How to Perform Traceroute in Linux (Installation, Commands & Examples)
Traceroute shows the network path (hops) between your Linux server and a destination host, along with the latency at each hop. It’s a quick way to pinpoint where slowness, routing breaks, or filtering begins, before you dig deeper with packet captures or provider tickets.
In this guide, you’ll learn how to run traceroute on Linux, interpret the output, and understand common results like timeouts.
What is Traceroute?
Traceroute is a diagnostic tool that traces the hop-by-hop route to a domain or IP address and measures round-trip time along the way. It sends probe packets and reports which routers respond at each step.
Use it when:
- A site or API endpoint feels slow
- A host is unreachable from your server
- You need to find where the latency spikes are
Here’s a breakdown of the output fields and how to read them:
| Column: | Example: | Meaning: |
| Hop number | 5 | Position of the router on the path |
| Hop address/hostname | 203.0.113.1 | Router that responded to the probe |
| Probe times | 12.4 ms / 12.6 ms / 12.5 ms | Round-trip time for each probe |
| * * * | Timeout | No response to a probe |
If you see *, it means that the probe didn’t get a reply. That’s often due to filtering or rate-limiting, not necessarily packet loss. The useful part is where the * begins or where latency jumps; those usually indicate the trouble spot.
See Also: How to Rename a Directory in Linux
How Traceroute Works
Traceroute works by sending probes with gradually increasing Time To Live (TTL) values. Each router decreases the TTL by 1. When the TTL reaches 0, that router drops the probe and replies, allowing traceroute to identify the hop and measure round-trip time. This repeats until the destination responds.
Common reply types you may see:
| Reply Type: | Source: | Meaning: |
| ICMP Time Exceeded | Intermediate router | Probe expired at this hop (normal during the trace) |
| ICMP Port Unreachable or TCP response | Destination host | The probe reached the destination |
| * (no reply) | Any hop | Filtered or rate-limited probe |
Note: A * doesn’t automatically prove packet loss. It often indicates filtering or control-plane protection.
See Also: How to Unzip Files in Linux
How to Install Traceroute in Linux
If your server and Linux distribution don’t have traceroute pre-installed, you need to manually install the tool yourself. It’s quite easy to install and verify it, but you might have to check the permissions before you can do so.
Here are the steps you need to undertake to install traceroute on Linux:
Step 1: Check Linux Distribution
The first step is to confirm the package manager on your Linux machine to identify the software distribution you’re currently using. This will avoid any installation issues due to incompatibility with your Linux version and prevent broken files.
First, you must run this command in the Terminal:
cat /etc/os-releaseThen, you must look for the ID field. It tells you whether the system uses apt or dnf. The value of ID will tell you which package manager your Linux uses.
Here are some examples:
- ID=ubuntu
- ID=debian
- ID=almalinux
- ID=rocky
- ID=centos
Systems like Ubuntu and Debian use apt. In turn, CentOS, AlmaLinux, and Rocky Linux use dnf, which will determine which traceroute installer you should get. Note your findings here.
See Also: How to Find Files on Linux with Find and Locate
Step 2: Install Traceroute Package
Once you know your distribution, install traceroute using the correct package manager. You need to use the Terminal and the following commands:
Ubuntu & Debian-based Systems
sudo apt updatesudo apt install tracerouteCentOS, AlmaLinux, Rocky Linux
sudo dnf install tracerouteFor Any Older CentOS Systems
sudo yum install tracerouteIf everything is successful, the traceroute package should now install on your system, and you will be ready to verify the installation.
Step 3: Verify Tracereoute installation
After installation, verify the traceroute binary exists on your system. Again, through the Terminal, you need to use this command:
which tracerouteThis command prints the full path to the traceroute executable. If it returns a path such as /usr/bin/traceroute, the binary is available in your shell environment.
Then test the command:
traceroute -n 8.8.8.8The -n flag disables reverse DNS lookups. This avoids delays caused by hostname resolution and gives you faster, cleaner output during troubleshooting.
If your system restricts raw socket access, the command may fail or return permission errors. In that case, run it with elevated privileges (as root):
sudo traceroute -n 8.8.8.8Note: Running traceroute with sudo allows the tool to open the network sockets needed to send low-level probe packets.
