HomeWikiTroubleshootingHow to read a traceroute

33.6. How to read a traceroute

In this tutorial:



There are times when it seems your website may respond slowly. Slow response time may indicate a problem. Most just assume the server is overloaded and call their technical support. Many times, the support representative will ask for a ping and traceroute report. While we have instructions on running this report, it can seem rather cryptic when looking at it.

It doesn't take a degree or any kind of special training to decode a traceroute report. In fact, we will teach you how in this article. This way, if you ever have slow response from your site, you can run a report and quickly determine whether you need to contact our Live Support team.

How a Traceroute works

Whenever a computer connects to a website, it must travel a path that consists of several points, a little like connecting the dots between your computer and the website. The signal starts at your local router in your home or business, then moves out to your ISP, then onto the main networks. From there it may have several junctions until it gets off the Internet highway at the local network for the website and then to the webserver itself.

A traceroute displays the path that the signal took as it traveled around the Internet to the website. It also displays times which are the response times that occurred at each stop along the route. If there is a connection problem or latency connecting to a site, it will show up in these times. You will be able to identify which of the stops (also called 'hops') along the route is the culprit.


How to read a Traceroute

Once the traceroute is run, it generates the report as it goes along the route. Below is a sample traceroute:


C:\>tracert www.example.com
Tracing route to example.com []
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms
  2     *        *        *     Request timed out.
  3     2 ms     2 ms     2 ms  vbchtmnas9k02-t0-4-0-1.coxfiber.net []
  4    12 ms    13 ms     3 ms
  5     7 ms     7 ms     7 ms  chndbbr01-pos0202.rd.ph.cox.net []
  6    10 ms     8 ms     9 ms  ip10-167-150-2.at.at.cox.net []
  7    10 ms     9 ms    10 ms  100ge7-1.core1.nyc4.he.net []
  8    72 ms    84 ms    74 ms  10gr10-3.core1.lax1.he.net []
  9    76 ms    76 ms    90 ms  10g1-3.core1.lax2.he.net []
 10    81 ms    74 ms    74 ms
 11    72 ms    71 ms    72 ms  www.inmotionhosting.com []

As you can see, there are several rows divided into columns on the report. Each row represents a "hop" along the route. Think of it as a check-in point where the signal gets its next set of directions. Each row is divided into five columns. A sample row is below:

10    81 ms    74 ms    74 ms

Let's break this particular hop down into its parts.

Hop # RTT 1 RTT 2 RTT 3 Name/IP Address
10 81 ms 74 ms 74 ms

Hop Number - This is the first column and is simply the number of the hop along the route. In this case, it is the tenth hop.

RTT Columns - The next three columns display the round trip time (RTT) for your packet to reach that point and return to your computer. This is listed in milliseconds. There are three columns because the traceroute sends three separate signal packets. This is to display consistency, or a lack thereof, in the route.

Domain/IP column - The last column has the IP address of the router. If it is available, the domain name will also be listed.


Checking the hop times

The times listed in the RTT columns are the main thing you want to look at when evaluating a traceroute. Consistent times are what you are looking for. There may be specific hops with increased latency times but they may not indicate that there is an issue. You need to look at a pattern over the whole report. Times above 150ms are considered to be long for a trip within the continental United States. (Times over 150ms may be normal if the signal crosses an ocean, however.) but issues may show up with very large numbers.

Increasing latency towards the target

If you see a sudden increase in a hop and it keeps increasing to the destination (if it even gets there), then this indicates an issue starting at the hop with the increase. This may well cause packet loss where you will even see asterisks (*) in the report.

  1    10 ms     7 ms     9 ms
  2    78 ms   100 ms    32 ms  ip10-167-150-2.at.at.cox.net []
  3    78 ms    84 ms    75 ms  100ge7-1.core1.nyc4.he.net []
  4   782 ms   799 ms     * ms  10gr10-3.core1.lax1.he.net []
  5     * ms   899 ms   901 ms  10g1-3.core1.lax2.he.net []
  6   987 ms   954 ms   976 ms
  7  1002 ms  1011 ms   999 ms  www.inmotionhosting.com []

High latency in the middle but not at beginning or end

If the hop immediately after a long one drops back down, it simply means that the router at the long hop set the signal to a lower priority and does not have an issue. Patterns like this do not indicate an issue.

1  <1 ms     <1 ms       <1 ms
2  30 ms      7 ms       11 ms
3 200 ms    210 ms      189 ms
4 111 ms     98 ms      101 ms ip10-167-150-2.at.at.cox.net []
5  99 ms    100 ms       98 ms

High latency in the middle that remains consistent

If you see a hop jump but remain consistent throughout the rest of the report, this does not indicate an issue.

1  <1 ms     <1 ms       <1 ms
2  30 ms      7 ms       11 ms
3  93 ms     95 ms       92 ms
4  95 ms     99 ms      101 ms ip10-167-150-2.at.at.cox.net []
5  99 ms    100 ms       98 ms 100ge7-1.core1.nyc4.he.net []
6  95 ms     95 ms       95 ms 10g1-3.core1.lax2.he.net []
7  95 ms     96 ms       94 ms]

High latency in the beginning hops

Seeing reported latency in the first few hops indicates a possible issue on the local network level. You will want to work with your local network administrator to verify and fix it.

Timeouts at the beginning of the report

If you have timeouts at the very beginning of the report, say within the first one or two hops, but the rest of the report runs, do not worry. This is perfectly normal as the device responsible likely does not respond to traceroute requests.

Timeouts at the very end of the report

Timeouts at the end may occur for a number of reasons. Not all of them indicate an issue, however.

The target's firewall may be blocking requests. The target is still most probably reachable with a normal HTTP request, however. This should not affect normal connection.
The return path may have an issue from the destination point. This would mean the signal is still reaching, but just not getting the return signal back to your computer. This should not affect normal connection.
Possible connection problem at the target. This will affect the connection.

Do I need to contact my hosting company?

Once you have found a hop that seems to have an issue, you can identify its location and determine where the issue lies. It may be within your network, your ISP, somewhere along the route, or within your hosting provider's domain.

The first hop is within your own network. The next hop is your ISP. The last couple of hops are likely within your hosting providers' domain and control, so if the issue is there, they may be able to fix it for you. If it is anywhere prior to that, the issue is simply along the route and is within neither your nor your hosting provider's control.

This article was taken from : http://www.inmotionhosting.com/support/website/how-to/read-traceroute


Knowledge Tags

This page was: Helpful | Not Helpful