"Traceroute" -
See how your data moves
from your device to its destination

When a Client A wants to communicate with Server B, it does so by breaking its communication into standard Internet Protocol (IP) packets to be transmitted to Server B using the Transmission Control Protocol (TCP). Client A will typically begin by first asking a Domain Name Service (DNS) server for the IP address of Server B. Client A will then send IP packets containing Server B's IP address to its network gateway, which is often a router.

Multiple routers are normally used to route IP packets from the client to its desired server and back to the client. Router1 uses its forwarding tables to send the IP packets to Router 2. Router 2 and each subsequent router will use its own forwarding tables until the IP packet reaches Server B.

Traceroute uses the Time-to-Live (TTL) field of each IP packet. The Transmission Control Protocol (TCP) requires each router to decrement the TTL by 1. If the TTL then becomes 0, the router tells the client that transmission of the IP packet was terminated. Traceroute begins by sending three IP packets with TTL equal to 1. Router 1 will then decrement each of these three IP packets and send three IP packets back to the client with a "Time to live exceeded" message. The client will record the round trip times for all three IP packets with TTL equal to 1. The client will then send three IP packets with TTL equal to 2. Router 1 will decrement TTL to one and forward the three IP packets to Router 2, which will decrement each of these three IP packets to zero and send the client three "TTL exceeded" messages. This will continue for each router between the client and the server.

If all goes perfectly, the client will then have identified all the routers between the client and the server, with the typical transmission times for three round trips for each router. Unfortunately, firewalls, blocking, and network failures may result in fewer than three round trips for some routers. Lower priority routing for Traceroute packets may also result in round-trip times greater than that for standard traffic.

Who pays for all these routers? The client's ISP pays for connecting the client to every website on the internet. The website's ISP pays for connecting the website to all its clients. There are three tiers of IP Transit Providers. Tier 1 networks have global reach and peer with other Tier 1 networks, at zero cost. There are only about a dozen Tier 1 networks, including AT&T (11 on CAIDAAS, a rank of importance on the internet, U.S.), T-Mobile (22, U.S.), Verizon (21, U.S.), Lumen (1, U.S.), Arelion (2, Sweden), NTT Communications (4, GTT, Japan), Telecom Italia Sparkle (5, Italy), GTT (7, U.S.), Tata Communications (8, India), and Zavo Group (9, U.S.)

Tier 2 networks have to pay Tier 1 networks for IP transit and peer whenever they can with other Tier 2 networks at very low cost or no cost. Most last mile access network providers are Tier 2 networks. Examples are Vodafone (buys IP Transit from Level 3, Telia, et al, Comcast (buys from Tata and NTT America) and British Telecom (buys from Telia et al. Tier 2 networks include some data center providers such as Amazon.

Tier 3 networks are small, local providers with regional or national reach and buy IP transit from Tier 1 only when Tier 2 transit isn't available.

Traceroute can be used for diagnostic purposes. It shows how network traffic flows through routers. Each router's average route trip time and any missing round-trips helps identifies poor performance and bottlenecks. Traceroute can also be used to show network vulnerabilities. Companies frequently block or filter traceroute packets because attackers can use traceroute to map a target's network.

Below is the traceroute generated when a St. Louis Charter Spectrum subscriber entered the domain name "nepal.gov.np" using "traceroute" in Network Tools. To understand traceroutes, it helps to know the three parts of a domain name (see line 2 below): the top-level domain (TLD), e.g. "dot net"; the second-level domain, e.g. "trouble-free", and the subdomain, e.g. "switch74", . Domain names go from general to more specific when read from right to left. The top-level domain and the second-level domain, "trouble-free.net", specify the primary/root domain, which is usually a website that is identified by an IP address.

Typing "trouble-free.net" in the client will display the home page of "interserver.net". Entering "trouble-free.net" in the BlueWorldData pull-down menu "Network Tools" "DNS" shows a server IP address of "64.20.34.50". Entering "switch74.trouble-free.net" in the "Network Tools" "DNS" also shows a server IP address of "64.20.34.50" because server 64.20.34.50 will accept switch74.trouble-free.net packets and route them to switch 74. The IP address (66.45.224.2) that follows the subdomain name "switch74.trouble-free.net" in line 2 below is the IP address for switch74.trouble-free.net, but it can't be addressed directly for security reasons. Entering "http://66.45.224.2" in the chrome browser displays "66.45.224.2 refused to connect". Typing IP address "66.45.224.2" in the "Network Tools" "DNS" shows in-addr.arpa name = switch74.trouble.free.net."

