Frequently Asked Question

How does traceroute actually trace a route?

Every IP packet has a Time-To-Live (TTL) field that each router decrements by 1 as it forwards the packet. When TTL reaches 0, the router drops the packet and sends an ICMP Time Exceeded message back to the source. traceroute weaponises this: it sends a packet with TTL=1 (which the first router rejects, revealing itself), then TTL=2, then TTL=3, and so on, walking the path one hop at a time until it reaches the destination. The IP address in each ICMP reply is the next router on the way.

A more useful modern variant is mtr (My TraceRoute), which combines ping and traceroute into a continuous live display showing loss percentage and latency at every hop. This is exactly what you want when diagnosing intermittent packet loss or a flaky link partway through the path. mtr -r -c 100 host generates a one-shot report suitable for pasting into a bug ticket. Note that some hops may show * * *, that just means a router declined to send ICMP replies, not that the path is broken.