- Traceroute explained simply: it lists every router between you and a destination.
- Each line is one hop with three round-trip times and an address.
- Asterisks usually mean a router ignored the probe, not a failure.
- Judge the trace by the last reachable hop and the end-to-end trend.
- A slow middle hop that recovers on the next line is harmless.
Traceroute explained in one line: it shows the route your data takes across the internet. The output is a numbered list of hops with timing. At first it looks cryptic. Once you know the pattern, it points straight at trouble.
This guide walks through reading a real trace. You will learn what each hop line means. You will see what the asterisks signal. And you will know which hop to blame when something breaks.
Traceroute Explained: What It Actually Does
Traceroute maps the path your packets take to a destination. It sends packets with a rising time-to-live so each router along the way reveals itself. This is traceroute explained at its core: one line per hop, with timing for each step.
Traceroute uses a clever trick built into every IP packet. Each packet carries a time-to-live, or TTL, value. Each router that forwards it lowers the TTL by one. When the TTL hits zero, that router drops the packet and reports back.
Traceroute starts with a TTL of one. The first router drops it and sends an error reply. That reply reveals the first hop. Traceroute then raises the TTL to two, so the second router replies, and so on.
By stepping the TTL upward, traceroute maps the whole path. Each step exposes one more router. The process stops when the packet reaches the destination. It also stops at a maximum hop count, usually thirty.
tracert vs traceroute vs tracepath
The tool has different names across systems. Windows calls it tracert. macOS and Linux call it traceroute. Linux also includes tracepath. They all do the same job, though the default probe type can differ between them.
The command name depends on your operating system. The job is the same on each one. The default probe type is the main difference. That difference can change what you see on filtered networks.
| System | Command | Default probe |
|---|---|---|
| Windows | tracert | ICMP echo |
| macOS / Linux | traceroute | UDP |
| Linux | tracepath | UDP, no admin needed |
Running Traceroute on Each System
Open a terminal to run a trace on any platform. On Windows, use Command Prompt or PowerShell. On macOS and Linux, use Terminal. Type the command followed by a hostname or IP address.
Windows: tracert google.com
macOS / Linux: traceroute google.comA trace can take several seconds to finish. Each hop waits for replies before moving on. You can speed it up with options. Add -d on Windows to skip name lookups for faster output.
Reading a Hop Line
Each hop line has three parts. The hop number counts routers from one upward. The three time values are separate round-trip probes. The last field is the router hostname or IP address. Read the three together for a clear picture.
Here is a short Windows trace to read:
C:\> tracert google.com
Tracing route to google.com [142.250.80.46]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms 192.168.1.1
2 9 ms 8 ms 10 ms 10.0.0.1
3 12 ms 11 ms 13 ms isp-core-1.example.net [203.0.113.1]
4 * * * Request timed out.
5 21 ms 20 ms 22 ms peer-1.example.net [198.51.100.7]
6 20 ms 21 ms 20 ms 142.250.80.46
Trace complete.The first column is the hop number. It counts each router in order, starting at one. The next three columns are round-trip times. Each is a separate probe to that same hop.
The final column names the router. It shows a hostname when one resolves. Otherwise it shows the bare IP address. Private addresses near the top are your own network gear.
| Column | Meaning |
|---|---|
| Hop number | Position of the router in the path. |
| Three times | Round-trip time for each of three probes. |
| Host or IP | Name or address of that router. |
What the Asterisks (*) Really Mean
An asterisk means a hop did not reply within the timeout. It rarely means the path is broken. Many routers ignore these probes on purpose for security. If later hops still reply, the trace is moving along fine.
Sooner or later a hop shows asterisks instead of times. An asterisk marks a probe that got no reply in time. This is the most misread part of any trace. It usually does not mean something is wrong.
Most asterisks come from routers that ignore the probes. They give this diagnostic traffic low priority for security or load reasons. The router still forwards your real traffic normally. It just declines to answer the trace.
How to Read the Asterisk Patterns
The pattern tells you how worried to be:
- One asterisk among three times: a single probe timed out, often harmless.
- Three asterisks, then the trace continues: that router simply does not reply.
- Three asterisks, then the trace stops dead: the real fault is at or beyond that hop.
Spotting Where It Breaks
Judge a trace by where it ends, not one slow middle hop. A latency jump that persists to the destination points to a real problem. Three asterisks followed by total failure marks the last reachable hop. That hop is where to focus.
The most useful question is simple: where does the trace stop being healthy? Read from the top and follow the times. Steady, slowly rising numbers are normal. A clear break in that pattern is your clue.
