When you ping a server, it only tells you how long it took to get a reply — not the route your data actually took to get there. To see the journey your packets make across the internet, you need a network diagnostic tool called Traceroute.
Traceroute is like turning on a light in a dark tunnel.
Instead of just checking if a destination is reachable, it shows every step along the path, revealing which routers and networks your data passes through on its way.
Those routers are often owned by different carriers and data centres.
By seeing the full route, you can tell whether a delay is happening inside your own network, your ISP’s backbone, or somewhere halfway across the world.
To understand how Traceroute works, we need to peek inside a data packet.
Every IP packet has two main parts:
It’s a bit like sending a letter: the header is the address on the envelope, and the payload is the message inside.
Within that header are two fields that matter most for Traceroute:
TTL is a number that limits how many hops (or router-to-router steps) a packet can take across the internet.
By default, a packet is set with a high enough number that it could reach anywhere on the Internet. Each time a packet passes through a router, that number is reduced by one.
If it were to reach zero, that router would discards the packet — a built-in safety feature that prevents data from looping endlessly if something goes wrong.
This behaviour is precisely what Traceroute takes advantage of.
Traceroute works by sending packets with deliberately low TTL values and watching what happens when they expire.
The first packet is sent with a TTL of 1.
As soon as it reaches the first router, the TTL drops to zero, and the router discards the packet.
It also sends back a small message saying "Time Exceeded" — effectively a polite "I got it, but I couldn’t deliver it."
Traceroute measures how long that round trip took, records the router’s address, and then sends another packet — this time with a TTL of 2.
That second packet makes it past the first router, but expires at the second one, triggering another "Time Exceeded" reply.
Traceroute repeats this process, increasing the TTL by one each time, gradually mapping out the route hop by hop.
When the packet finally reaches the destination, instead of a "Time Exceeded," it receives an actual reply — marking the end of the path.
The result is a list of routers, each line showing:
A typical Traceroute might look like this (simplified example):
> Traceroute example.com
Tracing route to example.com over a maximum of 64 hops:
1 <1 ms 192.168.1.1
2 6 ms 198.51.100.27
3 8 ms lon1.core.net
4 12 ms [lon2.transit.net
5 73 ms yc1.transit.net
6 78 ms nyc2.datacentre.net
7 79 ms example.com
Trace complete.
Each line represents one step along the journey.
The increasing times reflect the growing physical distance and processing delays between routers.
If you notice a sudden jump in latency (for example, from 8 ms to 74 ms), it usually marks where traffic leaves your local region — such as crossing an ocean or carrier boundary.
It’s important to remember that Traceroute shows only a single moment in time.
Network routes can shift from second to second as traffic is rerouted, congestion changes, or failovers occur.
For a clearer, ongoing view, tools like MTR (My Traceroute) combine ping and traceroute into a continuous stream — showing how latency and paths fluctuate in real time.
Despite its age, Traceroute remains one of the most useful network diagnostics available.
It answers questions that ping alone can’t:
Whether you’re troubleshooting a slow VPN, checking connectivity between offices, or simply curious about how data moves across the internet, Traceroute gives you a clear window into what’s really happening behind the scenes.
For more information, visit our home page or contact us with your questions.