Back to all articles
DebuggingPingTracerouteICMPCommand Line

Ping and Traceroute: Your Best Debugging Friends

David ChenJune 2, 2024

We've all been there. You type a URL into your browser, hit Enter, and the dreaded spinning wheel appears. Eventually, a little dinosaur shows up and tells you the connection failed.

"The internet is down," you declare.

But where is it down? Is your laptop's WiFi adapter broken? Did your router freeze? Is your Internet Service Provider experiencing an outage? Did the website's server crash? Or did a submarine cable get severed halfway across the world?

To an average user, a broken connection is a black box of frustration. But to a network engineer, it is a mystery waiting to be solved. And the first tools they reach for to solve it are two of the oldest, simplest, and most powerful programs ever written: Ping and Traceroute.

If you want to understand networking, you need to know how to use these tools. Let's open the command line and get to work.

The Sonar of the Internet: Ping

The concept of Ping is lifted directly from submarine warfare. A submarine sends out a burst of sound (a "ping") and waits to hear the echo. If it hears an echo, it knows something is out there. By timing how long the echo took to return, it knows how far away the object is.

The digital version of Ping does the exact same thing using a protocol called ICMP (Internet Control Message Protocol).

When you open a terminal and type `ping google.com`, your computer creates a tiny ICMP "Echo Request" packet and fires it at Google's IP address. It starts a stopwatch.

When Google's server receives the packet, it is required by the rules of the internet to immediately formulate an ICMP "Echo Reply" packet and send it back to you. When your computer receives the reply, it stops the stopwatch.

The output looks something like this:

`Reply from 142.250.190.46: bytes=32 time=14ms TTL=116`

This single line of text tells you three massive pieces of information:

1. Reachability: Google is online. Your packet successfully navigated the maze of the internet, arrived at Google, and made it back.

2. Latency (time=14ms): It took 14 milliseconds for the packet to make the round trip. This is excellent. If the time was 500ms, you would know the connection is heavily congested or traveling over a very slow link (like a satellite).

3. Packet Loss: Ping usually sends 4 packets by default (on Windows) or runs continuously (on Mac/Linux). If it sends 4 packets and only 3 return, you have 25% packet loss. This indicates a severely unstable connection, perhaps a failing router or massive network congestion.

Using Ping to Isolate the Problem

When the internet breaks, you can use Ping to systematically isolate the failure point.

1. Ping 127.0.0.1 (Localhost): This is the "loopback" address. It never leaves your computer. If this fails, your computer's TCP/IP software stack is completely broken.

2. Ping your default gateway (e.g., 192.168.1.1): This tests the connection to your home router. If this fails, your WiFi is disconnected or your router needs a reboot. The problem is inside your house.

3. Ping 8.8.8.8 (Google's Public DNS): This tests the connection to the internet. If you can reach your router but not 8.8.8.8, your ISP is likely down, or the cable outside your house is cut.

4. Ping the specific website (e.g., ping example.com): If you can ping 8.8.8.8 but you can't ping the specific website, then the internet is fine, but that specific website's server has crashed.

With four simple commands, you have completely diagnosed the root cause of the outage.

Peering Behind the Curtain: Traceroute

Ping tells you *if* you can reach a destination. But it doesn't tell you *how* the packet got there. If a ping fails, or if the latency is unusually high, you want to know exactly where the bottleneck is.

Enter Traceroute (typed as `tracert` on Windows or `traceroute` on Mac/Linux).

Traceroute prints a list of every single router your packet hops through on its journey to the destination. It maps the internet for you.

How does it work? It exploits a clever feature of IP packets called the TTL (Time To Live).

When a packet is created, it is given a TTL value (usually 64 or 128). Every time the packet passes through a router, the router subtracts 1 from the TTL. If the TTL ever hits zero, the router throws the packet in the trash and sends a "Time Exceeded" error message back to the original sender. This mechanism exists to prevent lost packets from bouncing around the internet forever in an infinite loop.

Traceroute exploits this error mechanism brilliantly.

When you type `tracert google.com`, your computer sends a packet to Google, but it intentionally sets the TTL to exactly 1.

The packet hits your home router (Hop 1). The router subtracts 1, bringing the TTL to 0. The router drops the packet and sends the "Time Exceeded" error back to your computer. Your computer says, "Aha! Hop 1 is my router!"

Next, your computer sends a second packet, this time with a TTL of 2. The packet survives your router, makes it to the ISP's local router (Hop 2), where the TTL hits 0. The ISP router sends back the error. Your computer logs Hop 2.

It repeats this process, incrementing the TTL by 1 each time, mapping every single router along the path until the packet finally reaches Google.

Reading a Traceroute

A typical traceroute output might show 10 to 15 hops.

Hop 1 will be your home router (192.168.1.1).

Hops 2 through 4 might be infrastructure belonging to your ISP (Comcast, Spectrum, etc.). You can often tell by looking at the domain names attached to the IP addresses.

Hops 5 through 8 might be massive Tier 1 internet backbone providers routing traffic across the country.

The final hops will be inside Google's own data centers.

Alongside each hop, traceroute shows the latency (in milliseconds). This is where its diagnostic power lies.

If you complain that a video game is lagging, you can run a traceroute to the game's server.

  • If the latency spikes to 300ms on Hop 1, the problem is your terrible home WiFi.
  • If the latency spikes on Hop 3, your ISP's local node is congested.
  • If the latency is fine until Hop 12 (deep inside the game developer's data center), then the problem is definitively on their end.

    • A Word of Warning

    In modern networking, Ping and Traceroute are sometimes blocked. Many network administrators configure their firewalls to silently drop ICMP packets to hide their network topology from potential hackers.

    If you run a traceroute and see a line of asterisks (* * * Request timed out), it doesn't necessarily mean the network is broken. It often just means that specific router is configured to ignore ping requests. If the hops continue successfully after the asterisks, the packet made it through fine; the middle router just refused to answer.

    Conclusion

    Ping and Traceroute are the magnifying glasses of the network world. They take the abstract concept of "the internet" and break it down into tangible, measurable physical hops.

    The next time your connection drops, don't just stare at the spinning wheel. Open a terminal, run a ping, and find out exactly what's going on behind the scenes.