When a website is slow or won't load, it's not enough to just know "the server is slow"—you need to understand exactly where on the path from you to the server the delay is happening. It could be your ISP, an international backbone, the server itself, or something in between. Traceroute shows every "hop" along that path.
This guide explains how traceroute works, how to read the output, what asterisks and high latencies mean, and how to use this information to diagnose problems. Includes real-world examples and use cases.
What Is Traceroute?
Traceroute is a command that shows the complete path packets take from your computer to a destination server. Each packet passes through multiple routers, and traceroute displays each one: IP address, hostname, and response time (latency).
Simple Output Example:
traceroute example.com
1 192.168.1.1 (192.168.1.1) 1.234 ms 1.289 ms 1.156 ms
2 203.0.113.1 (203.0.113.1) 14.523 ms 14.456 ms 14.589 ms
3 198.51.100.1 (198.51.100.1) 23.123 ms 23.245 ms 23.089 ms
4 * * *
5 151.101.1.1 (151.101.1.1) 45.678 ms 45.734 ms 45.812 ms Here are 5 hops to the final server. Hop 4 doesn't respond (asterisks) — likely a firewall blocking ICMP.
How Traceroute Works (Behind the Scenes)
Step 1: TTL (Time To Live) Incrementing
Every IP packet has a "TTL" field—a counter for how long the packet can travel. Usually starts at TTL=64 or TTL=255. Each router the packet passes through decrements TTL by 1. When TTL reaches 0, the router discards the packet and sends back an ICMP error message.
Traceroute uses this: it sends the first packet with TTL=1. The first router decrements to TTL=0, discards it, and sends an error. The second packet with TTL=2 passes the first router, reaches the second, TTL becomes 0, the second router sends an error. And so on.
Step 2: Triple Probing
Traceroute doesn't send just one packet with each TTL, but THREE. This shows latency consistency. If three times are 14.5, 14.4, 14.6—the hop is stable. If 14.5, 50.0, 14.6—the hop is unstable (packet loss or congestion).
Step 3: Collecting Responses
When a router sends an ICMP error message, traceroute extracts: the router's IP address, hostname (if reverse DNS is configured), and the time in milliseconds it took to respond. All together—one line of output.
Technical explanation: Traceroute uses ICMP Echo Request (on Unix/macOS) or UDP packets (on some systems). Windows uses ICMP. When TTL=0, the router sends an ICMP Time Exceeded message containing its IP. This signals that the packet "passed through" that hop.
How to Read Traceroute Output
Output Columns
Hop number: sequential number (1, 2, 3...), first is your local gateway
Hostname: router's domain name (if reverse DNS is configured), often empty
IP address: the actual IP address of this router
Latency x3: three values in milliseconds (ms)—response time for each of three probes
Each hop receives three separate requests. If you see 14.5 14.6 14.4 — it means all three packets responded in ~14.5ms, the hop is stable. If 14.5 * 14.6 — one packet was lost.
What Asterisks (*) Mean
An asterisk means this hop didn't respond within the timeout (usually 5 seconds). Reasons:
1. Firewall blocks ICMP — most common cause. Many corporate routers don't respond to ICMP for security reasons.
2. Router simply doesn't respond — some routers are configured not to send Time Exceeded messages
3. Real packet loss — router is overloaded, packet loss on this link
4. High latency — packet simply takes long to arrive, but may respond later
Golden rule: if you see * * * on a single hop, but the following hops respond—this is ICMP filtering, not a real problem. If all hops after a certain point show * * *, this could be a real break in connectivity.
What Growing Latency Means
Usually latency grows with each hop. Hop 1 might be 1ms (you locally), hop 5 might be 50ms. That's normal—farther from you = longer to reach. But a sudden jump can indicate a problem:
1 1.234 ms
2 14.523 ms
3 23.123 ms
4 * * *
5 45.678 ms
6 55.000 ms
7 100.000 ms ← jump of 45ms
8 101.000 ms If hop 7 suddenly became 45ms slower than hop 6, that could be a congested link or problematic router. Track the first hop where the jump occurs.