The traceroute information for IP/domain nepal.gov.np
aceroute to nepal.gov.np (202.45.147.252), 30 hops max, 60 byte packets
1 208.73.203.193 (208.73.203.193) 0.324 ms 0.318 ms 0.333 ms
2 66.45.224.1 (66.45.224.1) 0.575 ms switch74.trouble-free.net (66.45.224.2) 0.535 ms 0.813 ms
3 64.20.32.179 (64.20.32.179) 0.474 ms 0.431 ms 64.20.32.209 (64.20.32.209) 0.680 ms
4 64.20.32.61 (64.20.32.61) 0.468 ms 0.455 ms 0.439 ms
5 100.xe-0-2-0.mpr2.ewr2.us.zip.zayo.com (64.125.43.13) 0.422 ms 0.417 ms 0.364 ms
6 * * be2273.ccr41.jfk02.atlas.cogentco.com (154.54.83.205) 1.141 ms
7 * * be2806.ccr41.dca01.atlas.cogentco.com (154.54.40.106) 7.173 ms
8 * be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 24.015 ms *
9 * be2687.ccr41.iah01.atlas.cogentco.com (154.54.28.70) 36.709 ms be2690.ccr42.iah01.atlas.cogentco.com (154.54.28.130) 36.964 ms
10 be2928.ccr21.elp01.atlas.cogentco.com (154.54.30.162) 52.973 ms * 52.598 ms
11 * be2930.ccr32.phx01.atlas.cogentco.com (154.54.42.77) 61.033 ms be2929.ccr31.phx01.atlas.cogentco.com (154.54.42.65) 61.009 ms
12 128.177.139.185.IDIA-241663-ZYO.zip.zayo.com (128.177.139.185) 60.605 ms be2932.ccr42.lax01.atlas.cogentco.com (154.54.45.162) 72.181 ms 72.230 ms
13 be3271.ccr41.lax04.atlas.cogentco.com (154.54.42.102) 72.395 ms * be3360.ccr41.lax04.atlas.cogentco.com (154.54.25.150) 72.375 ms
14 be3271.ccr41.lax01.atlas.cogentco.com (154.54.42.101) 301.521 ms be2913.ccr31.sin01.atlas.cogentco.com (154.54.27.53) 250.924 ms 125.17.159.10 (125.17.159.10) 257.346 ms
15 but.core-bhr.core.ntc.net.np (202.70.93.73) 277.191 ms 275.610 ms 277.995 ms
16 116.119.68.100 (116.119.68.100) 260.571 ms 116.119.94.196 (116.119.94.196) 282.608 ms ptn.core-but.core.ntc.net.np (202.70.93.110) 277.641 ms
17 125.17.159.10 (125.17.159.10) 263.967 ms 262.810 ms ptn.acc-ptn.core.ntc.net.np (202.70.93.95) 262.786 ms
18 but.core-bhr.core.ntc.net.np (202.70.93.73) 283.772 ms ptn.acc-ptn.ne.acc.ntc.net.np (202.70.93.100) 261.354 ms 263.927 ms
19 202.70.79.1 (202.70.79.1) 275.979 ms ptn.core-but.core.ntc.net.np (202.70.93.110) 282.871 ms 202.70.79.1 (202.70.79.1) 277.450 ms
20 sumo-147-242.nitc.gov.np (202.45.147.242) 278.677 ms 276.611 ms ptn.acc-ptn.core.ntc.net.np (202.70.93.95) 268.216 ms
21 * * ptn.acc-ptn.ne.acc.ntc.net.np (202.70.93.100) 270.411 ms
22 * 202.70.79.1 (202.70.79.1) 285.265 ms ptn.acc-ptn.core.ntc.net.np (202.70.93.95) 272.445 ms
23 * * sumo-147-242.nitc.gov.np (202.45.147.242) 283.078 ms
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *

Line 1 "208.73.203.193 (208.73.203.193) 0.324 ms 0.318 ms 0.333 ms"
Line 1 is the results from the client sending 3 packets to router #1 with TTI = 1. The first field is either a host name or in this case the IP address. (The host name can be the primary/root domain name or it can be a the name of a machine in the primary/root domain network.
Entering this IP address 208.72.203.193 in the "IP Lookup" yields the ISP domain name "interserver.net", which is a web hosting company. The second field in parenthesis is the IP address. The three "ms" times (milliseconds) were the elapsed times between the client sending each of the three IP packets with TTL = 1, and the client receiving the "TTL exceeded" message. Router #1 is also known as the first hop.

Line 2 "66.45.224.1 (66.45.224.1) 0.575 ms switch74.trouble-free.net (66.45.224.2) 0.535 ms 0.813 ms"
Line 2 shows that router #2 (second hop) for the first IP packet with TTL = 2 was 66.45.224.1, which "IP Lookup" says is another "interserver.net" router. However the second and third IP packets were sent to router 66.45.224.2. , which "IP Lookup" says is still another "interserver.net" router, with host name "switch74.trouble-free.net, which matches the name in line 2.

Line 6 "* * be2273.ccr41.jfk02.atlas.cogentco.com (154.54.83.205) 1.141 ms"
The first two asterisks of Line 6 tell us that no "TTL exceed" message was received by the client for the first and second IP packets sent to router #6 (sixth hop). The third packet did generate a "TTL exceed" message from a cogentco.com router. By googling, we learn that Cogent has fiber lit buildings and data centers.

Line 8 "* be2113.ccr42.atl01.atlas.cogentco.com (154.54.24.222) 24.015 ms *"
The first and second asterisks tell us the no "TTL exceed" message was received by the client for the first and third IP packets sent to router #8 (eighth hop).

Line 12 "128.177.139.185.IDIA-241663-ZYO.zip.zayo.com (128.177.139.185) 60.605 ms be2932.ccr42.lax01.atlas.cogentco.com (154.54.45.162) 72.181 ms 72.230 ms"
Line 12 incorporates the IP address as the first part of the host name ending in zip.zayo.com

Line 14 shows that the a dramatic increase in elapsed time