Understanding Traceroute Output: Decoding the Three Response Time Columns for Network Diagnostics


2 views

When you run a traceroute command (or tracert on Windows), each hop in the path displays three crucial time measurements. Here's the anatomy of a typical line:

5  105.ATM6-0.TR2.DFW4.ALTER.NET (146.188.136.245)  49.105 ms  49.921 ms  47.371 ms

Each of the three time values represents:

  1. First value: Round-trip time (RTT) for the first probe packet
  2. Second value: RTT for the second probe packet
  3. Third value: RTT for the third probe packet

The triple measurement serves important diagnostic purposes:

# Example showing network variability
14  ae-3-80.edge3.SanJose1.Level3.net (4.69.152.77)  74.12 ms  74.56 ms  118.43 ms

The third measurement's higher latency could indicate:

  • Network congestion during that probe
  • Route changes mid-trace
  • Quality of Service prioritization

Consider these real-world scenarios:

# Consistent low latency (good connection)
3  10.1.2.1  2.1 ms  2.3 ms  2.2 ms

# High but consistent latency (likely geographical distance)
7  203.12.160.45  148 ms  149 ms  148 ms

# Inconsistent latency (potential network issues)
12  border-router.isp.com  45 ms  312 ms  48 ms

For network engineers, these patterns reveal valuable information:

# Calculating average latency
def calculate_avg_rtt(line):
    times = [float(t.replace('ms','')) for t in line.split()[-3:]]
    return sum(times)/3

# Sample output analysis
print(calculate_avg_rtt("8  192.168.1.1  10 ms  15 ms  12 ms"))  # Output: 12.333

Key things to look for:

  • Sudden latency spikes between hops
  • Packet loss (missing time values)
  • Consistent patterns across multiple traces

When analyzing problematic routes:

# Problematic trace example
9  * * *
10 206.66.12.202  174.853 ms  163.945 ms  147.501 ms

The asterisks indicate packet loss at hop 9, while hop 10 responds normally - suggesting the issue is specifically at hop 9's equipment.

Each line in traceroute output represents a network hop and contains three crucial measurements:

1  rbrt3 (208.225.64.50)  4.867 ms  4.893 ms  3.449 ms

The three time values represent:

  • Round-trip time (RTT) measurements: Milliseconds for packets to reach the hop and return
  • Three separate probes: By default, traceroute sends three UDP packets per TTL
  • Variations show network conditions: Differences indicate potential latency issues

Let's examine the components in detail:

Hop#  Hostname (IP)      Probe1   Probe2   Probe3
 5    105.ATM6-0.TR2.DFW4.ALTER.NET  49.105 ms  49.921 ms  47.371 ms

When analyzing these columns:

# Significant variation example (potential issue):
7  194.ATM9-0-0.GW1.DFW1.ALTER.NET  47.886 ms  147.380 ms  50.690 ms

# Stable connection example:
3  113.ATM3-0.XR2.EWR1.ALTER.NET  6.323 ms  6.123 ms  7.011 ms

For programmers needing more control:

# Linux: Adjust number of probes
traceroute -q 5 example.com  # 5 probes per hop

# Windows: 
tracert -h 30 -w 1000 example.com  # 30 hops, 1000ms timeout

# Parse traceroute output programmatically (Python example):
import re
traceroute_output = "1  rbrt3 (208.225.64.50)  4.867 ms  4.893 ms  3.449 ms"
match = re.search(r'$([\d\.]+)$\s+([\d\.]+)\s+ms\s+([\d\.]+)\s+ms\s+([\d\.]+)\s+ms', traceroute_output)
if match:
    ip, rtt1, rtt2, rtt3 = match.groups()
    avg_rtt = (float(rtt1) + float(rtt2) + float(rtt3)) / 3
  • * * *: All probes timed out (firewall blocking ICMP/UDP)
  • Sudden latency spikes: Possible network congestion
  • Gradual increases: Geographic distance or slower links

When debugging network issues:

# Compare with MTR (My Traceroute) for continuous monitoring
mtr --report example.com

# Check for packet loss:
traceroute -z 0.5 example.com  # 0.5 second wait between probes