What you need to know:
- The traceroute command shows the path packets take from your device to a destination.
- It helps you spot slow hops, routing problems, network packet loss, and where traffic stops.
- You can run it on Linux, macOS, and Windows, though the command name and options differ.
- The traceroute output shows hops, round-trip time, and sometimes asterisks when a reply does not arrive.
- The MTR command is a useful next step when you want continuous network diagnostics instead of a one-time trace.
Traceroute looks technical at first, but it’s just a route map. The traceroute command shows which hops your traffic crosses on the way to a host, so you can see where delays or failures start. Once you know what to look for, the output makes a lot more sense. And it becomes one of the first commands you reach for when something odd is happening on the network.
What Is the Traceroute Command
So what is the traceroute command, exactly? Traceroute is a network diagnostic tool that maps the route between your machine and a remote host. It sends probe packets with slowly increasing time-to-live values. Each router on the path responds when the TTL hits zero, which forces the route to reveal itself one hop at a time. The result is simple. You get a list, top to bottom, of the devices your traffic passes through before it reaches the destination.
That makes the traceroute command handy when a connection feels off and you want to know where the path changes. It does not fix anything on its own. It points to where you should look next, which is usually enough to narrow the problem down to a specific hop, network, or provider. The command has been around for decades and is still one of the most useful pieces of basic network diagnostics on almost any operating system.
When Should You Use Traceroute
Use the traceroute command when a site loads slowly, a connection drops, or a route seems different after a network change. It helps with network troubleshooting because it shows where traffic slows down or disappears, and because it works without any extra software on most systems. That alone makes it useful before reaching for anything more complex.
It’s also useful when ping still works but the connection feels unstable. Ping tells you whether a host answers. The traceroute command tells you how the traffic gets there. Combining both tools covers most reachability questions you will run into during day-to-day network troubleshooting. Think of traceroute as the tool you run second, right after ping has confirmed that the destination is even responding.
Traceroute vs Ping: Key Differences
When people compare ping vs traceroute, the difference is simple. Ping checks reachability and response time. Traceroute shows the route itself, hop by hop. That difference matters when the issue is somewhere between your machine and the destination. Ping may stay green while the path still has a problem, because ping only tests the endpoints, not what happens in between.
Here is a quick side-by-side to make the contrast easier to remember when you are doing network diagnostics:
| Feature | Ping | Traceroute |
| What it shows | Whether a host replies and how fast | The route taken to that host |
| Best for | Quick reachability check | Finding where delay or loss starts |
| Output length | Usually short | One line per hop |
| Network view | Endpoints only | Full path, hop by hop |
Use them together. Ping confirms that the destination answers. Traceroute tells you what happens along the way, which is often the more interesting question when something is slow. The ping vs traceroute comparison is less about choosing one and more about knowing when each is the right call.
How to Run the Traceroute Command
The command name depends on the operating system. Linux and macOS use traceroute. Windows uses the tracert command. The purpose is identical on all three platforms, so the output is easy to read across systems once you know the basics.
Running Traceroute on Linux
Running traceroute on Linux is usually a one-liner:
traceroute example.com On most Linux distributions, traceroute Linux packages are already installed or a single install away. If the command is missing, grab it from your package manager, for example with apt install traceroute on Debian-based systems or dnf install traceroute on Fedora.
The output lists each hop and the response times of the probes sent to that hop. By default, each hop gets three probes, so you will see three timing values per line. If you want to target an IP address instead of a domain name, just swap the domain for the IP. The behavior is the same. Linux also supports a long list of flags, from changing the port to using a specific network interface, which makes traceroute Linux setups flexible in more advanced cases.
Running Traceroute on macOS
Running traceroute macOS-side is just as simple:
traceroute example.com macOS ships with traceroute out of the box, so there is no install step. Output looks close to what Linux gives you: hop numbers, host or IP addresses, and RTT values for each probe. The final line shows the destination if the route completes. If you want more detail, traceroute macOS supports many of the same options as Linux, including switching to ICMP mode and changing the number of probes per hop.
One small quirk to know about: macOS may resolve hostnames for each hop by default, which slows down the output. You can skip the DNS lookup with the -n flag to see only IP addresses. That makes long traces faster and easier to scan when you are trying to spot a specific issue.
Running Traceroute on Windows
Running traceroute Windows-side uses a different command name:
tracert example.com Windows uses the tracert command instead of traceroute. The tool is included by default, so you can open a Command Prompt or PowerShell window and run it immediately. Traceroute Windows behavior also differs in one important way: tracert uses ICMP by default rather than UDP, which is a useful detail when comparing output across operating systems.
The output format is similar: one line per hop with host name, IP address, and three response times. Windows also accepts common flags such as -d to skip DNS resolution and -h to change the maximum number of hops. If you are troubleshooting from a Windows server, the tracert command is often all you need before reaching for anything heavier.
Traceroute Command Options and Flags
Different versions offer different traceroute options, but two settings matter most: packet type and timeout. They change how the command behaves when a network device filters probes, which happens more often than people expect. Getting comfortable with the main traceroute options turns this from a basic command into a proper diagnostics tool, especially in mixed environments where traceroute Linux and Windows hosts both need to be tested.
ICMP vs UDP Probe Packets
Some traceroute tools use UDP by default. Others can use ICMP. Firewalls and routers may treat those packets differently, so the output can change even when the route itself is the same. A device that silently drops traceroute UDP probes will fill the output with asterisks, while traceroute ICMP probes might sail through the same router without a problem.
If one packet type gives messy output, try the other. On Linux, you can force traceroute ICMP with the -I flag. On Windows, tracert already uses ICMP by default. Switching between traceroute ICMP and traceroute UDP probes often tells you something useful on its own. If UDP fails and ICMP succeeds, you likely have a device filtering UDP rather than a real path problem. That is a different kind of issue, and it needs a different fix.
Setting Timeout and Max Hops
Among the more useful traceroute options, traceroute timeout and max hops sit near the top. The traceroute timeout setting decides how long the command waits for a reply before giving up on a probe. Max hops sets the furthest point it will try to reach before stopping. Both affect how quickly you get results and how complete the output looks.
A short traceroute timeout can make the command faster, but it can also hide slow replies. A higher max hop limit helps on long routes that cross many networks, for example international paths or transits across multiple providers. On Linux, you can set a custom timeout with -w and change max hops with -m. On Windows, the equivalents are -w for timeout in milliseconds and -h for max hops. Tuning these traceroute options is usually only worth doing when the defaults are not giving you a clear answer.
Reading and Interpreting Traceroute Results
Traceroute output is easier to read once you split it into three things: the hop number, the host or IP address, and the round-trip times. That structure stays the same across operating systems, which makes the traceroute command easy to use once you have seen a few traces. The skill is in spotting what the traceroute output is actually telling you about the path.
Understanding Hops and Round-Trip Time
A traceroute hop is one device along the route, usually a router or gateway. Round-trip time, or RTT, is how long the probe took to go out and come back. Traceroute output shows three RTT values per hop by default because it sends three probes to each device, which helps you spot variation between them.
Steady RTT values usually mean the path is fine. A sudden jump at one traceroute hop often points to congestion or a slower link. Watch especially for the first hop where a big increase happens and the next hops all stay at that new, higher value. That tells you the delay started at that specific hop. If the higher RTT values shrink back down at the following hops, the spike in the traceroute output is most likely caused by the router itself deprioritizing probes rather than an actual path problem.
What Asterisks Mean in Traceroute Output
Asterisks in traceroute output mean a probe did not get a reply. That is common enough on its own. Some routers ignore traceroute traffic on purpose, especially on heavily loaded backbones where responding to probes is low priority compared with forwarding actual user traffic. For network troubleshooting, asterisks are a clue, not a verdict.
If later hops still answer, the route may still be healthy. A hop with three asterisks in the middle of an otherwise successful trace usually means that one device is quiet, not that the path is broken. If the asterisks continue to the end of the traceroute output, the destination may be blocked, the route may be incomplete, or the target may be filtering traceroute at its own firewall. In that case, network troubleshooting often means trying a different probe type or running the trace from another network to confirm.
Identifying Packet Loss and Bottlenecks
Network packet loss shows up when probes fail to return or timing becomes uneven. A bottleneck often appears as a sudden jump in RTT at one hop, then slower times afterwards that never recover. The later hops inherit the delay because the slow point is in the path, not at the endpoint. This is one of the most common patterns you will run into during real network troubleshooting.
Traceroute does not prove network packet loss by itself. A single run can look bad simply because that router deprioritized the probes for a moment. To get a clearer picture, run the trace a few times or move to a tool that samples the path continuously, such as MTR. That is usually enough to tell the difference between random drops and a consistent problem at a specific hop, and it is a normal next step in serious network troubleshooting.
Advanced Network Diagnostics with MTR
The MTR command combines traceroute and ping into one live view. Instead of showing one snapshot, it keeps testing the route and updating the results as packets flow. You see per-hop loss percentages, average RTT, best and worst times, and standard deviation, all in a constantly refreshing table. For ongoing network diagnostics, that beats running traceroute over and over by hand.
The MTR command helps when a problem comes and goes. A single traceroute might look fine while an intermittent issue is actively causing trouble, because the probes happened to miss the bad moment. MTR runs continuously, so a hop with 15% loss stands out clearly within a few seconds. Traceroute is a quick map. MTR is the moving version, and it is the tool most network engineers switch to once the basic trace has pointed them in a direction. The MTR command is available on Linux and macOS, and Windows users can use WinMTR or a similar port for the same kind of network diagnostics.
FAQ: Traceroute Command
The traceroute command is a command-line tool that shows the path packets take to reach a destination. It lists each hop and the time each probe took to get a reply. On Linux and macOS the command is traceroute, and on Windows it is tracert. So what is the traceroute command in plain terms? It is a route map for your network traffic.
How to run a traceroute depends on your operating system. Open a terminal or Command Prompt and type the command followed by the target host. On Linux and macOS, use traceroute example.com. On Windows, use tracert example.com. The output will print one line per hop as the trace progresses.
Each traceroute hop is one network device along the route. Usually that means a router or gateway between you and the destination. In the traceroute output, hops are numbered in order starting from 1, which is the device closest to you, and the numbers climb until the trace reaches the target.
The ping vs traceroute question comes up a lot. Ping checks whether a host replies. Traceroute shows the route to that host. Use ping when you just need to know if something is reachable. Use traceroute when the connection works but something along the path feels slow or unstable.
