FREE · NO ACCOUNT REQUIRED

Free online traceroute — visualize every network hop, latency, and ASN on the path to any host.

Traceroute Online traces the path of packets from our infrastructure to your target host, hop by hop. For each hop it captures the IP, hostname (PTR), round-trip time, ASN, organization, and approximate geographic location. Visualizes the route on a world map and presents the hops as a latency chart so you can see exactly where packets slow down, drop, or take an unexpected detour. Better than the raw `traceroute` command output — same data, infinitely more readable.

01 · OVERVIEW

What gets traced

Six independent classes of output per traceroute. The hop list and latencies are the standard output; the per-hop ASN/org enrichment, the geographic map, and the path-anomaly detection are what make this more useful than a raw command-line traceroute.

Hop-by-hop IP and PTR (Every router on path)

Each hop reveals the router IP that decremented the TTL plus its reverse-DNS hostname where set. PTR records often encode the carrier and city (`ae-3.r03.lsanca07.us.bb.gin.ntt.net` → NTT, Los Angeles). Hops without PTR are usually privately-administered routers or backbone equipment with no reverse-DNS.

Per-hop round-trip time (Three probes per hop)

Three TTL-incremented probes per hop, averaged. Surfaces jitter (high variance between the three) and helps distinguish 'always slow' (consistent high latency) from 'sometimes slow' (some probes time out). Median is the headline number; min/max captured for detail.

ASN and organization enrichment (Per hop)

Each hop's IP resolved to its AS number and the operator's name. You see exactly when packets transition between networks — your ISP → tier-1 transit → destination CDN. AS-path changes are often the most informative part of a trace.

Geographic mapping (City-level)

Each hop geolocated to a city. Visualized on a world map. Surfaces the absolute path length (some 'short' traces actually loop through three continents) and identifies physical-distance latency that can't be optimized away.

Path-anomaly detection (Loops · drops · re-routes)

Detects routing loops (the same hop appearing more than once), persistent packet loss at a specific hop, asymmetric routing (the path varies between consecutive probes), and ICMP-rate-limited hops (stars for some probes, not others). Each anomaly is flagged with the likely cause.

Latency breakdown by hop type (Local · transit · peering)

Categorizes latency by the network layer where it accumulates. First few hops = your local network and ISP. Middle hops = transit / backbone. Final hops = destination ISP / CDN. Knowing where the latency happens tells you whether you can do anything about it.

02 · WHY THIS MATTERS

Why a traceroute is the first diagnostic for any 'why is it slow?' question

Network issues hide behind generic 'slow' or 'flaky' symptoms. Traceroute is the single most informative cheap diagnostic — it tells you whether the problem is local, in transit, or at the destination, and approximately where. Five reasons it matters:

  • Latency has geography Speed of light in fiber is about 200,000 km/s. Singapore to New York minimum is around 200ms even with perfect routing. Many 'slow' connections are simply distant; a traceroute makes the geography visible — if your packets hop through Europe en route from US-East to US-West, that's a routing inefficiency you can ask your provider to fix.
  • Packet loss isolates to specific hops A flaky connection isn't 'flaky everywhere' — packets are usually being dropped at one specific hop. Traceroute exposes which one. If the loss is consistently at hop 6 (your ISP's edge router), they need to fix it. If at hop 12 (a transit carrier you don't pay), they need to fix it. Either way, you have evidence to escalate.
  • BGP misconfigurations show up as path anomalies Traffic that should go your-ISP → tier-1 → CDN suddenly goes your-ISP → tier-1 → tier-2 → wrong-continent → tier-1 → CDN. A traceroute makes this visible — and is the data your ISP needs to file a route correction with their upstream.
  • DDoS and traffic-engineering visibility During a DDoS attack, traffic is often re-routed through scrubbing infrastructure. A traceroute that suddenly hops through a different AS than yesterday is signal. Also useful in reverse: verifying your DDoS protection is actually in the path.
  • Customer-reported 'slow' becomes actionable Customer says your service is slow from their country. Without traceroute, you have one data point and no insight. With traceroute from their region, you have a hop-by-hop latency profile that either confirms a network issue or rules it out — and points you at the application layer instead.
03 · HOW IT WORKS

Send packets with low TTL, watch each router respond

Traceroute exploits IP's TTL field. Each router decrements TTL by 1; when TTL reaches 0, the router drops the packet and sends back an ICMP Time Exceeded. By sending packets with TTL=1, then TTL=2, and so on, we collect a response from each router on the path.

