Understanding Traceroute Timeouts: What “***” Means and How to Interpret Hop Counts


6 views

When you see * * * in traceroute results (like in your example from hop 7 onward), it indicates that:

  • The probe packets timed out (no response received)
  • The intermediate router didn't send back ICMP "Time Exceeded" messages
  • Possible firewall blocking ICMP responses

Not necessarily. The 30-hop limit is traceroute's default maximum:

# Common traceroute defaults
$ traceroute -m 30 211.140.5.120  # Linux
$ tracert -h 30 211.140.5.120     # Windows

Here's how to analyze your specific output:

 7  * * *   # First timeout - could be firewall
 8  * * *   # Consistent timeouts suggest filtering
...
30  * * *   # Never reached destination

Try these alternative approaches:

# Use TCP SYN probes instead of ICMP
$ traceroute -T -p 80 211.140.5.120

# Increase maximum hops
$ traceroute -m 40 211.140.5.120

# Use UDP probes (default on Linux)
$ traceroute -U 211.140.5.120

Patterns that indicate real problems:

  • Timeouts start early (before hop 5)
  • Intermittent timeouts mixed with responses
  • Final destination shows asterisks (never reached)

When traceroute fails, consider:

# Using mtr (combines traceroute + ping)
$ mtr 211.140.5.120

# Paris-traceroute (avoids load balancing issues)
$ paris-traceroute 211.140.5.120

When you see * * * in traceroute results (like hops 7-30 in your example), it indicates one of three scenarios:

1. The router actively blocks ICMP/UDP responses (common in enterprise networks)
2. The probe packets were lost in transit
3. The response exceeded the timeout threshold (default 5 sec in most implementations)

Modern network equipment often implements:

# Example Linux traceroute command with adjusted parameters
traceroute -n -w 3 -q 2 -m 15 211.140.5.120

# Common response patterns:
# Successful hop: 141.1.31.2  0.397 ms  0.380 ms  0.366 ms
# Filtered hop: * * *
# Partial response: 142.11.124.193  1.315 ms * *

The 30 hops in your output don't necessarily mean there are actually 30 physical devices between you and the target. Key points:

  • Most traceroute implementations default to 30 hops max
  • The actual path might be shorter (your trace shows responses stop at hop 6)
  • Some hops might be virtual interfaces on the same physical device

When troubleshooting "* * *" patterns:

# Windows (PowerShell):
Test-NetConnection -TraceRoute 211.140.5.120 -Hops 40

# Linux alternative with TCP probes (bypasses ICMP blocks):
sudo traceroute -T -p 80 211.140.5.120

# macOS with detailed timing:
traceroute -w 2 -q 1 -m 20 211.140.5.120

Network engineers typically consider consecutive timeouts after previously successful hops as strong evidence of filtering rather than path length.