Networking / Beginners

Using the tracert Command

The tracert command (spelled traceroute in Unix/Linux implementations) is one of the key diagnostic tools for TCP/IP. It displays a list of all the routers that a packet must go through to get from the computer where tracert is run to any other computer on the Internet. Each one of these routers is called a hop, presumably because the original designers of the IP protocol played a lot of hopscotch when they were young. If you can't connect to another computer, you can use tracert to find out exactly where the problem is occurring.

tracert makes three attempts to contact the router at each hop and displays the response time for each of these attempts. Then, it displays the DNS name of the router (if available) and the router's IP address.

To use tracert, type the tracert command followed by the host name of the computer to which you want to trace the route. For example, suppose that you're having trouble sending mail to a recipient at abc.com. You've used nslookup to determine that the mail server for abc.com is xmail. abc.com, so now you can use tracert to trace the routers along the path from your computer to xmail.abc.com:

C:\>tracert xmail.abc.com
Tracing route to xmail.abc.com [208.215.179.78]
over a maximum of 30 hops:
1  27  ms 14  ms 10 ms 10.242.144.1
2  11  ms 43  ms 10 ms bar01-p5-0-0.frsnhe4.ca.attbb.net [24.130.64.125]
3  9   ms 14  ms 12 ms bar01-p4-0-0.frsnhe1.ca.attbb.net [24.130.0.5]
4  25  ms 30  ms 29 ms bic01-p6-0.elsgrdc1.ca.attbb.net [24.130.0.49]
5  25  ms 29  ms 43 ms bic02-d4-0.elsgrdc1.ca.attbb.net [24.130.0.162]
6  21  ms 19  ms 20 ms bar01-p2-0.lsanhe4.ca.attbb.net [24.130.0.197]
7  37  ms 38  ms 19 ms bic01-p2-0.lsanhe3.ca.attbb.net [24.130.0.193]
8  20  ms 22  ms 21 ms 12.119.9.5
9  21  ms 21  ms 22 ms tbr2-p012702.la2ca.ip.att.net [12.123.199.241]
10 71  ms 101 ms 62 ms tbr2-p013801.sl9mo.ip.att.net [12.122.10.13]
11 68  ms 77  ms 71 ms tbr1-p012401.sl9mo.ip.att.net [12.122.9.141]
12 79  ms 81  ms 83 ms tbr1-cl4.wswdc.ip.att.net [12.122.10.29]
13 83  ms 107 ms 103ms tbr1-p012201.n54ny.ip.att.net [12.122.10.17]
14 106 ms 85  ms 105ms gbr6-p30.n54ny.ip.att.net [12.122.11.14]
15 104 ms 96  ms 88 ms gar3-p370.n54ny.ip.att.net [12.123.1.189]
16 98  ms 86  ms 83 ms 12.125.50.162
17 85  ms 90  ms 87 ms xmail.abc.com [208.215.179.78]
Trace complete.

when send mail to my editors at abc, the mail travels through 17 routers along the way.

The most likely problem that you'll encounter when you use tracert is a timeout during one of the hops. Timeouts are indicated by asterisks where you'd expect to see a time. For example, the following tracert output shows the fourth hop timing out on all three attempts:

C:\>tracert xmail.abc.com
Tracing route to xmail.abc.com [208.215.179.78]
over a maximum of 30 hops:
1   27 ms  14 ms   10 ms   10.242.144.1
2   11 ms  43 ms   10 ms   bar01-p5-0-0.frsnhe4.ca.attbb.net
                           [24.130.64.125]
3   9  ms  14 ms   12 ms   bar01-p4-0-0.frsnhe1.ca.attbb.net
                           [24.130.0.5]
4   *      *       *       Request timed out.

Sometimes, timeouts are caused by temporary problems, so you should try the tracert again to see if the problem persists. If you keep getting timeouts at the same router, the router could be having a genuine problem.

How to work

Understanding how tracert works can provide some insight that may help you to interpret the results it provides. Plus, you can use this knowledge to impress your friends, who probably don't know how it works.

The key to tracert is a field that's a standard part of all IP packets called TTL, which stands for Time to Live. In most other circumstances, a value called TTL would be a time value - not in IP packets, however. In an IP packet, the TTL value indicates how many routers a packet can travel through on its way to its destination. Every time a router forwards an IP packet, it subtracts one from the packet's TTL value. When the TTL value reaches zero, the router refuses to forward the packet.

The tracert command sends a series of special messages called ICMP Echo Requests to the destination computer. The first time it sends this message, it sets the TTL value of the packet to 1. When the packet arrives at the first router along the path to the destination, that router subtracts one from the TTL value, sees that the TTL value has become 0, so it sends a Time Exceeded message back to the original host. When the tracert command receives this Time Exceeded message, it extracts the IP address of the router from it, calculates the time it took for the message to return, and displays the first hop.

Then the tracert command sends another Echo Request message: this time, with the TTL value set to 2. This message goes through the first router to the second router, which sees that the TTL value has been decremented to 0 and then sends back a Time Exceeded message. When tracert receives the Time Exceeded message from the second router, it displays the line for the second hop. This process continues, each time with a greater TTL value, until the Echo Request finally reaches the destination.

(Note that the Unix/Linux traceroute command uses a slightly different set of TCP/ IP messages and responses to accomplish the same result.)

[Previous] [Contents]

In this tutorial:

  1. TCP/IP Tools and Commands
  2. Using the arp Command
  3. Using the hostname Command
  4. Renewing an IP lease
  5. Using the nbtstat Command
  6. Using the netdiag Utility
  7. Using the netstat Command
  8. Using the nslookup Command
  9. Displaying DNS records
  10. DNS-Land
  11. Using the pathping Command
  12. Using the ping Command
  13. Using the route Command
  14. Using the tracert Command