  • Stage 1 — Send probe with TTL=1 First probe has TTL=1. The first router on the path decrements it to 0 and returns ICMP Time Exceeded. The source IP of that ICMP is hop 1. Record IP, response time, and continue.
  • Stage 2 — Increment TTL, repeat Probe 2 has TTL=2, gets responded to by the second router. Probe 3 has TTL=3, third router. Continue until the destination is reached (responds with ICMP Echo Reply or TCP RST/SYN-ACK) or max-TTL (30 by default) is exceeded.
  • Stage 3 — Three probes per hop Send three probes at each TTL. Routers can ICMP-rate-limit (so one probe out of three may time out even on a working hop), and asymmetric paths can yield different IPs for different probes. Three probes per hop gives a reasonable median.
  • Stage 4 — Resolve each hop's PTR and ASN For each hop IP, look up reverse DNS (PTR) and AS number. Both are cached so the lookup overhead is bounded. Some hops have no PTR (private equipment); some have descriptive PTR (`lon-ix.r1.cogentco.com` = Cogent's London IX router).
  • Stage 5 — Geolocate Each hop's IP looked up against the geolocation database for city-level country/region. Combined with the AS data, this builds the route's geographic story.
  • Stage 6 — Detect anomalies Compare hops for repeated IPs (routing loop), high loss at specific hops (degradation), inconsistent IPs across the three probes per hop (asymmetric routing), and unusual hop counts (path inflation or oversized AS path). Surface each anomaly with explanation.
04 · READING A TRACEROUTE

What the patterns mean

A traceroute is just data; interpretation comes from recognizing patterns. Five common ones:

  • Stars (* * *) at the destination Many hosts (especially CDNs and security-conscious targets) silently drop ICMP at the destination but still serve traffic normally. Trailing stars don't mean the host is down — they mean ICMP is filtered. Check by trying to actually connect (port scan or HTTP fetch).
  • Stars (* * *) in the middle, hops on either side ICMP rate limiting at a specific intermediate router. Common on internet backbone equipment that prioritizes forwarding over reply. The path continues normally past the star — the router exists and is forwarding fine, just not replying to ICMP.
  • Latency jump at a specific hop A sudden 50ms+ increase at one hop usually marks a geographic transition (your packets just crossed an ocean) or a congested link. Geographic transitions are unavoidable; congestion is sometimes actionable through your provider.
  • Same IP repeating across multiple hops Routing loop — packets are bouncing between two routers. Almost always a misconfigured BGP route or static-route loop. The trace will eventually fail (TTL exhausted). This is a real, actionable issue to report to whoever operates the looping AS.
  • AS path that detours through a different continent Your packets go US-East → US-West (good) but the trace shows US-East → Europe → US-West. Likely a BGP-policy or peering issue — the originating ISP is sending your traffic via a longer path. Worth escalating; ISPs can often correct routes when shown the data.
05 · API

Use this programmatically

Every hop's IP, hostname, latency, ASN, organization, and geolocation is available as JSON. Useful for continuous path monitoring, customer-incident triage, and CDN-routing verification.

cURL
curl 'https://api.domainscan.in/v1/ip/traceroute?host=cloudflare.com'
JavaScript (fetch)
const res = await fetch(
  'https://api.domainscan.in/v1/ip/traceroute?host=example.com'
);
const trace = await res.json();

console.log(trace.target);                  // 'example.com (93.184.216.34)'
console.log(trace.summary.hopCount);        // 14
console.log(trace.summary.totalLatencyMs);  // 87
console.log(trace.summary.reachedTarget);   // true

// Find slowest hop
const slowest = trace.hops
  .filter(h => h.responseMs != null)
  .sort((a, b) => b.responseMs - a.responseMs)[0];
console.log(`Slowest hop: ${slowest.hop} · ${slowest.ip} · ${slowest.responseMs}ms`);

// AS transitions
let prevAsn = null;
trace.hops.forEach(h => {
  if (h.asn && h.asn !== prevAsn) {
    console.log(`Hop ${h.hop}: enter AS${h.asn} (${h.org})`);
    prevAsn = h.asn;
  }
});
Response schema (abridged)
{
  "target":     "example.com",
  "resolvedIp": "93.184.216.34",
  "summary": {
    "hopCount":       14,
    "totalLatencyMs": 87,
    "reachedTarget":  true,
    "anomalies":      []
  },
  "hops": [
    {
      "hop":        1,
      "ip":         "10.0.0.1",
      "hostname":   null,
      "responseMs": 1,
      "asn":        null,
      "org":        null,
      "location":   null
    },
    {
      "hop":        7,
      "ip":         "4.69.143.214",
      "hostname":   "ae-2-3604.ear1.washington-dc2.level3.net",
      "responseMs": 22,
      "asn":        3356,
      "org":        "Level 3 Parent, LLC",
      "location":   { "country": "US", "city": "Washington, DC" }
    }
  ]
}
06 · USE CASES

How teams use Traceroute Online

Six patterns we see most often:

Customer-reported slowness triage (Support)

Customer complains your service is slow from their region. Run a traceroute from a vantage point in that region to your service. The hop-by-hop latency profile either confirms a network issue (and tells you where) or rules it out — pointing investigation at the application layer.

