# Traceroute ## What is Traceroute Traceroute is a network diagnostic tool that shows the path packets take from a source to a destination across a network. It reveals each router or hop along the path and measures the round-trip time to each hop. Traceroute is used to identify where delays and failures occur in a network path. On Windows the command is called tracert. On Linux and macOS it is called traceroute. ## How Traceroute Works Traceroute uses the IP time to live field to discover each hop along the path. It sends the first packet with a TTL of 1. The first router decrements the TTL to 0 and discards the packet, sending an ICMP time exceeded message back to the source. Traceroute records the IP address of this router and the time for the response. It then sends the next packet with a TTL of 2. The first router decrements TTL to 1 and forwards it. The second router decrements TTL to 0 and sends a time exceeded message. This process continues with increasing TTL values until the destination is reached or the maximum number of hops is exceeded. When the destination receives a packet it sends back an ICMP port unreachable message instead of a time exceeded message, signaling the end of the trace. ## Interpreting Traceroute Output Each line in the traceroute output represents one hop. The line shows the hop number, the hostname or IP address of the router, and three round-trip time measurements. If a router does not respond, an asterisk is displayed for that measurement. High latency at a particular hop may indicate congestion or a slow link at that point. Asterisks may indicate that a router is filtering ICMP messages rather than being unreachable. ## Traceroute for Troubleshooting Traceroute helps identify where a network problem occurs. If traceroute succeeds up to a certain hop and then fails, the problem is likely at or just beyond that hop. If a particular hop shows very high latency compared to the previous hop, there may be congestion on the link to that hop. Traceroute can reveal unexpected routing paths that pass through distant locations, explaining why a connection to a nearby destination has high latency. ## Differences Between Traceroute Implementations On Unix systems traceroute sends UDP packets by default. On Windows tracert sends ICMP echo requests. The choice affects how routers respond and which firewalls may block the probes. Modern versions of traceroute support multiple protocols including TCP, which is useful when ICMP and UDP are filtered by firewalls.