Skip to content
MikroTik RouterOS Docs

Traceroute

Traceroute

Section titled “Traceroute”

Traceroute displays the list of routers that packets travel through to reach a remote host, helping diagnose network connectivity issues and identify where packet loss or latency occurs.

Overview

Section titled “Overview”

Traceroute is an essential diagnostic tool that maps the network path between your router and a destination host. By revealing each hop along the route, you can pinpoint exactly where connectivity problems occur, whether they are caused by ISP issues, routing problems, or firewall blocking.

Section titled “Sub-menu”

/tool traceroute

How Traceroute Works

Section titled “How Traceroute Works”

Traceroute operation is based on Time To Live (TTL) and ICMP Time Exceeded messages. TTL is a field in the IP header designed to prevent packets from circulating indefinitely in the network due to routing loops.

Each router along the path decrements the TTL by one. When TTL reaches zero, the router discards the packet and sends an ICMP Time Exceeded message back to the source. Traceroute exploits this mechanism:

  1. Initial packet sent with TTL=1 - first router decrements to 0 and returns ICMP Time Exceeded
  2. Next packet sent with TTL=2 - second router returns ICMP Time Exceeded
  3. This continues until the destination is reached or max hops exceeded

What Traceroute Reveals

Section titled “What Traceroute Reveals”

Using traceroute, you can identify:

  • The exact path packets take to reach a destination
  • Which hop introduces latency or packet loss
  • Whether issues are local, ISP-related, or remote
  • MTU issues or firewall blocking at specific hops
  • Asymmetric routing paths

Basic Usage

Section titled “Basic Usage”

Simple Traceroute

Section titled “Simple Traceroute”

Perform a basic traceroute to a destination:

/tool traceroute 8.8.8.8

Specify Maximum Hops

Section titled “Specify Maximum Hops”

Limit the traceroute to a maximum number of hops:

/tool traceroute address=10.255.255.1 max-hops=15

Continuous Monitoring

Section titled “Continuous Monitoring”

Run traceroute with multiple probes per hop for more accurate results:

/tool traceroute address=8.8.8.8 count=3

Example Output

Section titled “Example Output”
[admin@MikroTik] > /tool traceroute address=8.8.8.8
Columns: ADDRESS, LOSS, SENT, LAST, AVG, BEST, WORST, STD-DEV
 #  ADDRESS         LOSS  SENT   LAST    AVG   BEST  WORST  STD-DEV
 1  192.168.86.1     0%      3  0.4ms   0.4   0.4    0.5        0
 2  10.20.30.1       0%      3  4.8ms   5.1   4.8    5.6      0.4
 3  *               100%     3     0      0     0      0        0
 4  8.8.8.8          0%      3   14ms    14    13     15      1.0

Each line shows:

  • Hop number
  • Router IP address (or * if no response)
  • Packet loss percentage across all probes
  • Number of probes sent
  • Last probe RTT
  • Average, best, and worst RTT in milliseconds
  • Standard deviation

Properties

Section titled “Properties”
PropertyDescriptionDefault
addressDestination IP address or hostnamenone (required)
countNumber of probes per hop3
max-hopsMaximum TTL to probe30
timeoutTime to wait for response per probe (format: 00:00:01; range: 10ms–3s)00:00:01
interfaceSource interface for traceroute packetsprimary
src-addressSource IP address for traceroute packetsauto
protocolProbe protocol: icmp or udpicmp
portDestination port for UDP probes33434
dont-fragmentSet DF bit in probe packetsno

Timeout Configuration

Section titled “Timeout Configuration”

Adjust timeout for slow or congested networks. RouterOS expects time format (HH:MM:SS), not milliseconds:

/tool traceroute address=8.8.8.8 timeout=00:00:02

Interface Selection

Section titled “Interface Selection”

Force traceroute to use a specific interface:

/tool traceroute address=10.0.0.1 interface=ether1

Source Address Selection

Section titled “Source Address Selection”

Specify the source address for probes (useful on multihomed routers):

/tool traceroute address=8.8.8.8 src-address=203.0.113.5

UDP Probes

Section titled “UDP Probes”

Use UDP probes instead of ICMP to bypass firewalls that filter ICMP:

/tool traceroute address=8.8.8.8 protocol=udp

Interpreting Results

Section titled “Interpreting Results”

Reading the Output

Section titled “Reading the Output”
  • Hop numbers indicate position in the path
  • IP addresses identify each router
  • LOSS shows percentage of probes with no reply
  • SENT shows how many probes have been sent
  • LAST/AVG/BEST/WORST show RTT statistics in milliseconds
  • STD-DEV shows latency jitter
  • Asterisks (*) indicate no response within the timeout

Common Patterns

Section titled “Common Patterns”
PatternMeaning
Increasing average RTTNormal behavior - each hop adds processing time
Sudden RTT spike at one hopCongested link or slow router at that hop
100% loss at a hop, destination still reachedFirewall filtering ICMP at that hop; data plane is fine
High loss at destinationPacket loss or connectivity problem at the target
Same hop IP repeatedRouting loop detected

Example Diagnoses

Section titled “Example Diagnoses”

Normal Traceroute

Section titled “Normal Traceroute”
 #  ADDRESS         LOSS  SENT   LAST    AVG   BEST  WORST  STD-DEV
 1  10.0.0.1         0%      3    1ms      1     1      1        0
 2  192.168.1.1      0%      3    2ms      2     2      2        0
 3  10.10.10.1       0%      3    5ms      5     5      5        0
 4  203.0.113.1      0%      3   10ms     10     9     11        1
 5  8.8.8.8          0%      3   15ms     14    14     15      0.5

Consistent latency increase and zero loss indicate a healthy network path.

