A traceroute maps the path your traffic takes, hop by hop, so you can spot where delays start and where packets stop getting replies.
When a site feels slow, it’s tempting to blame your Wi-Fi or the website. A traceroute gives you a clearer view. It shows the network hops your connection passes through on the way to a destination, along with round-trip times for replies.
You don’t need special tools. Windows, macOS, and Linux all include commands that can run a trace in under a minute. The payoff is simple: you can tell whether the slowdown starts at home, at your ISP, near the destination, or on the route in between.
What A Traceroute Tells You
A traceroute lists “hops.” A hop is one router or gateway that forwards your traffic closer to the destination. For each hop, the tool sends a few probe packets and times the replies.
It’s not a bandwidth test. It’s a path and timing snapshot. You use it to answer questions like these:
- Does the path leave my network cleanly, or do delays start at my router?
- Is there one hop where latency jumps and then stays high after that point?
- Do the final hops reply, or does the trace stop before the destination?
- Is the route taking a strange detour between distant regions?
How Traceroute Works Under The Hood
Traceroute relies on a behavior in IP routing: packets carry a “time to live” (TTL) value. Each router that forwards the packet reduces TTL by 1. When TTL reaches 0, that router drops the packet and may send back a message that it expired.
The tool starts with a low TTL, then raises it step by step. TTL 1 expires at the first router, TTL 2 at the second, and so on. Each expiry reply reveals that hop and the time it took for the reply to come back.
Operating systems also differ in the probe style they use by default. Many Linux builds send UDP probes, Windows uses ICMP echo requests, and macOS often uses UDP. Some networks treat those probe types differently, so results can vary across devices.
Before You Run A Trace
Two small choices can make your results easier to trust: pick the right target, then repeat the test.
Pick A Target That Matches The Problem
If one website feels slow, trace to that domain. If many sites feel slow, trace to a stable public target and also trace to one affected site. Comparing traces can show whether the issue is “global” for your connection or tied to one destination network.
Run A Few Traces, Not Just One
Routes can shift. A single trace can catch a momentary blip. Run two or three traces, spaced a minute apart, and watch for the same hop showing the same pattern.
Know What The Asterisks Mean
Traceroute prints * when a hop doesn’t reply in time. That does not automatically mean your real traffic is failing. Some routers rate-limit traceroute replies or ignore them. You care most about whether later hops reply and whether the destination replies.
How To Traceroute On Windows, Mac, And Linux
Below are the practical commands and a couple of switches that matter in real troubleshooting. If you’re tracing from a work device, run these in a terminal you’re allowed to use.
Windows: Tracert In Command Prompt Or PowerShell
Open Command Prompt or PowerShell, then run:
tracert example.comFor faster output that skips DNS lookups, add -d:
tracert -d example.comFor slow links, raise the wait time per hop with -w (milliseconds):
tracert -w 2000 -d example.comMicrosoft documents the tracert command and switches so you can tune output without guessing.
macOS: Traceroute In Terminal
Open Terminal, then run:
traceroute example.comTo cap hop count, add -m:
traceroute -m 20 example.comTo send one probe per hop (faster), add -q:
traceroute -q 1 example.comApple’s traceroute man page lists options and defaults for macOS builds.
Linux: Traceroute With A Few Handy Flags
On Linux, the base command is the same:
traceroute example.comSwitch To ICMP When UDP Looks Blocked
If you see early asterisks or a trace that stops quickly, try ICMP mode. On many builds, -I sends ICMP probes:
traceroute -I example.comUse TCP When A Web Port Is The Real Test
If a web app fails but ICMP looks fine, TCP tracing can match the traffic you care about. On some builds, -T uses TCP SYN probes. You can also set port 443:
traceroute -T -p 443 example.comKeep Output Clean With Numeric Mode
Reverse DNS can slow a trace and clutter the output with hostnames. Add -n to show IPs only:
traceroute -n example.comReading Traceroute Output Without Guesswork
A typical trace prints one line per hop, often with three probe times. Those timings show jitter. One slow probe surrounded by two normal probes can be a blip. A consistent jump that stays elevated after that hop tells a stronger story.
Spot The “Jump That Sticks” Pattern
Look for a hop where times jump up and then remain high for the rest of the trace. That pattern often points to congestion or a long physical hop that begins at that point in the route.