See Also: How to Automate Server Scripts on Linux Servers
How to Run & Use Basic Traceroute
Traceroute runs directly from your Linux shell. You only need a destination hostname or IP address. Always run it from the affected server, not from your local workstation. This ensures the route reflects the real production traffic path.
Traceroute Commands
To understand the full extent of the traceroute tool, we’ve prepared some of the most common commands, allowing you to tailor your experience.
Run a basic trace to a hostname:
traceroute google.comThis sends probe packets toward the target and prints every hop on the route. It will show you the exact network route, up to the very destination.
Trace to a specific IP address:
traceroute 8.8.8.8In the example above, (8.8.8.8) is Google’s DNS. You can use an IP when DNS resolution might fail or slow down the test. Again, it shows the exact path.
Run without reverse DNS lookups:
traceroute -n google.comThis avoids hostname lookups for hops. It reduces execution time and removes DNS-related noise from the output, keeping your network results clean.
Run a trace via ICMP instead of UDP:
traceroute -I google.comYou can use ICMP instead of UDP when intermediate firewalls block UDP probes or when standard traceroute returns only stars.
Run a TCP trace on a specific port:
traceroute -T -p 443 google.comThis tests the same path and filtering behavior used by HTTPS traffic. It will help when you troubleshoot application connectivity through strict firewalls.
Limit the number of tracing hops:
traceroute -m 15 google.comThis stops probing after 15 routers. It reduces noise when you only need to inspect the local or upstream network segment. It can narrow down specific issues.
Increase the total timeout per probe:
traceroute -w 2 google.comAs shown in the example above, now the trace will wait 2 seconds for each reply. This approach can really help with long-distance or congested links.
See Also: How to Block an IP Address with iptables
How to Stop Traceroute
When you start tracing, the traceroute will keep running until it reaches the destination or the maximum number of hops allowed. If you’re stuck in a loop or just want to cancel the currently ongoing trace, you can simply press “CTRL + C”.
This immediately terminates the running process and returns you to the shell.
If traceroute runs in the background or from another terminal, stop it by process ID.
First, find the process:
ps aux | grep tracerouteThen stop it:
kill <PID>You can use this method when a long-running trace floods the terminal, or you started it inside a remote session and need to terminate it cleanly.
See Also: Linux Server Hardening Checklist
When Traceroute is Not Enough
Traceroute only shows the network path and control plane response times. Sadly, it does not measure real packet loss, throughput, application-level delay, or long-term stability.
When you face intermittent problems, microbursts, or performance degradation without a clear routing break, you should combine traceroute with continuous tools such as ping, mtr, and packet capture to validate loss patterns and traffic behavior over time.
Traceroot Vs. Ping
We cannot really compare ping and traceroute effectively, because they both solve very distinct sets of troubleshooting problems. Ping confirms whether a host responds and how long a single round-trip takes, while traceroute shows the entire path and points where the delay comes from.
However, here is a feature-based comparison table:
| Feature: | Ping: | Traceroute: |
| Primary Purpose | Check reachability and basic latency to a target host. | Identify the full routing path and hop-by-hop latency. |
| Scope of Visibility | With Ping, you can only see the final destination. | Every router between the source and the destination. |
| Typical Output | There is a single latency value response per probe. | List of hops with latency for each router. |
| Best Use Case | Quick availability and response time check. | Locating routing breaks and congestion points. |
| Packet Loss Visibility | Ping shows the loss to the destination only. | Does not reliably measure real packet loss. |
| Path Analysis | Not available. | Core function. |
| Use in Escalation | With Ping, there is limited diagnostic value. | Strong evidence for upstream carrier issues. |
| Performance Impact | Minimal. | Slightly higher due to multiple probes per hop. |
In practice, start with ping to confirm reachability and basic latency. If the problem appears or persists, run traceroute to identify where along the network path the delay or failure begins.
Need Help Troubleshooting?
If traceroute points to a routing issue and you need deeper guidance, ServerMania’s knowledge base offers practical Linux and network troubleshooting guides built for real environments. If you are looking to optimize your infrastructure, we encourage you to check ServerMania’s dedicated servers and cloud servers (AraCloud) for more information.
If you have questions, get in touch with our 24/7 customer support or book a free consultation with Linux experts. 💬We’re available right now!
Was this page helpful?
About the author
