traceroute shows the sequence of hops packets traverse on their way to a destination. It works by sending packets with successively larger TTL (Time To Live) values: TTL=1 causes the first router to send back an ICMP Time Exceeded message, TTL=2 reaches the second router, and so on, until the target is reached. Each hop is then printed with its IP address and round-trip time.
traceroute example.com # default UDP probes
traceroute -I example.com # ICMP probes
traceroute -T -p 443 example.com # TCP SYN to port 443
mtr example.com # live combined ping+trace
Many modern networks filter UDP probes, so TCP traceroute (-T) or ICMP traceroute (-I) often works when the default fails. mtr (My Traceroute) combines traceroute and ping into a live, interactive display that updates continuously—invaluable for watching packet loss or latency along a path over time.
Traceroute is most useful for diagnosing where in the network something is going wrong: a hop that suddenly shows high latency or complete loss is a strong clue. It does not reveal asymmetric routing or policy-based forwarding, and some routers refuse to send ICMP Time Exceeded replies, leaving holes in the output (shown as * * *).
Related terms: ping
Discussed in:
- Chapter 12: Networking — traceroute
Also defined in: Textbook of Linux