How to read a traceroute
In this tutorial:
There are times when it seems your website may respond slowly. Slow response time may indicate a problem. Most just assume the server is overloaded and call their technical support. Many times, the support representative will ask for a ping and traceroute report. While we have instructions on running this report, it can seem rather cryptic when looking at it.
It doesn't take a degree or any kind of special training to decode a traceroute report. In fact, we will teach you how in this article. This way, if you ever have slow response from your site, you can run a report and quickly determine whether you need to contact our Live Support team.
How a Traceroute works
Whenever a computer connects to a website, it must travel a path that consists of several points, a little like connecting the dots between your computer and the website. The signal starts at your local router in your home or business, then moves out to your ISP, then onto the main networks. From there it may have several junctions until it gets off the Internet highway at the local network for the website and then to the webserver itself.
A traceroute displays the path that the signal took as it traveled around the Internet to the website. It also displays times which are the response times that occurred at each stop along the route. If there is a connection problem or latency connecting to a site, it will show up in these times. You will be able to identify which of the stops (also called 'hops') along the route is the culprit.
How to read a Traceroute
Once the traceroute is run, it generates the report as it goes along the route. Below is a sample traceroute:
C:\>tracert www.example.com Tracing route to example.com [10.10.242.22] over a maximum of 30 hops: 1 <1 ms <1 ms <1 ms 172.16.10.2 2 * * * Request timed out. 3 2 ms 2 ms 2 ms vbchtmnas9k02-t0-4-0-1.coxfiber.net [22.214.171.124] 4 12 ms 13 ms 3 ms 126.96.36.199 5 7 ms 7 ms 7 ms chndbbr01-pos0202.rd.ph.cox.net [188.8.131.52] 6 10 ms 8 ms 9 ms ip10-167-150-2.at.at.cox.net [184.108.40.206] 7 10 ms 9 ms 10 ms 100ge7-1.core1.nyc4.he.net [220.127.116.11] 8 72 ms 84 ms 74 ms 10gr10-3.core1.lax1.he.net [18.104.22.168] 9 76 ms 76 ms 90 ms 10g1-3.core1.lax2.he.net [22.214.171.124] 10 81 ms 74 ms 74 ms 126.96.36.199 11 72 ms 71 ms 72 ms www.inmotionhosting.com [188.8.131.52]
As you can see, there are several rows divided into columns on the report. Each row represents a "hop" along the route. Think of it as a check-in point where the signal gets its next set of directions. Each row is divided into five columns. A sample row is below:
10 81 ms 74 ms 74 ms 184.108.40.206
Let's break this particular hop down into its parts.
|Hop #||RTT 1||RTT 2||RTT 3||Name/IP Address|
|10||81 ms||74 ms||74 ms||220.127.116.11|
Hop Number - This is the first column and is simply the number of the hop along the route. In this case, it is the sixth hop.
RTT Columns - The next three columns display the round trip time (RTT) for your packet to reach that point and return to your computer. This is listed in milliseconds. There are three columns because the traceroute sends three separate signal packets. This is to display consistency, or a lack thereof, in the route.
Domain/IP column - The last column has the IP address of the router. If it is available, the domain name will also be listed.
Checking the hop times
The times listed in the RTT columns are the main thing you want to look at when evaluating a traceroute. Consistent times are what you are looking for. There may be specific hops with increased latency times but they may not indicate that there is an issue. You need to look at a pattern over the whole report. Times above 150ms are considered to be long for a trip within the continental United States. (Times over 150ms may be normal if the signal crosses an ocean, however.) but issues may show up with very large numbers.
Increasing latency towards the targetIf you see a sudden increase in a hop and it keeps increasing to the destination (if it even gets there), then this indicates an issue starting at the hop with the increase. This may well cause packet loss where you will even see asterisks (*) in the report.
1 10 ms 7 ms 9 ms 172.16.10.2 2 78 ms 100 ms 32 ms ip10-167-150-2.at.at.cox.net [18.104.22.168] 3 78 ms 84 ms 75 ms 100ge7-1.core1.nyc4.he.net [22.214.171.124] 4 782 ms 799 ms * ms 10gr10-3.core1.lax1.he.net [126.96.36.199] 5 * ms 899 ms 901 ms 10g1-3.core1.lax2.he.net [188.8.131.52] 6 987 ms 954 ms 976 ms 184.108.40.206 7 1002 ms 1011 ms 999 ms www.inmotionhosting.com [220.127.116.11]
High latency in the middle but not at beginning or end
If the hop immediately after a long one drops back down, it simply means that the router at the long hop set the signal to a lower priority and does not have an issue. Patterns like this do not indicate an issue.