Watch Out For The “Single Slow Hop” Trap
Some routers answer traceroute probes at a lower priority than they forward real traffic. That can create one slow line while later hops look normal. If hop 7 shows 200 ms but hop 8 and beyond return to 25 ms, that hop is likely slow to reply, not slow to forward.
Make Sense Of A Trace That Stops Early
A trace that ends in asterisks can mean a firewall drops probes near the end, a router forwards traffic but stays quiet, or the destination network blocks the return messages traceroute expects.
If the site still loads, an early stop is not proof of a failure. If the site fails and the trace stops at the same hop across several runs, that hop is worth noting.
Common Traceroute Patterns And Fixes
When a trace looks “wrong,” the fix is often a small switch or a different probe style. Use this table as a quick checklist.
| What You See | What It Often Means | Try This Next |
|---|---|---|
| Asterisks show for one hop, later hops still reply | That router rate-limits traceroute replies | Ignore that hop; watch for a jump that persists later |
| Asterisks start early and the trace never goes further | Probes blocked on your network or by ISP policy | Switch probe type: ICMP (-I) or TCP (-T) |
| Hop 1 is slow, later hops are normal | Your router replies slowly to probes | Watch later hops; test once over Ethernet |
| Latency jumps at one hop and stays high afterward | A long hop begins there, or congestion starts there | Run 3 traces; capture the hop list and timestamps |
| The route changes between runs | Dynamic routing shifted paths | Save the trace from the bad moment for comparison |
| Only the final hop is asterisks | Destination blocks probe replies | Try TCP tracing to port 443, or trace to a nearby host |
| Hostnames slow the trace or look inconsistent | Reverse DNS is slow or misleading | Use numeric output: -d (Windows) or -n (Linux/macOS) |
| Times swing wildly from hop to hop | Wi-Fi interference, congestion, or queueing | Trace over Ethernet; repeat when the network is quiet |
Traceroute Steps For Home Wi-Fi Checks
If the issue happens at home, run a trace from Wi-Fi, then run the same trace from Ethernet. The contrast can narrow the culprit fast.
Step 1: Check The First Two Hops
Your router is usually hop 1. Your ISP’s first gateway is often hop 2 or 3. If times are high at hop 1 and stay high later, your local link may be struggling. If hop 1 is high but hop 2 and beyond look normal, your router is likely slow to answer probes.
Step 2: Compare A Stable Target With The Problem Target
Trace to a stable public target, then trace to the exact service that feels slow. If the stable trace looks clean but the service trace looks rough, the trouble may sit closer to that service’s network or at a peering point between networks.
Saving Results So They’re Easy To Share
When you share a traceroute in a ticket, include the basics: the time you ran it, whether you were on Wi-Fi or Ethernet, your city, and the target you traced to.
On Windows, save output like this:
tracert -d example.com > trace.txtOn macOS or Linux:
traceroute -n example.com > trace.txtWhat To Do After You Find The Bad Hop
A traceroute can’t change routing on its own, but it can tell you what kind of action is worth trying next.
| Trace Clue | Best Next Move | What To Include |
|---|---|---|
| Trouble starts at hop 1 and persists | Test Ethernet, reboot router, check cables | Device type, Wi-Fi band, router model, time of test |
| Trouble starts inside early ISP hops | Call your ISP and share the trace | Hop where times rise, full hop list, repeat runs |
| Trouble starts near the destination network | Report it to the service owner, or try another region | Target hostname, last responding hop, timestamps |
| Trace ends early, yet the site loads | Treat it as filtered replies, not a break | Note that the service works; include a second target trace |
| Trace ends early and the site fails | Try TCP trace to port 443 and retry later | Both traces, error seen in the app, time window |
| Routes differ during bad moments | Save the “bad route” trace and share it | Two traces side by side with timestamps |
Simple Notes For Sharing Traceroutes
A traceroute can expose public IP values and hostnames tied to networks. Sharing it is usually fine, but you can mask your own public IP or the first hop after it when posting publicly.
References & Sources
- Microsoft Learn.“Tracert.”Lists Windows tracert usage and switches for shaping trace output.
- Apple Man Pages.“traceroute(8).”Describes traceroute options and behavior on macOS builds.