Networks are built by routing packets from point A to point B to point C. Each packet takes a route from a source to a destination. In Windows 10, you can use a handy traceroute utility called tracert to track down what’s happening.
In this article, you are going to learn all about the traceroute (tracert) command in Windows 10. You’ll learn about its purpose, various switches, and how to interpret the information it provides. By the end of this article, you’ll have the knowledge to leverage this tool to its fullest potential!
Related: How to Use Traceroute in Linux
Table of Contents
How Does Traceroute/Tracert Work?
In Windows 10 (and all other OSes), traceroute’s primary purpose is to detect the route a packet takes when traversing a network. It does this using error messages to collect information about various routers the packet runs into along the way.
Tracert takes advantage of the Time-to-Live (TTL) field in IP packet headers. TTL limits the life of a packet, preventing them from staying on the network. This is important should a path fail or a routing loop exists.
As a packet reaches a router, it’s TTL value decreases until it reaches 0. When a packet’s TTL gets to 0, a router discards the packet and returns an
ICMP_TIME_EXCEEDED message back to the packet where the packet originated from.
Tracert unlike its Linux cousin traceroute, uses UDP to send out probing packets vs ICMP echo requests.
When the traceroute command sends out a packet to find the path it takes, it alters the TTL field of the packet. Using information from the resulting error messages, traceroute can then piece together and discover the path a packet takes across a network.
We’ve already mentioned a few terms but you’ll learn a few more as you read through this article. Let’s cover more of the important terms first.
- Host – A host is a computer or device from which you are running the Traceroute tool. This can be Windows or Linux PC, or a Cisco IOS device.
- Router – A device that forwards or routes packets from network to network through various interfaces.
- Hop – A hop is a router along a network path. Think of a routed packet as ‘hopping’ from one router interface to another as it traverses a network.
- Route – A route is a path between a host and each router interface. A route can be different each time the traceroute tool. This is because of routing protocols and rules that could direct traffic to different interfaces.
- Path – A path is a route taken by a packet traveling from one host to another.
A Demo of Traceroute in Windows 10
Perhaps you’ve found yourself troubleshooting a network issue for an application that you manage. After looking at some log files, you see that requests that the application is making from a remote server are taking longer than normal or dropping packets entirely. This is a perfect scenario to use Windows 10’s traceroute utility, tracert.
Open up a command prompt (cmd.exe) or Windows PowerShell console. All examples you’ll see in this section will use Windows PowerShell v5.1.
Let’s first get acquainted with and learn how this tracert utility works in Windows 10. This command-line utility provides a handy way for you to see all of the options you have to run it by running
In the following code snippet, you can see that
tracert has a few different options to configure its behavior. The Windows 10 traceroute utility
tracert doesn’t contain many options like it’s Linux cousin.
If you type
tracert -?, you will see all of the options the command has.
Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name Options: -d Do not resolve addresses to hostnames. -h maximum_hops Maximum number of hops to search for target. -j host-list Loose source route along host-list (IPv4-only). -w timeout Wait timeout milliseconds for each reply. -R Trace round-trip path (IPv6-only). -S srcaddr Source address to use (IPv6-only). -4 Force using IPv4. -6 Force using IPv6.
You will likely use only one or two of these options at most while doing everyday troubleshooting. In this particular scenario described, you can use
tracert followed by the IP address or fully-qualified domain name (FQDN) of the target server.
Traceroute: By Example
Let’s assume your application has to reach www.google.com. To trace the application’s path to www.google.com, you’d simply provide the address as the first argument to traceroute in Windows 10 (tracert).
In the following demonstration, you can see the path a packet from the example host takes to get there traversing 11 routers.
Now let’s examine the output and then cover the results below.
Tracing route to www.google.com [126.96.36.199] over a maximum of 30 hops: 1 1 ms 4 ms 1 ms www.routerlogin.com [192.168.1.1] 2 56 ms 11 ms 12 ms 188.8.131.52 3 65 ms 468 ms 29 ms agg63.vnwrohbt01h.midwest.rr.com [184.108.40.206] 4 61 ms 22 ms 21 ms agg59.clmkohpe02r.midwest.rr.com [220.127.116.11] 5 508 ms 23 ms 29 ms be27.clmkohpe01r.midwest.rr.com [18.104.22.168] 6 73 ms 41 ms 31 ms bu-ether31-vinnva0510w-bcr00.tbone.rr.com [22.214.171.124] 7 76 ms 33 ms 37 ms 126.96.36.199 8 382 ms 29 ms 36 ms 188.8.131.52 9 75 ms 32 ms 37 ms 184.108.40.206 10 * 1320 ms 29 ms 220.127.116.11 11 28 ms 27 ms 27 ms ord37s08-in-f4.1e100.net [18.104.22.168] Trace complete.
There are five columns of data in the output. Starting left to right:
- Column 1 (hop count) – There are 11 hops in this route. Keep in mind that you could run this same command again, and get different output. This is expected as you could be routed to a different interface on a router or an entirely different router altogether.
- Columns 2-4 (ICMP (ping) packet round trip times) – These times are measured in milliseconds. You should recall that these packets also contain the TTL that causes the router to generate an error that contains information used by the tracert command.
5-30ms response times are considered a good high-speed hop response time. Most commonly, you’ll see times between 35-60ms. When you begin to see times of 60ms+, that may be indicative of a delay.
- Column 5 (hostname or IP address) – This item returned by the router in the path. Sometimes if a router is configured to not respond or is not reachable for whatever reason, you will see an
*here instead. By default,
tracertattempts to perform a reverse DNS lookup on each router IP address. This is how you see DNS names here instead of the IP address.
You can speed up
tracertslightly if you forego name resolution using the
-dswitch. This option will prevent hostname resolution and will just return IP addresses only.
With this output, you now have the basic information that will be useful in troubleshooting network latency or routing issues. You have time measurement, IP address(s) and or FQDN(s) for a router to investigate.
The traceroute utility in Windows 10 is a tried and true, handy, command-line network utility. We didn’t cover each parameter for each command in this article but we did cover many of the most useful ones.
If you want to learn more about the inner-workings of traceroute in Windows, check out the tracert Microsoft documentation.
More from Adam The Automator & Friends
Find out how many of your Active Directory users are using leaked passwords by running a free read-only scan with Specops Password Auditor.
Do more with PowerShell and transform your Code to Self Service with au2mator Self Service Portal
Why not write on a platform with an existing audience and share your knowledge with the world?