A failing path usually shows one of two signs. The times climb sharply and stay high to the end. Or the replies stop and the rest of the trace is asterisks. Both point to the last hop that answered normally.
That last healthy hop is where to focus. Note its hostname or IP address. The owner of that hop, often your ISP, is the place to start. Share the full trace when you report the problem.
Traceroute is one diagnostic among several. Our network troubleshooting guide shows the full sequence. Start there when the whole connection is down, not just slow.
Sometimes the trace dies at your own first hop. That points to a local problem, not the wider internet. Check for a 169.254 self-assigned address first. A Windows network reset can clear stale routing on the device.
Why a Middle Hop Can Look Slow but Isn’t the Problem
A single slow hop in the middle is often harmless. Routers give diagnostic replies low priority while forwarding real traffic fast. If the next hop drops back to normal times, ignore the spike. Only a spike that carries to the end matters.
New users often worry about one slow hop in the middle. They see a 200 ms spike on hop five and assume the worst. Most of the time that spike means nothing. The router was just slow to answer the probe.
Routers handle real traffic first and replies second. A busy core router may delay its trace reply by a lot. The packet still passes through quickly. The slow number reflects the reply, not your actual traffic.
Here is the test that settles it. Look at the hop right after the slow one. If the time drops back to normal, the spike was harmless. If the high time continues to the end, then investigate.
Using Traceroute With Ping to Confirm
Traceroute shows the path; ping confirms a single point. Use traceroute to find the suspect hop. Then ping that hop or the destination to measure loss and latency directly. Together they separate a routing issue from a busy router.
Traceroute and ping work best as a pair. Traceroute finds the hop where things look wrong. Ping then tests that exact point in detail. One maps the path; the other measures it.
Say a trace shows a break around hop seven. Ping the address of that hop directly. A long ping run shows whether it drops packets steadily. That confirms a real fault rather than a one-time blip.
Reading ping output is its own skill worth learning. Our companion guide on how to read ping results covers it line by line. It explains latency, packet loss, and the Request Timed Out message. Use the two guides together for a full picture.
Hostnames in a trace come from DNS, which can fail on its own. If a hop name will not resolve, check it with our DNS lookup tool. A broader DNS failure can surface as the DNS_PROBE_FINISHED_NO_INTERNET error in Chrome.
Related Tools & Resources
Traceroute pairs well with the rest of a diagnostic kit. Start at the troubleshooting hub when the whole connection is down. Use a DNS lookup when names fail but addresses work. Our free network tools run in any browser.
- All NetworkCheckr tools run in your browser with no install.
- Network troubleshooting guide walks through the full connectivity workflow.
- DNS lookup tool resolves a hostname when a hop name will not.
- Windows network reset commands clear stale routes on the device.
- IPv4 vs IPv6 explains the address types you see in a trace.
Frequently Asked Questions
These quick answers cover the questions people ask most about traceroute. Use them to settle a reading fast. For the full method, work back through the sections above. Each answer stays short on purpose so you can scan it.
How do I read a traceroute?
Read a traceroute from the top down. Each line is one router on the path to your target. The three numbers are round-trip times in milliseconds. Watch the trend from the first hop to the last.
What do the asterisks mean in traceroute?
An asterisk means that hop did not answer in time. It is usually harmless. Many routers are set to ignore traceroute probes. Worry only if the asterisks continue all the way to the destination.
What is a normal traceroute?
A normal traceroute shows latency rising gently as hops move farther away. Most home traces finish in ten to twenty hops. Small jumps between hops are expected. A clean trace ends at the destination with steady times.
How many hops is normal?
Most internet paths take between ten and thirty hops. Traceroute stops at thirty hops by default. Nearby sites may finish in under ten. A far-off server may need twenty or more.
Does high latency on one hop mean a problem?
Not on its own. A single slow hop in the middle is often a router deprioritizing replies. If the next hop drops back down, the spike is harmless. A spike that persists to the end is the real concern.
What is the difference between tracert and traceroute?
They are the same tool with different names. Windows uses tracert and sends ICMP probes by default. macOS and Linux use traceroute and send UDP probes by default. Both reveal the routers between you and a target.
References
The sources below are primary and vendor-neutral where possible. They cover the tracert command, how traceroute works, and the standard behind it. Use them to verify any detail in this guide. Each link opens in a new tab.
- Microsoft Learn — tracert command reference
- Cloudflare — What is Traceroute?
- IETF — RFC 792: ICMP (Time Exceeded message)