Lesson 89: traceroute Command
In this lesson, you'll learn how to use the traceroute command to map the path packets take from your system to any destination revealing every hop along the way, the latency at each point, and where connectivity problems actually occur.
The traceroute command works by sending packets with progressively increasing TTL (Time To Live) values.
When a router receives a packet whose TTL has expired, it drops the packet and sends back an ICMP "Time Exceeded" message to the source.
By incrementing the TTL from 1 upward, traceroute forces each successive router along the path to identify itself building a complete map of the route one hop at a time.
This makes it the most precise tool available for pinpointing exactly where in a network path latency is spiking or connectivity is failing.
Installation
On many Linux distributions, traceroute is not installed by default. Install it with:
sudo apt install traceroute # Debian/Ubuntu
Or:
sudo dnf install traceroute # Fedora/RHEL 9+
Or:
sudo yum install traceroute # RHEL/CentOS 7/8
Syntax
traceroute [OPTIONS] DESTINATION [PACKET_LENGTH]
Where DESTINATION is a hostname or IP address.
Options
| Option | Description |
|---|---|
-n |
Show IP addresses only β skip reverse DNS resolution |
-m <hops> |
Set the maximum number of hops (default: 30) |
-q <N> |
Set the number of probe packets per hop (default: 3) |
-w <sec> |
Set the wait time for a response in seconds (default: 5) |
-p <port> |
Specify the destination port |
-i <interface> |
Send packets through a specific network interface |
-T |
Use TCP SYN packets instead of UDP (requires root) |
-I |
Use ICMP ECHO packets instead of UDP (requires root) |
-4 |
Force IPv4 |
-6 |
Force IPv6 |
-f <TTL> |
Set the starting TTL value (default: 1) |
-g <gateway> |
Route packets through a specified gateway |
Understanding the traceroute Output
traceroute 4.2.2.2
traceroute to 4.2.2.2 (4.2.2.2), 30 hops max, 60 byte packets
1 192.168.50.1 (192.168.50.1) 0.217 ms 0.624 ms 0.133 ms
2 227.18.106.27.mysipl.com (27.106.18.227) 2.343 ms 1.910 ms 1.799 ms
3 221-231-119-111.mysipl.com (111.119.231.221) 4.334 ms 4.001 ms 5.619 ms
8 if-9-5.tcore1.WYN-Marseille.as6453.net (80.231.217.17) 216.909 ms 198.864 ms 201.737 ms
21 b.resolvers.Level3.net (4.2.2.2) 199.725 ms 199.190 ms 202.488 ms
Each line represents one hop. Here is what the columns mean:
| Column | What It Means |
|---|---|
1, 2, 3... |
Hop number β distance from your machine in router hops |
Hostname (IP) |
The router's reverse DNS hostname and its actual IP address |
0.217 ms 0.624 ms 0.133 ms |
Round-trip time for each of the three probe packets sent to this hop |
Reading latency across hops:
A gradual increase in latency as hop numbers grow is completely normal β packets travel farther and the cumulative delay increases.
What you are looking for is a sudden jump or a large latency increase between two adjacent hops.
That jump identifies where the delay is being introduced, whether by congestion, a long-distance undersea cable crossing, or a misconfigured router.
* * *) on a hop line means the router at that hop did not respond to the probe. This does not always indicate a problem; many routers and firewalls are configured to silently drop TTL-expired packets as a security measure.
If subsequent hops respond normally, the route is fine, and that router is simply filtering
traceroute probes.