Real-World Problems and What They Look Like
Example 1: Last-Mile Issue (Final ISP)
1 1.234 ms
2 14.523 ms
3 23.123 ms
4 45.678 ms
5 1500.000 ms ← jump to 1.5 seconds
6 1500.000 ms The final hop to the server is suddenly slow. Could be your ISP, an overloaded line, or poor data-center connection. Contact your ISP.
Example 2: International Backbone Congestion
1 1.234 ms
2 14.523 ms
3 23.123 ms
4 45.678 ms
5 145.678 ms ← jump of 100ms (transatlantic link)
6 150.000 ms A 100ms jump often indicates crossing an intercontinental link (e.g., transatlantic cable). That's normal, but if hop 5 should be in Europe and it's in the USA—that's wrong routing. Check AS numbers in WHOIS.
Example 3: Intermittent Packet Loss
5 45.000 ms 45.123 ms * ← one packet lost
6 56.000 ms * 56.234 ms ← one packet lost
7 67.000 ms 67.100 ms 67.050 ms Random packet loss on hops 5-6 indicates an unstable link. That hop is overloaded or has equipment issues. If you see this pattern, the application will experience random delays and retransmits.
Example 4: Complete Block (Hop Not Responding)
1 1.234 ms
2 14.523 ms
3 23.123 ms
4 * * *
5 * * *
6 * * * If all hops after a certain point are asterisks, it could be a real outage. Check:
1. Is the target server accessible at all (ping the final address) 2. Could a firewall be blocking (ask your data-center admin) 3. Is there a BGP hijack or routing to nowhere
How to Run Traceroute on Different OS
macOS and Linux
traceroute example.com # ICMP (standard)
traceroute -U example.com # UDP on port 33434
traceroute -P tcp example.com # TCP (if ICMP is blocked)
mtr -c 100 example.com # real-time monitoring (MTR)
MTR is better than regular traceroute for diagnostics—shows packet loss and stats in real-time. Install: brew install mtr on macOS, apt install mtr on Linux.
Windows
tracert example.com # built-in traceroute
tracert -h 30 example.com # maximum 30 hops
tracert -d example.com # without resolving hostnames (faster)
On Windows, the command is tracert (not traceroute). Windows uses ICMP by default. For a better experience, download WinMTR.
Online Tools (No Installation)
Use AtomPing Traceroute Tool to quickly check the path to a server without installation. Just enter a hostname or IP.
Traceroute vs Ping vs MTR
| Tool | What It Shows | When to Use |
|---|---|---|
| Ping | Only round-trip time to the final server | Quick check if server is accessible at all |
| Traceroute | Full path with all hops and latency | Pinpoint exactly where delay or packet loss is |
| MTR | Traceroute + real-time loss statistics | Diagnose intermittent issues and packet loss patterns |
Diagnostics Workflow:
1. ping server.com → server accessible?
2. traceroute server.com → where is latency? asterisks?
3. mtr -c 100 server.com → which hop is unstable? packet loss where?
Interpreting Results
Normal Result
• Latency grows gradually (1ms → 14ms → 25ms → 50ms)
• No growing asterisks
• Last hop responds (that's the target server)
• Three times for each hop are close to each other
Problematic Result
• Sudden latency jump on one hop
• Many asterisks (especially at the start)
• Inconsistent times (14ms, 50ms, 15ms on one hop)
• Last hop doesn't respond (server off or blocking)
What to Do If You See a Problem
If latency jump at hop X:
• Note the hop's IP from traceroute
• Use WHOIS/ASN lookup to find who owns that hop
• If it's your ISP, contact them
If many asterisks at the start:
• Often firewall filtering (normal)
• Verify hops AFTER asterisks respond
• If all after are also asterisks—real problem
If inconsistent times:
• Run MTR with 100+ packets (mtr -c 200 server.com)
• Check MTR window which hop has packet loss %
• Blame the hop with loss, not the last one
Advanced Techniques
TCP Traceroute (When ICMP Is Blocked)
If regular traceroute shows asterisks everywhere, a firewall might be blocking ICMP. Try TCP traceroute:
traceroute -P tcp -p 443 example.com # TCP on port 443 (HTTPS) TCP is often allowed by firewalls even when ICMP isn't.
