traceroute never completes (stops at a specific hop indefinitely)
A firewall is dropping your probes and the destination is unreachable. Confirm with `ping` to the destination. If ping also fails, the host is down or blocking all ICMP. If ping succeeds, only the probe protocol is blocked β switch protocols.
Traceroute for Server and Hosting Diagnostics
Traceroute is indispensable when diagnosing connectivity issues between your infrastructure and end users or between services. If you are running applications on a Dedicated Server, a traceroute from multiple geographically distributed vantage points reveals whether latency is localized to a specific region or ISP.
For web hosting environments managed through a control panel, tracing routes to your server's IP from the client side helps distinguish between a hosting-layer issue and a network-transit issue. Administrators using VPS with cPanel can cross-reference traceroute data with server-side access logs to build a complete picture of a connectivity complaint.
When diagnosing email delivery failures or SMTP timeouts, running a traceroute to your mail server's IP is a logical first step before investigating SPF/DKIM records. If you use a dedicated Email Hosting service, this helps confirm whether the issue is network-level or configuration-level.
For latency-sensitive workloads such as machine learning inference or rendering pipelines running on GPU Hosting, traceroute helps verify that the network path between your client and the GPU node is optimally routed with no unexpected transit hops.
Advanced Techniques: Online and Distributed Traceroute
Single-point traceroutes only show the path from your machine. For comprehensive network analysis:
- Looking Glass servers: Many ISPs and IXPs operate public looking glass servers that let you run traceroutes from their network edge, revealing the path from a carrier's perspective.
- BGP.tools / RIPE Atlas: Distributed measurement platforms that run traceroutes from hundreds of global vantage points simultaneously, exposing regional routing anomalies invisible from a single location.
- PathPing (Windows): A built-in Windows tool that combines `ping` and `tracert`, running continuous probes to each hop and computing packet loss statistics. Run with: `pathping example.com`
- WinMTR: A graphical Windows equivalent of `mtr`, providing real-time per-hop packet loss and latency statistics.
Practical Decision Matrix: Which Tool to Use
| Situation | Recommended Tool |
|---|
| — | — |
|---|
| Quick one-time path check on Windows | `tracert -d target` |
|---|
| Quick one-time path check on Linux/macOS | `traceroute -n target` |
|---|
| Ongoing/real-time packet loss analysis | `mtr target` |
|---|
| Target behind firewall blocking ICMP/UDP | `traceroute -T -p 443 target` (Linux/macOS) |
|---|
| Identifying which ISP owns each hop | `traceroute -A target` (Linux) |
|---|
| Diagnosing from multiple global locations | RIPE Atlas or BGP.tools |
|---|
| Windows continuous loss statistics | `pathping target` |
|---|
| Comparing forward and return paths | Run traceroute from both endpoints |
|---|
Key Technical Takeaways
- Always use `-n` or `-d` first to eliminate DNS resolution delays and get raw results faster.
- A hop showing `* * *` does not indicate a broken path β evaluate the hops that follow it.
- Latency at a single intermediate hop is frequently ICMP rate-limiting, not a real bottleneck.
- Switch probe protocols (ICMP, UDP, TCP SYN) when you encounter persistent timeouts β firewalls are protocol-selective.
- Use `mtr` instead of `traceroute` for any diagnostic session longer than a single check.
- Traceroute only reveals the forward path. Asymmetric routing requires bidirectional analysis.
- The `-A` flag on Linux traceroute adds AS number annotation, which is essential for multi-ISP routing analysis.
- Document traceroute outputs with timestamps when filing ISP support tickets β carriers require this data to investigate BGP-level issues.
Frequently Asked Questions
Why does traceroute show `* * *` for some hops but the destination is still reachable?
Routers along the path are configured to drop or rate-limit ICMP TTL-exceeded messages while continuing to forward traffic normally. This is a deliberate security and performance policy on most enterprise and carrier-grade routers. It does not indicate packet loss on the data path.
What is the difference between `tracert` on Windows and `traceroute` on Linux?
The core difference is the default probe protocol: `tracert` uses ICMP Echo Requests, while Linux/macOS `traceroute` uses UDP datagrams. This means they interact differently with firewalls and ACLs. Linux `traceroute` also supports TCP SYN probes and AS number lookups, which `tracert` does not.
How do I run a traceroute through a firewall that blocks UDP and ICMP?
Use TCP SYN mode with a port that is almost certainly open on the target, such as port 80 or 443: `sudo traceroute -T -p 443 example.com`. TCP SYN probes pass through most stateful firewalls because they resemble the beginning of a legitimate connection.
What does it mean when traceroute latency suddenly jumps and stays high for all remaining hops?
A persistent latency increase from a specific hop onward indicates a genuine bottleneck or congested link at that point in the path. This is distinct from a single-hop spike (which is usually rate-limiting). The sustained increase means all traffic is being delayed at that node or the link immediately after it.
Can traceroute diagnose slow website performance?
Traceroute diagnoses network-layer latency and routing issues only. If the network path looks clean but the website is still slow, the problem is server-side β application processing time, database query latency, or resource exhaustion. Use server monitoring tools alongside traceroute for a complete diagnosis.