What is traceroute and how does it work?
Traceroute can help you identify the reason why a network is running slowly. A simple tool available on most major operating systems, it highlights faulty network nodes and inefficient routing paths. In this article, we explain what traceroute is, how it works, and why you might want to use it.
What is traceroute?
Traceroute is a diagnostic tool used to track the path of data between nodes on a network. By executing a command on one device, you can send a small IP packet to another device and track the route the packet takes.
You can use traceroute to identify network problems or inefficient routing practices. After executing a traceroute command and gathering information on the packet’s path, you can identify places in your network where data is traveling slowly or encountering unresponsive nodes.
Traceroute functionalities have been added to most operating systems, though in Windows this tool is referred to as the tracert command rather than traceroute command.
How does traceroute work?
Traceroute works by sending an internet control message protocol (ICMP) to a target node on a network. When a data packet moves between two points, it “hops” between numerous routers and switches, each one transmitting the packet closer to its destination.
Using traceroute, you can map all the hops made by the ICMP packet. You can also view information about the time data took to be transmitted and the name and IP addresses (internet protocol addresses) of the devices the packet passed through, from the first router it encountered all the way to the target host.
What does traceroute do?
Traceroute helps to identify the points on a network where problems might be occurring, which makes network troubleshooting easier. You might notice that the network in your office is slow, but with traceroute you can reduce network jitter by identifying the exact point on the network from which the issue originates.
Imagine that you work in an environment with a large network of connected devices, like an office or a school. You run a simple ping test and see that data seems to be moving slowly across the network, but the problem could be anywhere. That’s when you run a traceroute command.
As the ICMP packet journeys across your network, it maps each step of the process, and you notice that data is being handled at a slower-than-expected rate by one particular router on your network. Armed with this information, you can focus on fixing or replacing the defective router, safe in the knowledge that the rest of the network is functioning properly.
How to run traceroute on different operating systems
Traceroute can be executed on most operating systems, including Windows, Linux, and MacOS.
Run traceroute on Windows
If you use Windows, you’re looking to execute the tracert command (which performs the same function as the traceroute command). Follow these steps to execute a tracert command.
- Press the “Windows” key + “R” to open the “Run dialog” box.
- Type “cmd” and press “Okay.”
- In Command Prompt, type “tracert,” followed by a space and then the IP address of the target node.
- Press “Enter.”
- Right-click on the Command Prompt window and select “Select all.”
- Press “Ctrl” + “C” to copy the Command Prompt window information.
- Open a blank document and paste the copied information.
Once you carry out these steps, you can review the traceroute data and assess the speed and efficiency of a specific network path.
Run traceroute on Linux
Traceroute may not be natively installed on your Linux OS, but you can download this function with a package manager. In Ubuntu, the command to install traceroute is “sudo apt-get install traceroute.”
Once installed, open your Linux terminal and type “traceroute” followed by the IP address of the target node.
Run traceroute on MacOS
To run traceroute on MacOS, follow these steps below.
- Open your “Applications” folder.
- Select the “Utilities” folder.
- Select the “Terminal” app.
- Type in “traceroute” followed by the IP address of the target node.
On older versions of MacOS, traceroute can be carried out via the Network Utility panel.
How to read a traceroute
A traceroute map usually takes the form of data rows, with each row representing one segment or hop in the packet’s journey. A row will contain the IP address of the device that received and transmitted the packet and the time taken to do so. In each row, you should look for the following metrics.
Round-trip times and hop numbers
When troubleshooting network problems with traceroute data, you should look for two key problems: unusually high round-trip times and excessive hop numbers.
Round-trip time (RTT) represents the time your ICMP packet takes to move between network nodes. RTT is measured in milliseconds, and if RTT is higher because of specific routers or switches on a network, those are the nodes you should try to update or replace.
Your hop number is the amount of times the data hopped from one node to another. The higher the hop number, the slower your overall RTT will be. A high hop number could indicate that your data is taking an unnecessarily long and circuitous route to reach its destination.
Asterisks (*) and their meaning
After using a traceroute tool, you may notice some asterisks in the resulting data. Asterisks are returned when a device is unable to respond within the required time window set for the test.
A failure to respond can happen because the router is unusually slow or because it was prioritizing other packets at the time of the traceroute execution.
Comparing traceroute with other network diagnostic tools
Traceroute is just one way to monitor network performance and troubleshoot problems. How does it compare to other diagnostic tools?
Ping vs. traceroute
Ping and traceroute are both helpful network diagnostic tools — you can use both. The ping works by sending a signal to a point on a network, which then replies. The speed of this interaction determines the ping rate. The higher your ping number, the slower your network is.
After running a ping test, you can use traceroute to find out why your ping is higher than expected. Ping won’t help you with things like improving routing efficiency or identifying defective network nodes, but it’s useful as a quick way to assess overall network performance.
It is worth mentioning that the ping utility can be abused to launch ping flood attacks. They work by flooding the targeted device with numerous ping requests and causing network overload.
Advanced traceroute variants: MTR, Tracepath, and Paris Traceroute
Alternative traceroute methods have been developed over the years, including MTR, Tracepath, and Paris Traceroute.
MTR, which stands for My Traceroute, runs multiple traceroutes and combines the results to provide a more accurate picture of your network and its problems.
Tracepath is very similar to traceroute but uses UDP instead of ICMP packets and requires fewer user privileges to execute. However, it is also less dynamic than traceroute because it doesn’t allow users to specify the protocols used to transfer data packets.
Lastly, Paris Traceroute fixes some issues with classic traceroute, allowing for more detailed data output about the specific routes taken by each data packet.
Conclusion
Traceroute is a great tool for identifying problems on larger networks and can make speeding up data transmission a lot easier. The tool won’t be of particular use to you if you run a small network, like a home LAN, but in situations where multiple routers are being employed to transmit data, traceroute offers a simple method for quickly identifying underlying issues.
Want to read more like this?
Get the latest news and tips from NordVPN.