Traceroute: Map the Path of Packets Hop by Hop

Traceroute: an X-ray of the network path

While Ping answers the question "is the host reachable?", Traceroute answers "what path do packets take to reach it?". It shows every router (hop) between the source and the destination, with the corresponding IP address, hostname, and response time. This hop-by-hop visibility is essential for diagnosing routing problems, identifying bottlenecks, and pinpointing the exact location where packet loss or abnormal latency occurs.

Traceroute works by exploiting the TTL (Time To Live) field of the IP header. It sends packets with increasing TTL values starting from 1: the first router decrements the TTL to 0 and responds with an ICMP Time Exceeded message, revealing its address. The second packet has TTL 2 and is decremented to 0 by the second router, and so on. By repeating the process with incremental TTL values, the entire path to the destination is mapped.

Reading the traceroute

$ traceroute --target example.com

 1  router.local (192.168.1.1)      1.2 ms   <- Your router
 2  bras.isp.net (10.0.0.1)         8.5 ms   <- Local ISP
 3  core.isp.net (172.16.0.1)      12.3 ms   <- ISP core
 4  mix-ix.net (185.1.166.1)        15.1 ms   <- Internet Exchange
 5  * * *                                     <- No response
 6  cdn.provider.com (104.16.0.1)   18.7 ms   <- CDN edge
 7  example.com (93.184.216.34)     19.2 ms   <- Destination

Each line shows: the hop number, the router hostname and IP, and the response time. Asterisks (* * *) indicate a router that does not respond to traceroute packets — not necessarily a problem, as many enterprise routers block ICMP by policy. The most important aspect is the latency delta between consecutive hops: a jump from 15ms (hop 4) to 18ms (hop 6) is normal, but a jump from 15ms to 150ms would indicate a bottleneck in that segment.

Diagnosing problems with traceroute

A sudden increase in latency between two hops indicates the problematic segment. If the increase is at the last hop, the problem is likely on the destination server. If it is in the first few hops, the issue is in your local network or your ISP. If a hop shows packet loss (some attempts with * and others with a response), that router is congested. Use ASN Lookup to identify which provider owns the problematic router, and Ping to confirm the latency with prolonged tests.

For a complete analysis of the network path, combine traceroute with IP Geolocation to geographically visualize the hops and identify suboptimal routing paths. A traceroute from Milan that goes first to London, then to New York, and then back to Frankfurt to reach a server in Germany clearly indicates a routing problem that your ISP or hosting provider should correct.

A special case is a traceroute that reaches a certain point and then stops with an infinite sequence of asterisks: this can indicate a firewall completely blocking traffic, a routing loop, or an ACL (Access Control List) that drops packets with expired TTL. In these cases, try traceroute variants with different protocols: TCP on port 80 often works where ICMP is blocked, because firewalls rarely block web traffic.