Tracking Over Time
If the problem is intermittent, run MTR multiple times and compare. Which hop is consistently slow? Which has packet loss at certain times?
watch -n 5 'mtr -c 10 example.com' # restart traceroute every 5 sec Monitoring with AtomPing
Instead of manually running traceroute each time, use AtomPing Traceroute Tool for saved results and history. You can even set alerts if latency jumps above a threshold.
Benefits:
• Save traceroute results for comparison
• See latency trends over time
• Share results with ISP support
• Get alert if a hop becomes slow
Summary
Traceroute is a powerful diagnostic utility to understand exactly where on the path to the target server delay or packet loss is happening.
• Ping = just "is server accessible"
• Traceroute = "which path do packets take and where is the delay"
• MTR = traceroute + real-time stats
• Asterisks = usually firewall filtering, but could be loss
• Latency jump = find the hop with jump, determine what it is, contact owner
• Intermittent issue = use MTR with 100+ packets, check packet loss %
Related Resources
AtomPing Traceroute Tool — quick online diagnostics for server path
Ping Monitoring & ICMP Guide — how ping and ICMP work
DNS Record Types Explained — how reverse DNS affects hostnames in traceroute
FAQ
What is traceroute and how does it work?
Traceroute is a network diagnostic tool that maps the path packets take from your computer to a destination (website, server, IP address). It works by sending packets with incrementally increasing TTL (Time To Live) values. Each router along the path decrements TTL by 1. When TTL reaches 0, the router discards the packet and sends back an ICMP error message containing the router's IP and response time. By sending packets with TTL 1, 2, 3, etc., traceroute collects responses from each router and displays the full path.
What do the columns mean in traceroute output?
Each line shows: (1) hop number (1-30), (2) router hostname (if available), (3) router IP address, (4) three latency measurements (in milliseconds) for three separate probes sent to each hop. Example: '2 router.isp.com (203.0.113.1) 14.523 ms 14.456 ms 14.589 ms' means hop 2 took ~14.5ms to respond. The three measurements show consistency: if latency varies wildly, that hop is congested or unreliable.
What does * or timeout mean in traceroute results?
An asterisk (*) means the hop didn't respond within the timeout window (default 5 seconds). Causes: (1) ICMP is filtered by a firewall at that hop (very common), (2) the router simply doesn't respond to traceroute (some enterprise routers are configured this way), (3) a real network issue. Multiple stars in a row usually indicate firewall filtering. Single star at the last hop is often normal. Stars don't always mean a problem, but they do obscure visibility into that part of the network.
What's the difference between traceroute and ping?
Ping sends a single packet to a destination and measures round-trip time. It's simple but shows only whether the destination is reachable and how fast. Traceroute sends multiple packets with increasing TTL, showing each router (hop) along the path. Ping = 'is the server up?' Traceroute = 'which routers does my traffic go through, and where is latency happening?' Use traceroute when ping fails to pinpoint where connectivity breaks down.
What is MTR and how is it different from traceroute?
MTR (My Traceroute) is a tool that combines ping and traceroute into one continuous, real-time display. It shows the path like traceroute does, but then continuously pings each hop to show running statistics: packet loss %, average latency, best/worst latency. MTR updates every second. It's better than traceroute for finding intermittent issues because you see loss/latency patterns over time, not just a snapshot. Available on macOS (brew install mtr), Linux, and Windows (mtr-windows).
How can I run traceroute on different operating systems?
macOS/Linux: open Terminal, type 'traceroute example.com' (ICMP) or 'traceroute -U example.com' (UDP). Windows: open Command Prompt, type 'tracert example.com' (note the different spelling). Windows uses ICMP by default. On macOS, install MTR via Homebrew: 'brew install mtr' then 'mtr example.com' for real-time view. Online traceroute tools available at AtomPing.com/tools/traceroute for quick testing without installing anything.