What is traceroute?
Traceroute is a network diagnostic tool that shows the path IP packets take from the source to a specific destination. At each hop, the command sends packets with an increasing TTL (Time To Live) value and records the ICMP “Time Exceeded” response returned by intermediate routers. This allows you to pinpoint where excessive latency, packet loss, or even a connection break occurs. Although its operation is based on ICMP, many distributions also offer variants that use UDP or TCP, enabling adaptation to firewalls that block certain types of traffic. Knowing traceroute is essential for system administrators, network engineers, and any user who needs to troubleshoot connectivity issues.
Installing traceroute on Linux
On most modern distributions, traceroute comes preinstalled, but if it is missing, installation is straightforward. On Debian/Ubuntu‑based systems, simply run sudo apt update && sudo apt install traceroute. On Red Hat, CentOS, or Fedora, the corresponding command is sudo dnf install traceroute (in newer releases) or sudo yum install traceroute on older versions. On Arch Linux, use sudo pacman -S traceroute. After installation, you can verify availability by running traceroute --version, which displays the version number and supported options. Some distributions also provide the traceroute6 package for working exclusively with IPv6.
Basic syntax and simple usage
The simplest form of the command is traceroute destination, where destination can be an IP address or a DNS‑resolvable domain name. For example, traceroute 8.8.8.8 shows the route to Google’s public DNS server. When executed, the output consists of numbered lines representing each hop; each line includes the hop number, the IP address of the responding router, and optionally the hostname if it can be resolved, followed by three response times measured in milliseconds (by default, three probes are sent per hop). If any of those times shows an asterisk (*), it indicates that no response was received within the expected timeout.
Interpreting the output
Analyzing traceroute output allows rapid detection of network problems. A progressive increase in response times indicates congestion or lower‑capacity links in that segment. Seeing several consecutive asterisks at the same hop may mean the router is configured not to reply to ICMP Time Exceeded packets, or that a filter discards them. A hop showing a very high time followed by a sudden improvement in the next hop can signal a temporary issue, such as an overloaded link or a route change. Additionally, the appearance of private IP addresses in the trace (e.g., 10.x.x.x or 192.168.x.x) suggests the traffic is passing through an internal network before reaching the Internet, which is normal in corporate environments.
Useful traceroute options
-n: skips DNS name resolution, showing only IP addresses and speeding up execution.-I: forces the use of ICMP ECHO packets instead of the default (UDP in many implementations).-T: employs TCP SYN packets, useful for bypassing firewalls that block ICMP or UDP.-f value: sets the initial TTL, allowing you to skip known first hops.-m value: defines the maximum number of hops (maximum TTL) the command will attempt to reach.-q number: adjusts the number of probes sent per hop (default is 3).-w time: sets the wait time in seconds for each response.
Practical examples
Suppose we want to diagnose connectivity to an internal web server intranet.empresa.local. We can run:
traceroute -n intranet.empresa.local
This shows the route without attempting name resolution, useful if the internal DNS is unavailable. If we suspect a firewall blocks UDP packets, we can switch to TCP:
traceroute -T -p 443 intranet.empresa.local
Here we specify port 443 (HTTPS) so the TCP SYN probes are directed to the web service, increasing the chance of getting replies. In another scenario, if we want to limit the trace to a maximum of 15 hops and wait half a second per response, we use:
traceroute -m 15 -w 0.5 google.com
Finally, to obtain only IP addresses and speed up the test on a high‑latency network, we combine -n and -q 1:
traceroute -n -q 1 203.0.113.10
Limitations and considerations
Although traceroute is very versatile, it has certain limitations to keep in mind. First, it relies on intermediate routers sending ICMP “Time Exceeded” messages; if a device is configured to drop those messages, the trace will show asterisks and you cannot identify that hop. Second, the presence of load balancing or asymmetric routing can cause probes to follow different paths on each attempt, producing a confusing output with multiple addresses for the same hop number. Lastly, traceroute does not directly measure bandwidth or packet loss; for those metrics, tools such as ping with adjusted intervals, mtr, or iperf are preferred. Despite these limitations, it remains one of the first lines of diagnosis when routing or latency problems are suspected.
Conclusion
The traceroute command in Linux is an essential tool for any professional working with networks. Its ability to display the packet path and response times at each hop lets you quickly spot congestion points, routing faults, or misconfigured firewalls. Knowing its basic syntax, common options, and how to interpret the output gives you a significant advantage when troubleshooting connectivity incidents. Whether you are managing a server, overseeing a corporate infrastructure, or simply curious about how your traffic reaches a remote destination, traceroute provides the visibility needed to make informed decisions and keep the network running optimally.
This post is also available in ESPAÑOL.