Caleb DagenetteWhen it comes to network troubleshooting, traceroute is an invaluable tool for identifying issues affecting connectivity and performance. At xByte Cloud, we often ask customers to send us traceroute information to diagnose problems such as high latency, packet loss, and routing loops.
How to Read a Traceroute
A traceroute displays the path that data takes from your computer to a specified destination. It shows each “hop” (a router or gateway) the data passes through and measures the time it takes for data to travel from one hop to the next. Each line in the traceroute output represents a hop, with the response times listed in milliseconds (ms).
Here’s a quick breakdown:
- Hop Number: The first column indicates the hop number, showing the sequence of routers the data passed through.
- Response Times: The following columns show the round-trip time for data to travel to that hop and back, measured in milliseconds. If the hop doesn’t respond, you may see an asterisk (*) indicating a timeout. There are 3 attempts made at each hop.
- IP Address or Hostname: The second column displays the IP address or hostname of each hop.
Understanding this basic structure helps in interpreting the traceroute results, which we delve into below.
What We Look For in a Traceroute
1. High Latency: High response times at specific hops may indicate congestion or a slow link. Analyzing where the high latency occurs—whether at the beginning, middle, or end of the traceroute—helps determine the cause.
Sample Traceroute with High Latency (issue):
| 1 | 1 ms | <1 ms | 1 ms | 192.168.0.1 |
| 2 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 3 | 186 ms | 195 ms | 193 ms | 123.123.123.7 |
| 4 | 185 ms | 192 ms | 189 ms | 123.123.123.254 |
Explanation: Notice the significant increase in latency starting at hop 2 (123.123.123.1) compared to the previous hops. This suggests an issue at this point in the route, likely due to congestion or a slow link at this specific hop.
If the response time comes back down after a single hop with high latency that may simply mean the hop with the peak set the signal to a lower priority (non-issue).
Sample Traceroute with High Latency (non-issue):
| 1 | 1 ms | <1 ms | 1 ms | 192.168.0.1 |
| 2 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 3 | 101 ms | 96 ms | 93 ms | 123.123.123.7 |
| 4 | 75 ms | 94 ms | 89 ms | 123.123.123.254 |
2. Packet Loss: Packet loss can degrade network performance. Consecutive timeouts across multiple hops often indicate packet loss. Occasional timeouts are normal and may be due to ICMP being disabled on certain hops.
Sample Traceroute with Packet Loss (Non-Issue):
| 1 | 1 ms | <1 ms | 1 ms | 192.168.0.1 |
| 2 | * | * | * | 123.123.123.1 |
| 3 | * | * | * | 123.123.123.7 |
| 4 | 75 ms | 94 ms | 89 ms | 123.123.123.254 |
Explanation: Multiple timeouts in consecutive hops can indicate packet loss, which affects network performance, however, it’s important to note that it is also normal to see timeouts throughout a trace, and sometimes even multiple. What matters is that the origin reaches the destination which in this case is the IP address or network you’re trying to reach. The various hops throughout a traceroute may have ICMP disabled and are intentionally configured not to respond to a request, but still pass your request along to the next hop until the traceroute completes.
Sample Traceroute with Packet Loss (Issue):
| 1 | 1 ms | <1 ms | 1 ms | 192.168.0.1 |
| 2 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 3 | * | * | * | 123.123.123.7 |
| 4 | * | * | * | 123.123.123.254 |
Explanation: The traceroute fails to reach its destination, with repeated timeouts starting at hop 3. This suggests a potential packet loss issue, preventing the data from progressing beyond hop 2.
3. Routing Loops: Repeated IP addresses or hostname patterns in consecutive hops may signal a routing loop, trapping data in a cycle between routers.
Sample Traceroute with Routing Loop:
| 1 | 1 ms | <1 ms | 1 ms | 192.168.0.1 |
| 2 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 3 | 101 ms | 96 ms | 93 ms | 123.123.123.7 |
| 4 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 5 | 101 ms | 96 ms | 93 ms | 123.123.123.7 |
| 6 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 7 | 101 ms | 96 ms | 93 ms | 123.123.123.7 |
| 8 | 200 ms | 195 ms | 197 ms | 123.123.123.1 |
| 9 | 101 ms | 96 ms | 93 ms | 123.123.123.7 |
Explanation: The IP addresses at hops 2 and 3 are repeating, indicating that the data is caught in a routing loop. This issue needs to be addressed as it prevents the data from reaching its intended destination.
How to Perform a Traceroute
Performing a traceroute is straightforward:
- Windows: Open Command Prompt and type tracert [destination IP or domain].
- Mac: Open Terminal and type traceroute [destination IP or domain].
For detailed steps, visit our guide on how to perform a traceroute on Windows and Mac.
Summary
If you identify issues in hops, then it’s important to find where the issue is occurring. Is it occurring at the beginning, middle, or end of the trace route? If it is at the beginning then there could be an issue with your network, if it is in the middle of the route then there is likely an ISP in the middle that is having some issues which is causing high latency, and if it is happening at the end of the route, then the latency maybe at the destination.