Firewall Blocking ICMP

Section titled “Firewall Blocking ICMP”
 #  ADDRESS         LOSS  SENT   LAST    AVG   BEST  WORST  STD-DEV
 1  10.0.0.1         0%      3    1ms      1     1      1        0
 2  192.168.1.1      0%      3    2ms      2     2      2        0
 3  *               100%     3      0      0     0      0        0
 4  *               100%     3      0      0     0      0        0
 5  8.8.8.8          0%      3   15ms     15    15     15        0

Hops 3-4 show 100% loss but destination is reachable - likely ICMP filtering at those hops. The data plane is functioning.

Routing Loop

Section titled “Routing Loop”
 #  ADDRESS         LOSS  SENT   LAST    AVG   BEST  WORST  STD-DEV
 1  10.0.0.1         0%      3    1ms      1     1      1        0
 2  192.168.1.1      0%      3    2ms      2     2      2        0
 3  10.10.10.1       0%      3    3ms      3     3      3        0
 4  192.168.1.1      0%      3    4ms      4     4      4        0
 5  10.10.10.1       0%      3    5ms      5     5      5        0

Repeating IPs indicate a routing loop.

Advanced Configuration

Section titled “Advanced Configuration”

Increasing Probe Count

Section titled “Increasing Probe Count”

For more statistically significant results:

/tool traceroute address=8.8.8.8 count=5

Diagnosing Through Firewalls with UDP

Section titled “Diagnosing Through Firewalls with UDP”

When ICMP is blocked end-to-end, use UDP probes:

/tool traceroute address=8.8.8.8 protocol=udp

Troubleshooting Common Issues

Section titled “Troubleshooting Common Issues”

Destination Unreachable

Section titled “Destination Unreachable”
 #  ADDRESS         LOSS  SENT   LAST    AVG   BEST  WORST  STD-DEV
 1  10.0.0.1         0%      3    1ms      1     1      1        0
 2  192.168.1.1      0%      3    2ms      2     2      2        0
 3  192.168.1.1     100%     3      0      0     0      0        0

When the path terminates before the destination with 100% loss, the routing may be broken upstream. Check for a missing or incorrect default route.

Traceroute Hangs

Section titled “Traceroute Hangs”

If traceroute hangs without results:

  1. Verify DNS resolution works
  2. Check default route exists: /ip/route/print
  3. Verify firewall not blocking outgoing ICMP
  4. Test with ping first: /tool/ping address=8.8.8.8 count=3

All Hops Show Asterisks

Section titled “All Hops Show Asterisks”

If all hops show 100% loss:

  1. Verify interface has IP and default route
  2. Check firewall rules in /ip/firewall/filter
  3. Verify ISP connectivity
  4. Try traceroute to local gateway first

Comparing Traceroute to Ping

Section titled “Comparing Traceroute to Ping”
FeatureTraceroutePing
PurposePath discoveryConnectivity test
InformationAll hops in pathEnd-to-end only
ICMP typesTime ExceededEcho Request/Reply
Use caseWhere is the problem?Is destination reachable?
Time to resultsLonger (tests each hop)Quicker (single destination)

Use ping first to confirm basic connectivity, then traceroute to locate problems.

Use Cases

Section titled “Use Cases”

Diagnosing ISP Issues

Section titled “Diagnosing ISP Issues”
/tool traceroute address=8.8.8.8

Compare results at different times to identify intermittent ISP problems.

Identifying Bottlenecks

Section titled “Identifying Bottlenecks”

Run traceroute with multiple probes for reliable statistics:

/tool traceroute address=10.0.0.1 count=5

High average RTT or jitter (STD-DEV) at specific hops indicates congestion.

Verifying VPN Tunnel

Section titled “Verifying VPN Tunnel”

Trace route through VPN interface:

/tool traceroute address=10.10.10.1 interface=vpn-tunnel

Checking Connectivity to DNS Server

Section titled “Checking Connectivity to DNS Server”

Trace route to DNS server to diagnose DNS issues:

/tool traceroute address=1.1.1.1
Section titled “Related Commands”
  • /tool/ping - Test end-to-end connectivity
  • /tool/netwatch - Monitor host availability
  • /tool/bandwidth-test - Measure throughput
  • /ip/route - View routing table
  • /ip/firewall - Configure firewall rules
Section titled “Related Resources”