What is Traceroute (Tracert) Command: Use On Linux & Windows

Through this guide, you will get a complete understanding of the Traceroute Command for Windows, Linux including working, limitations, and examples:

In this tutorial, we will explain the Traceroute command and the syntax of the command with the parameter description. We have elaborated on the topic with the help of different examples and figures.

A Traceroute command is a command that is generally used to locate the destination path from the host in the network. It will tell us about all the intermediate hops the data packet came across while traveling into the network to reach the destination host.

Thus, it is used in tracing and troubleshooting network problems.

Traceroute Command (1)

Traceroute Command for Windows

This CLI identifies the route to the destination by floating the ICMP (Internet control message protocol) echo request messages along the destination path in the network with TTL (Time to Live) field values.

Syntax: tracert {/d} {/h <maximumhops>} {/j <hostlist>} {/w <timeout>} {/R} {/S <src-address>} {/4}|{/6} <targetname>

Syntax Definitions:

/dBreaks the efforts to resolve the destination IP addresses of the intermediate hops to reach the destination router.
/h < maximumhops>Specify the number of hops in the pathway to reach the destination. The default value is 30.
/j < hostlist>This is used when using the IPV4 addressing scheme. The series of IP addresses can be defined here separated by space. The maximum limit of the number of hostnames is 9.
/w < timeout>Specify the time duration in milliseconds to wait for the ICMP Reply message in correspondent to the ICMP Request Echo message. The default value is 4 seconds.
/RIt indicates that the IPV6 addressing scheme is used.
/S < src-address>Specifies the source address of the ICMP echo request message. This is used only when IPV6 tracing is used.
/4Specifies that only IPV4 is used for trace.
/6Specifies that only IPV6 is used for trace.
< targetname>Specifies the destination address, can be denoted by IP address or hostname.
|Separate two parameters and choose one out of many given keyword parameters.

The above parameters also work for Windows 7, Windows 8, Windows Vista, and Windows 10. The parameter value varies depending upon the Windows. This is also known as the Traceroute command variations in parameters.


  • To trace the path with the destination hostname as www.google.com, use:

tracert www.google.com.

In the below screenshot we have used the tracert (traceroute command) on a Windows system to reach the path to www.google.com from the laptop.

On execution of the command, you can see the IP addresses or the hostname of several hops coming in between the source and destination. For each hop router, the traceroute will float three-time probes in milliseconds, which is the RTT to reach the router from the laptop.

destination hostname

  • To trace the path to the host – www.google.com without resolving each hop IP address, use:

tracert /d www.google.com

Refer to the below screenshot:

command promt

Traceroute Command for Linux

In the Linux system, install the traceroute if it is not by default installed on your PC. The traceroute command will execute the route to the host that the packet travels to reach the destination.

The syntax is as below:

traceroute [options] {host name | IP address}

Syntax Definition:

  • -4 option is used for IPV4.
  • -6 option is used for IPV6.
  • Hostname- The hostname of the destination.
  • IP address- IP address of the host.

To install the traceroute on the Linux system, use the following commands:

For Ubuntu or Debian using the following syntax:

$ sudo apt install traceroute -y

For openSUSE, SUSE Linux uses the following syntax:

$ sudo zypper in traceroute

So when we execute the above command into Linux, it will install the traceroute into the system and is ready for use to trace the route of the packets.

Example: To trace the path to the www.google.com, the command will be as below:

$ traceroute -4 google.com

The output is shown in the below screenshot:

$ traceroute -4 google.com

[image source]

Use of Traceroute Command

  • We can use this command in large networks like WAN networks, where several routers and switches are involved. It is used to trace the route to the IP packet or identify the hop where the packet is stopped.
  • The traceroute command will perform a DNS lookup of the IP addresses of the network to reach the destined route. It lists the ordered intermediate routers involved to reach the destination.
  • It displays the TTL (time to live) for each hop means the time taken by an IP packet to transverse from the source to the next intermediate router and then to the destination in the network.
  • It is also used as a network troubleshooting command to detect packet drops or errors in the network, as it will provide the IP address of the router where the packet drops are occurring.
  • It obtains the overall path that an IP packet travels in the network with the names of each device and router in the pathway.
  • It also determines the network transit delays of packets in the IP network.

