How to use tracing to find out about network problems in Linux

Tracing is a command line tool that comes pre-installed with Linux and several other operating systems. Understanding the trace and ping command is a must if you want to understand issues such as packet loss and high latency.

If there is a problem connecting to the IP / website, a trace can show us where the problem is. This gives a list of all routing of all packets between your computer and the web server. This will help you ensure that the routing across the networks is correct and quickly determine if you need to contact the support team.

How Traceroute works

When connecting to a website, the traffic must go through several intermediaries before reaching the website. It goes through the local router, ISP routers, routes large networks to their final destination.

This tool shows you the path that traffic is required to reach your website. It also displays every delay that happens at every stop. If there are problems reaching the site while a particular website is working properly, there may be a problem in the path between the computer and the website’s servers. This tool will show you where the problem is. Since requests Traceroute depends on responses to ICMP requests, some hops on the route may drop in favor of higher priority network traffic.

How to use Traceroute

Tracing can be started from a terminal window or from the command line. Run the trace command with the website address. For example, if you wanted to start tracing on Andreyex, you would run the command:


Note: On Linux or Mac, the command traceroute is a traceback. In the Windows operating system, this tracert


If you are using tracing for another website hosted in a different region of the world, you can see how the paths differ.

The first “hops” is the same when traffic reaches your ISP, and then the packets go over other networks.



The following command makes a trace to the site of the search engine If using arguments -T -p 80 -n runs TCP based traces on port 80 and returns IP addresses rather than host names.

[[email protected] /]# traceroute -T -p 80 -n                                                                                                      
traceroute to (, 30 hops max, 60 byte packets                                                                                        
 1  0.451 ms  0.377 ms  0.362 ms                                                                                                              
 2  0.331 ms  0.308 ms  0.303 ms                                                                                                               
 3  0.930 ms  0.930 ms  0.963 ms                                                                                                            
 4  3.482 ms  4.127 ms  3.387 ms                                                                                                              
 5  42.274 ms  39.820 ms  42.468 ms                                                                                                           
 6  42.039 ms  48.948 ms  48.893 ms                                                                                                          
 7  46.983 ms  41.180 ms  40.193 ms                                                                                                           
 8  40.308 ms  42.608 ms  39.949 ms

Understanding the findings

The first line shows your home router (if you have a router), the next lines represent your ISP, and further down each line represents your router, and so on.

The format of each line is as follows:

Hop RTT1 RTT2 RTT3 Domain Name [IP Address]

Here’s what each field means:

  • Hop Number: Every time a packet is sent between routers, it is called a “hop”. As in the above results, for example, you can see that it takes 8 hops to reach the servers from our current location.
  • RTT1, RTT2, RTT3: This is the rounded travel time (RTT) it takes for your packet to reach this point and return to your computer (in milliseconds). This is often referred to as latency, and is the same number you see when using ping. The trace sends three packets on each transit and displays each time, so you can see how consistent or inconsistent the latency is. If you see
  • in some of the columns, it means that you have not received a response and indicates packet loss. [IP Address]Domain Name

A: If possible, a domain name can often show you the location of a router. If this is not available, you will only see the IP address of the router.

With a traceback, you can get an idea of ​​which servers are in your path to a specific domain or which IP address is causing the problem. You should now be able to use tracert command

and understand its conclusion.