Ping and Traceroute: How ICMP Diagnoses Networks
Ping and traceroute are the two most trusted tools in any troubleshooter's kit, and both lean on the same quiet helper protocol, ICMP, to measure how fast your data travels and to map the exact path it takes across the internet.
When something on the internet feels slow or unreachable, the first two commands almost anyone reaches for are ping and traceroute. They answer different questions, but they share a foundation: the Internet Control Message Protocol, or ICMP. ICMP is the internet's way of sending status and error messages about network conditions rather than carrying your actual data, and ping and traceroute cleverly repurpose it to reveal how healthy a path is and where it leads.
What ICMP is for
Every packet on the internet travels using the Internet Protocol, the same numbering system that gives your device its IP address. Most of that traffic is carried inside TCP or UDP, the transport protocols that move web pages and video. ICMP sits alongside them as a signalling channel. It is how a router tells your computer "that destination is unreachable," or "this packet has been travelling too long and I am dropping it."
Ping and traceroute both take advantage of these built-in messages. Ping sends a specific ICMP "echo request" and waits for an "echo reply." Traceroute deliberately provokes "time exceeded" messages from each router along a route. Neither tool is doing anything exotic; they are just listening carefully to the internet's own housekeeping chatter.
How ping works
Ping is the simpler of the two. It sends a small ICMP echo request packet to a target host and starts a timer. When the reply comes back, ping records the elapsed time, the round-trip time, usually in milliseconds. Repeat that a handful of times and you get a clear picture of two things: latency, and packet loss.
A typical result might look like a series of replies at 12 ms, 13 ms, 12 ms, with no packets lost. If some replies never arrive, ping reports packet loss, which often points to congestion or an unreliable link. It is worth stressing what ping does not tell you: it measures delay, not capacity. A connection can have an excellent ping and still be slow to download large files. That distinction between delay and throughput is explored in our guide to bandwidth vs latency.
A failed ping does not always mean a host is down. Many servers and firewalls are configured to silently ignore ICMP echo requests, so a perfectly healthy machine can appear "unreachable" to ping while still serving web pages normally.
How traceroute maps the path
Traceroute answers a bigger question: not just "how far away is this host," but "what route does my data take to get there?" It does this with a clever trick involving a field in every IP packet called TTL, short for "time to live."
TTL is a counter that starts at some number and drops by one at every router the packet passes through. When it reaches zero, the router discards the packet and sends back an ICMP "time exceeded" message. Traceroute exploits this on purpose. It sends a packet with a TTL of 1, which dies at the very first router and reports back. Then it sends one with a TTL of 2, which dies at the second router. By steadily increasing the TTL, traceroute forces each router along the path to reveal itself in turn.
The result is a numbered list of "hops," each showing the IP address of a router and the round-trip time to reach it. Traceroute usually sends three probes per hop, which is why you often see three timing figures on each line. Where reverse DNS is configured, each hop is also labelled with a hostname, which is where our guide to reverse DNS and PTR records connects to what you see on screen.
Reading a traceroute
Interpreting a traceroute is a skill worth having. Here is what the common patterns mean.
| What you see | What it usually means |
|---|---|
| Steady, slowly rising times | A healthy path; latency grows with distance, as expected |
| A big jump at one hop | A long link, often an undersea or intercontinental cable |
| Asterisks (* * *) at one hop | A router that does not reply; frequently harmless |
| Asterisks all the way to the end | Traffic is being blocked, or the destination is unreachable |
| Times that later go back down | Normal; each hop is measured independently, so figures wobble |
A common beginner worry is seeing high latency on a single middle hop. On its own this rarely matters, because many routers give low priority to answering traceroute probes even while forwarding real traffic instantly. What matters is the trend toward the destination, and whether the final hop responds.
Variations and limits
Not every traceroute uses ICMP. On many systems the classic Unix traceroute sends UDP packets instead, while Windows tracert uses ICMP echo requests directly. Either way, it is the returning ICMP "time exceeded" messages that make the tool work. The difference between these transport choices is covered in our guide to TCP vs UDP.
Both tools have honest limits. Because so many networks rate-limit or block ICMP, results can be misleading, and the path shown is only the outbound route; return traffic may travel a completely different way. Modern anycast networks add another wrinkle, since the "same" IP can be served from many locations at once. Still, for a quick, free, and universally available diagnosis, ping and traceroute remain remarkably hard to beat. To keep exploring how the internet moves your data, browse the rest of the guides at IP Animals.
Frequently asked questions
What does ping actually measure?
Ping measures round-trip time: how long it takes a small packet to travel to a host and for a reply to come back, usually reported in milliseconds. It also reveals packet loss when some replies never return. It does not measure bandwidth or download speed.
Why do some traceroute hops show asterisks or time out?
Asterisks mean a router along the path did not send a reply within the time limit. This is often deliberate: many routers deprioritise or block the ICMP messages traceroute relies on, or rate-limit them. A few timed-out hops in the middle of an otherwise complete path are usually harmless.
Is a lower ping always better?
For interactive activities like gaming and video calls, lower latency does feel better because responses arrive sooner. But a low ping does not guarantee high bandwidth, and consistency matters too. A stable connection with slightly higher latency can outperform a jittery one with a lower average.
Does a failed ping mean a server is down?
Not necessarily. Many servers and firewalls are configured to ignore ICMP echo requests for security reasons, so a host can be fully online yet not respond to ping. A failed ping is a clue, not proof, that something is unreachable.