How Does Traceroute Work

  • Before getting started with the working principle of the traceroute tool, let us familiarize ourselves with the basic terminologies needed in understanding the tool and command.
  • Each IP packet sent on the Internet has a TTL value header field inside it. If TTL is not injected into an IP packet, then the packet will flow in the network infinitely from one to another router and so on for search of the destination router.
  • The TTL value is first set by the source host and each time it reaches the next hop in the network, the router will decrement the TTL value by 1 before forwarding it to the next hop.
  • Thus, it works as a counter and when the TTL value becomes zero at any of the receiving hops then the packet will be discarded, and the router will inform the source host about this by using the ICMP time exceeded message.
  • Now let’s consider one example. Suppose from host 1 ( we direct the data packet to a destination, D1 ( The process is explained below with the help of four figures.
  • Now the primary IP packet sent by the source host will start with TTL=1. When Router 1 collects the IP packet, it will direct it to Router 2 but it will decrement the TTL value by 1. Now the TTL value is zero.

primary IP packet

  • Thus, the IP packet will be released and router 1 will revert to the source host 1 with the TTL exceeded ICMP message. Thus, the TTL will increment the TTL value by one and this time will again retransmit the packet with TTL value 2. This is explained in above figure 1.
  • Now Router 1 will forward the IP packet to Router 2 and the TTL value becomes 1 at Router 2. Now when router 2 forwards it to router 3, the value becomes zero. Thus, Router 2 will drop the packet and return the ICMP exceeded message to the source host. This is shown in figure 2 below:

ICMP exceeded message

  • Now the source host will again send the IP data packet but this time with a TTL value of 3.
  • Now Router 1 will decrement the value by one, so at Router 1, TTL= 2 and forward to Router 2. Router 2 will decrement the value by one, so the TTL value =1. Now Router 3 will drop the IP data packet as the TTL= 0 when it reaches here. This is shown in figure 3 as below:

Router 1

  • Now at last the source host will send the IP data packet again with the TTL value of 4. Each router will decrement the value by 1 and as it reaches the last hop it will send a reply to the ICMP reply message. This indicates that it has reached destination D1.
  • Now the source host has the information that the destination is reachable with all the pathway information. This is shown in figure 4 as below:

pathway information

Limitations of Trace Route

  • It determines the path over the interface level, not the router level.
  • Firewalls placed between the source and destination routers may stop the probe packets, which will result in the traceroute reaching the maximum hops without responding. When no response is received from the router, it will display * (asterisk) despite the hops IP address. Thus, in these cases, it is not recommended to use a traceroute.
  • Load balancing routers can use several paths based on IP headers to route the traffic. In this situation, if we use a traceroute then it will return an inaccurate path between source and destination. Thus, in this scenario also the traceroutes are not suggested to be used.

Common Traceroute Errors and Messages

Error SymbolFull FormDescription
*Time exceededIf the hop did not return the next hop value within the given time frame this error will be displayed. The time period by default is 2 seconds.
!AAdministratively DownThe access is blocked by the admin.
!HHost not availableWhen the target host is not responding.
!TTimeoutNo packet response is received back
!UPort unreachableThe target port is faulty
!NNetwork UnreachableThe network may be down or the link may get down

Frequently Asked Questions

Q #1) How the user can distinguish between Ping and Traceroute commands?

Answer: Ping is a command used to determine whether a specified server or host is reachable or not and the TTL to send and receive data. On the other hand, traceroute determines all the intermediate hops IP addresses and TTL to reach the desired destination.

Q #2) What is a hop in traceroute?

Answer: The drive between one server or router to another server in a network is known as hop. The amount of time taken to make a hop is mapped in milliseconds.

Q #3) What are the three times in traceroute?

Answer: The traceroute floats three packets to each of the hops. So, the three-time periods which are displayed in milliseconds are the round-trip time (RTT) implies the time taken by the IP packet to reach the hop and get back the response.

Q #4) Does the traceroute show all hops?

Answer: Traceroute will display a list of all the intermediate routers and switches an IP packet travels to reach the destination along with their IP addresses and TTL. But it will not give the details of all the hops available in the network.

Q #5) Doe’s switches are counted as hops?

Answer: Hop counts will only be considered for those devices that perform the routing. The switches which having in-built routing capabilities like L-3 and smart switches are thereby counted as hops.

Q #6) How to read the traceroute output columns?

Answer: It is having five columns. The first will display the hop number. The second, third, and fourth columns will display the RTT time in milliseconds. The last column will display the IP address or the hostname of the respective intermediate host. Thus, the traceroute columns display the network latency with the IP address of the hops.

Q #7) How to read the traceroute output rows?

Answer: Each row in the traceroute output command is distributed among five columns. There are multiple rows in each of the traceroute outputs. Each traceroute row will contain the hop name with the route.


In this tutorial, we have gone through the traceroute command syntax with the definition of the parameters used with the help of several screenshots and figures.

We have also made an understanding of how to use the command with its working principle of it. We have also answered some FAQs regarding the traceroute command.