1 <1 ms <1 ms <1 ms 18.104.22.168 2 30 ms 7 ms 11 ms 10.10.0.2 3 200 ms 210 ms 189 ms 22.214.171.124 4 111 ms 98 ms 101 ms ip10-167-150-2.at.at.cox.net [126.96.36.199] 5 99 ms 100 ms 98 ms 188.8.131.52
High latency in the middle that remains consistent
If you see a hop jump but remain consistent throughout the rest of the report, this does not indicate an issue.
1 <1 ms <1 ms <1 ms 184.108.40.206 2 30 ms 7 ms 11 ms 10.10.0.2 3 93 ms 95 ms 92 ms 220.127.116.11 4 95 ms 99 ms 101 ms ip10-167-150-2.at.at.cox.net [18.104.22.168] 5 99 ms 100 ms 98 ms 100ge7-1.core1.nyc4.he.net [22.214.171.124] 6 95 ms 95 ms 95 ms 10g1-3.core1.lax2.he.net [126.96.36.199] 7 95 ms 96 ms 94 ms 188.8.131.52]
High latency in the beginning hops
Seeing reported latency in the first few hops indicates a possible issue on the local network level. You will want to work with your local network administrator to verify and fix it.
Timeouts at the beginning of the report
If you have timeouts at the very beginning of the report, say within the first one or two hops, but the rest of the report runs, do not worry. This is perfectly normal as the device responsible likely does not respond to traceroute requests.
Timeouts at the very end of the report
Timeouts at the end may occur for a number of reasons. Not all of them indicate an issue, however.
- The target's firewall may be blocking requests. The target is still most probably reachable with a normal HTTP request, however. This should not affect normal connection.
- The return path may have an issue from the destination point. This would mean the signal is still reaching, but just not getting the return signal back to your computer. This should not affect normal connection.
- Possible connection problem at the target. This will affect the connection.
Do I need to contact my hosting company?
Once you have found a hop that seems to have an issue, you can identify its location and determine where the issue lies. It may be within your network, your ISP, somewhere along the route, or within your hosting provider's domain.
The first hop is within your own network. The next hop is your ISP. The last couple of hops are likely within your hosting providers' domain and control, so if the issue is there, they may be able to fix it for you. If it is anywhere prior to that, the issue is simply along the route and is within neither your nor your hosting provider's control.
2014-09-10 11:55 am
IDK, probably the best one I have read and I have read MANY!
Having s SERIOUS issue with latency just on my pc using cable modem connecting to my website. No other website has this issue. Can take 20-30 seconds to load. If I use a proxy server, takes 2-3 seconds.
If I connect to cable modem via WiFi with my Samsung Galaxy S5, go to website, problem is there. If I kill WiFi and connect with AT&T carrier, response to website is 1-3 seconds; not 20-30 when using cable modem.
Now you guys have me interested in your hosting service.
2015-01-02 10:15 pm
you can't improve it.
I knew nothing at all about tracer routes until I read your article.
Thank you very much.
2015-02-15 11:43 pm
How is the #10 hop number the 6th? Is there a reason that the origional poster didnt specify? Im completely new to this and ive been looking for an hour now about hop numbers and this threw me completely off
2015-02-16 3:17 pm
Thanks for the questions. The traceroutes supplied above are samples for the purposes of the tutorial. If you have a specific question about traceroutes, please let us know.
2015-02-25 11:50 am
is asterisks the same as n/a , just before my latency goes high , a hop has n/a
2015-02-27 10:02 am
It is not uncommon to have a hop or two in a trace with asterisks. If the asterisks continued throughout the trace and the trace never got to it's destination, that's obviously bad. But one or two hops in there with asterisks could mean that router is not sending responses to pings.
2015-02-25 11:54 am
rout has 9 hops , 1st 4 hops around 36 ms , then 5th hop shows n/a , 6th hop jumps to 138ms is that normal
2015-02-27 10:03 am
If the 7th hop was under 100ms, then it is likely that hop 6 set your packet to a lower priority. That would not indicate a traffic or latency issue.
2015-04-15 8:50 pm
Hi Scott, Good introduction. Could be worth mentioning that if there are asterix or timeouts as mentioned above it is possible to perform a traceroute using tcp. ie, tcptraceroute http://traceroute-online.com/tcptraceroute/.
Using tcptraceroute against a web server that has a strict firewall will still give you a good result as the TCP port 80 has to be allowed through the firewall.