Understanding Traceroute Asterisks: Why Some Hops Don’t Respond

By /

Listen to this Post

Featured Image
When running traceroute, you may encounter asterisks () in the output, indicating a non-responsive hop. This doesn’t always mean network failure—here’s why:

How Traceroute Works

1. TTL Mechanism:

traceroute google.com  Linux
tracert google.com  Windows

– Sends packets with increasing Time-To-Live (TTL) values (1, 2, 3…).
– Each router decrements TTL by 1. If TTL=0, it replies with ICMP Time Exceeded.

2. Asterisks Appear When:

  • The router blocks ICMP (common in firewalls).
  • Rate-limiting ICMP replies.
  • ACLs filter ICMP traffic.

You Should Know:

Linux Commands for Deeper Analysis

  • Force ICMP/UDP: 
    traceroute -I google.com  ICMP mode
traceroute -U google.com -p 53  UDP mode (DNS port)
  • Disable DNS Lookups (faster output): 
    traceroute -n google.com
  • Alternative Tools: 
    mtr google.com  Combines traceroute + ping
tcptraceroute google.com 443  TCP-based traceroute

Windows Alternatives

pathping google.com  Combines traceroute + latency stats

Packet Capture (Verify Traffic)

tcpdump -i eth0 icmp  Linux ICMP capture
tshark -i eth0 -Y "icmp"  Wireshark CLI

Common Misconceptions

  • Asterisks ≠ Packet Loss: Traffic may still flow.
  • Backbone Routers: Often ignore traceroute for security.
  • Use Multiple Tools: Cross-check with ping, mtr, or tcptraceroute.

What Undercode Say

Traceroute is a diagnostic tool, not definitive proof of network health. Combine it with:
– Ping Tests: 

ping -c 4 google.com

– Path Analysis: 

ip route get google.com  Check routing path

– Firewall Checks: 

iptables -L -v  Linux firewall rules

For Windows:

netsh advfirewall show allprofiles

Expected Output:

traceroute to google.com (142.250.190.46), 30 hops max, 60 byte packets
1 192.168.1.1 (192.168.1.1) 1.234 ms 
2<br />
3 10.10.10.1 (10.10.10.1) 5.678 ms  Asterisks but next hop responds

Prediction

As networks prioritize security, ICMP-based tools like traceroute will become less reliable. Alternatives like TCP-based path analysis (e.g., tcptraceroute) or protocol-aware monitoring (e.g., mtr) will gain traction.

URLs for Further Reading:

IT/Security Reporter URL:

Reported By: Pdiazd Why – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: