
Summarise this article with:
Traceroute tells you exactly where on the internet your packets go, one router at a time. It is the difference between knowing a connection is slow and knowing which router is causing it. You can run it from your terminal or use our browser-based Traceroute tool right now.

A Real Traceroute, Read Hop by Hop
Start with the output. Theory comes after.
traceroute to google.com (142.250.80.46), 30 hops max, 60 byte packets
1 router.local (192.168.1.1) 1.2 ms 0.9 ms 1.1 ms
2 10.0.0.1 (10.0.0.1) 8.4 ms 9.1 ms 8.7 ms
3 isp-core.example.net (203.0.113.5) 12.3 ms 11.6 ms 12.9 ms
4 * * *
5 72.14.204.68 (72.14.204.68) 15.2 ms 14.5 ms 15.8 ms
6 142.251.247.91 (142.251.247.91) 14.1 ms 13.4 ms 14.7 ms
7 142.250.80.46 (142.250.80.46) 14.0 ms 13.3 ms 13.6 msHop 1 is always your router. The 192.168.1.1 address is a private IP, almost always your home gateway. The three numbers (1.2 ms, 0.9 ms, 1.1 ms) are the round-trip times for three separate probes. Single-digit milliseconds here is healthy.
Hops 2 and 3 are inside your ISP. The 10.0.0.1 at hop 2 is still in private space, likely your ISP's aggregation device. Hop 3 has a public IP and a hostname that hints at an ISP core router. Latency has climbed to about 12 ms, which is normal for the regional ISP network.
*Hop 4 is .** Three asterisks mean the probes timed out. This is not a failure. That router forwarded your traffic just fine but chose not to send an ICMP reply back. Many routers are configured this way deliberately, to reduce CPU overhead and to prevent their management interfaces from being exposed. The proof that nothing is broken: hops 5, 6, and 7 all respond normally.
Hops 5 and 6 are Google's network edge. The IPs fall in Google's autonomous system. Latency has settled around 14-15 ms and stays there.
Hop 7 is the destination. Traffic arrived. Total round-trip from your machine to Google is about 14 ms in this trace.
How TTL Makes This Possible
Every IP packet carries a Time to Live (TTL) field. Despite the name, it is a hop counter, not a clock. Each router that forwards a packet subtracts 1 from the TTL. When TTL hits zero, the router discards the packet and sends an ICMP "Time Exceeded" message back to the sender. That ICMP reply reveals the router's IP address and the round-trip time to reach it.
TTL exists to stop packets from circling a broken network forever. Traceroute repurposes it as a ranging mechanism:
- Send a packet with TTL=1. The first router hits zero, discards it, sends back a Time Exceeded. You have hop 1.
- Send a packet with TTL=2. The first router decrements to 1 and forwards it. The second router hits zero and reports back. You have hop 2.
- Repeat until the packet reaches its destination. The destination does not send a Time Exceeded. It sends an ICMP Echo Reply (if the probe was ICMP) or an ICMP Port Unreachable (if the probe was UDP). Either way, traceroute knows it arrived.
At each TTL level, traceroute sends three probes. That is why you see three latency values per line.
What Protocol Is Being Sent
Different operating systems use different probe protocols by default:
- Linux and macOS: UDP packets to high-numbered ports, starting at port 33434 by convention. The destination sends back ICMP Port Unreachable when these arrive on a port nothing is listening on.
- Windows (
tracert): ICMP Echo Request packets. The destination sends back ICMP Echo Reply. - TCP traceroute (
tcptraceroute): TCP SYN packets, typically to port 80 or 443. Useful when firewalls block ICMP and UDP but pass web traffic.
Finding the Real Problem in Output
Latency That Sticks
A real bottleneck shows up as a jump in latency that remains elevated for every hop after it. Look at this example:
3 isp-router.example.com 12 ms 11 ms 12 ms
4 peering-point.example.com 85 ms 92 ms 88 ms
5 next-hop.example.com 87 ms 84 ms 89 ms
6 dest.example.com 88 ms 85 ms 90 msLatency jumps from 12 ms to 85 ms between hops 3 and 4, then stays elevated. The trouble is at the link between hop 3 and hop 4: congested peering point, a long-distance undersea cable, or a saturated transit link.
Latency That Does Not Stick
In my testing, the single-hop spike is one of the most commonly misread patterns in traceroute:
3 isp-router.example.com 12 ms 11 ms 12 ms
4 busy-router.example.com 150 ms 145 ms 148 ms
5 next-hop.example.com 13 ms 12 ms 14 msHop 4 looks alarming. Hop 5 is completely fine. That means hop 4 is just slow at generating ICMP responses, likely because it rate-limits them to protect its CPU while still forwarding actual traffic at wire speed. Your connection is fine.
The `* * *` Myth
Asterisks at a middle hop without a destination failure mean almost nothing. Many production routers at ISPs and cloud providers suppress ICMP Time Exceeded messages entirely, either by firewall policy or by rate limiting that kicks in under load. If you see * at hop 4 but hop 5 responds and you eventually reach the destination, the path is intact.
