How to Read a Traceroute and Diagnose Network Issues

Traceroute is a network diagnostic tool that shows the path packets take from your computer to a destination, listing every router (hop) along the way. It also measures the time it takes to reach each hop, helping you identify where delays or failures occur.

When you experience slow website loading, connection timeouts, or intermittent connectivity, traceroute helps pinpoint exactly where the problem is — whether it's on your local network, at your ISP, somewhere in the internet backbone, or at the destination server.

Traceroute works by sending packets with incrementally increasing TTL (Time to Live) values. Each router along the path decrements the TTL by 1; when it reaches 0, the router sends back a "Time Exceeded" message, revealing its identity. By sending packets with TTL 1, then 2, then 3, and so on, traceroute discovers each hop in sequence.

On macOS and Linux: traceroute google.com

On Windows: tracert google.com

Using MTR (My Traceroute): A superior alternative that combines traceroute with continuous ping monitoring:

• macOS: brew install mtr then mtr google.com
• Linux: sudo mtr google.com

Reading the output: Each line represents a hop (router) on the path. A typical entry looks like:

3 ae-2.r01.nycmny17.us.bb.gin.ntt.net (129.250.4.13) 12.456 ms 11.234 ms 12.891 ms

This shows: hop number (3), the router's hostname and IP, and three round-trip time measurements.

Normal results: Latency increases gradually with each hop. Minor variations between the three time measurements are normal. A typical domestic traceroute has 10–20 hops with total latency under 100ms.

**Timeouts (asterisks *):** A line showing * * * means that hop didn't respond. This doesn't necessarily indicate a problem — many routers are configured to ignore traceroute packets for security reasons. If subsequent hops respond normally, the * hops are harmless.

Latency spike at one hop: If latency suddenly jumps at a specific hop (e.g., from 20ms to 200ms) and stays high for all subsequent hops, that hop is likely the bottleneck. Note which network owns that router to determine if it's your ISP, a transit provider, or the destination network.

Latency spike that recovers: If one hop shows high latency but subsequent hops return to normal, the router is likely just slow to respond to traceroute packets — the actual forwarding is fine. This is called ICMP deprioritization and is not a real problem.

Persistent packet loss: If one hop shows significant packet loss AND all subsequent hops also show loss, there's a genuine issue at that point in the path.

High latency on first hop: Your local network or router has an issue. Check for Wi-Fi interference, cable problems, or router overload.

High latency at your ISP's hops (hops 2-4): Your ISP may be congested. This is common during peak hours. Contact your ISP if the problem persists.

Latency jump at a geographic boundary: A jump from 20ms to 80ms between two hops often indicates a trans-continental link (e.g., US to Europe). This is normal physics — light takes about 70ms to cross the Atlantic in fiber.

All asterisks after a certain hop: The destination or a firewall in front of it is blocking traceroute. The destination may still be reachable — try pinging it directly.

Route changes: Running traceroute multiple times may show different paths. This is normal — BGP routing can change, and load balancers distribute traffic across multiple paths.

Identifying the responsible network: Look up the IP addresses of problematic hops using LookMyIP to find the ASN and organization. This tells you whether the issue is with your ISP, a transit provider, or the destination's hosting provider — critical information when reporting problems.