CDN-routing verification (CDN)

Your CDN should be serving users from the nearest edge. Verify by traceroute from multiple regions and confirming the final hop is at a geographically reasonable PoP. Misrouted CDN edges are surprisingly common.

Continuous path monitoring (NetOps)

Cron a traceroute from key vantage points to your critical endpoints. Alert on AS-path changes (new transit involved, peering shift), latency regressions, or new packet loss. Catches routing changes that may not surface as outages but degrade performance.

ISP-escalation evidence (Vendor mgmt)

Your ISP is dropping packets somewhere upstream. Traceroute output is the data they need to file a ticket with their transit carrier. Without it, escalation goes nowhere.

DDoS-mitigation verification (Security)

Verify that traffic to your protected endpoint actually traverses your DDoS-scrubbing provider. Traceroute should show the scrubbing AS in the path; if not, your protection is bypassable.

Cross-region latency benchmarking (Performance)

Comparing two cloud regions for hosting a service. Run traceroutes from representative user regions to candidate hosting locations. The hop count and latency profile inform the choice.

07 · QUESTIONS

Common questions

  • What is traceroute? A diagnostic tool that maps the path of IP packets from one host to another, revealing each router (hop) along the way and the round-trip latency to each. Originally developed by Van Jacobson at LBL. The command exists as `traceroute` on Unix and `tracert` on Windows. This tool runs traceroute from our infrastructure and visualizes the result.
  • What's the difference between traceroute and ping? Ping tests whether a single host responds and measures total round-trip time. Traceroute reveals the entire path between you and the target, with per-hop latency. Ping answers 'is it up?'. Traceroute answers 'where on the path is the slowness or loss happening?'. Use ping for reachability, traceroute for path analysis.
  • Why do I see stars (asterisks) in my traceroute? Stars mean a probe didn't get a response within timeout. Two common causes: (1) the router at that hop is ICMP-rate-limited and didn't reply (most internet backbone routers prioritize forwarding over ICMP replies — stars in the middle of a working trace are normal), (2) the destination has ICMP filtered (trailing stars at the end). Stars don't necessarily mean a problem.
  • Why does my traceroute show different IPs for the same hop? Asymmetric routing or per-packet load balancing. Many routers split traffic across multiple links for load balancing; each probe (sent fractions of a second apart) may take a slightly different path. This is normal on heavily-engineered backbones and isn't a sign of misconfiguration.
  • What is an AS hop? Each hop in a traceroute is a router; each router belongs to an Autonomous System (AS) — an independently-administered network like an ISP, transit carrier, or CDN. An 'AS hop' is when consecutive routers belong to different ASes — meaning your traffic crossed from one network to another. Most cross-internet paths traverse 3-6 ASes.
  • Why does my traceroute timeout before reaching the destination? Common causes: (1) the destination filters ICMP and never replies (the path probably did complete, you just don't see the final response), (2) max-TTL (30 by default) was exceeded before reaching destination — extremely rare, only happens on misrouted or extremely-long paths, (3) a router in the middle is dropping packets, killing the trace at that point.
  • What is path MTU and how does it affect traceroute? Path MTU is the maximum packet size that can traverse the path without fragmentation. Traceroute uses small packets, so MTU isn't usually a factor. But if your application traffic is failing while ping/traceroute work, suspect MTU mismatch — large packets get dropped at the lowest-MTU link with no ICMP feedback, causing 'sometimes works, sometimes doesn't' connectivity. ICMP Fragmentation Needed must be allowed for Path MTU Discovery to work.
  • How is this different from `traceroute` on the command line? Same underlying technique, different surface. The command-line tool is fast and scriptable; the output is text-heavy and you must mentally enrich each hop (look up the IP, resolve the org). This tool runs traceroute from our public infrastructure and enriches every hop automatically — ASN, organization, geographic location, AS-path transitions, anomaly detection. Same data, much faster to interpret.