The situation that does matter: asterisks that start at a hop and continue all the way to the end, with no destination response. That pattern indicates a firewall blocking traffic at that hop, a genuine routing failure, or a host that is simply down. Pair it with a Ping to the destination to confirm whether traffic is getting through at all.
Routing Loops
Occasionally you will see the same router repeat:
4 router-a.example.com 15 ms 14 ms 16 ms
5 router-b.example.com 18 ms 17 ms 19 ms
6 router-a.example.com 22 ms 21 ms 23 ms
7 router-b.example.com 25 ms 24 ms 26 msPackets are bouncing between two routers. This is a genuine misconfiguration. Save the traceroute output and send it to your ISP or network administrator.
Commands for Each Platform
Linux and macOS
traceroute google.com # UDP probes, default
traceroute -I google.com # ICMP probes instead
traceroute -T -p 443 google.com # TCP to port 443 (through firewalls)
traceroute -q 1 google.com # one probe per hop, faster
traceroute -w 2 google.com # 2-second timeout per probeWindows
tracert google.com # ICMP probes, default
tracert -d google.com # skip DNS resolution, faster output
tracert -h 20 google.com # cap at 20 hopsBrowser-Based
Use our Traceroute tool if you want to run a trace without opening a terminal, or to test the path from a server rather than your own machine.
Advanced Tools
MTR (My Traceroute)
MTR combines traceroute and ping into a live, updating display. While a standard traceroute takes a single snapshot, MTR continuously probes every hop and shows running statistics: average latency, packet loss percentage, best and worst recorded times, and standard deviation. Run it for at least 100 packets to catch intermittent problems that a one-shot trace would miss completely.
MTR is available on Linux and macOS via your package manager (brew install mtr, apt install mtr). Windows users can use WinMTR, a graphical port.
Paris Traceroute
Modern routers use Equal-Cost Multi-Path (ECMP) routing, which distributes traffic across several parallel links by hashing packet headers. Because standard traceroute changes the source port with each probe, different probes at the same TTL level may follow different physical paths, giving you a misleading patchwork of routes rather than a single real path.
Paris traceroute keeps the flow identifier constant across all probes, so every packet follows the same path. The result is an accurate map of one actual route through an ECMP network.
When to Use Which Tool
| Problem | Tool |
|---|---|
| "Is the server reachable at all?" | Ping |
| "Which hop is slow or dropping?" | Traceroute |
| "How fast is my connection?" | Speed Test |
| "Is a service actually running?" | Port Scanner |
| "Who operates the ASN at this hop?" | ASN Lookup |
Frequently Asked Questions
Why does my traceroute show * * * for every hop after a certain point?
This usually means a firewall is blocking ICMP or UDP traffic at that hop and all traffic beyond it. Run a Ping to the destination to check whether traffic is actually getting through at the application layer. If ping also times out, the destination is either unreachable or filtering all probes. If ping succeeds but traceroute stalls, try TCP traceroute (traceroute -T -p 443) to bypass the filtering.
Does a high latency number at one hop mean my network is broken?
Not if later hops return to normal. A single high-latency hop followed by lower latency is almost always a router that rate-limits its own ICMP replies while still forwarding traffic at full speed. Only a latency jump that persists across all subsequent hops points to a real bottleneck.
What is the difference between traceroute and tracert?
They are the same concept on different operating systems. traceroute is the Unix command (Linux, macOS). tracert is the Windows command. The main functional difference is the default protocol: Unix traceroute sends UDP packets by default, while Windows tracert sends ICMP Echo Requests.
How many hops is normal for a traceroute to a popular website?
A typical path to a major CDN or cloud provider involves 8 to 20 hops. Paths that stay within the same country and ISP tend to be shorter. Paths crossing multiple continents or ISP boundaries can run longer. The hop count itself is less important than the latency at the destination.
Why do some hops show different IP addresses for the same hop number?
You may see multiple IPs at a single hop number when ECMP routing sends your three probes down different paths. Each path passes through a different router, each of which reports back. The result is that hop 5, for example, shows three different IP addresses. Paris traceroute fixes this by keeping all probes on the same path.
Can traceroute reveal the physical location of each router?
Roughly, yes. The hostname (when reverse DNS resolves) often contains airport codes or city abbreviations that hint at geography. You can also look up the IP of any hop with an IP Lookup or ASN Lookup to see which organization operates it and what region they list. IP geolocation for backbone routers is imprecise, but it usually identifies the right city or region. See IP geolocation accuracy for the caveats.
Sources
WhatIsMyLocation Team
Our team of network engineers and web developers builds and maintains 25+ free networking and location tools used by thousands of users every month. Every article is reviewed for technical accuracy using real-world testing with our own tools.
Related Articles
Try Our Location Tools
Find your IP address, GPS coordinates, and more with our free tools.