Using Traceroute under Linux

[JockVSJock]

I know how to use tracert under windows, no problem, but say for example, if I want to traceroute a website under my RH 8.0 box and see how many hops there are:

Code:

 

[root@phoenix root]# traceroute olug.org
traceroute to olug.org (207.252.127.221), 30 hops max, 38 byte packets

1 * * * 
2 * * * 
3 * * * 
4 * * *  
5 * * * 
6 * * * 
7 * * * 
8 * * * 
9 * * * 
10 * * *

What am I doing wrong here, and why am I not getting any ip addresses for the output?

[Stormcr0w]

On my Linux box connected to Rogers@Home I get the following results:

$ /usr/sbin/traceroute olug.org
traceroute to olug.org (207.252.127.221), 30 hops max, 38 byte packets
1 10.201.224.1 (10.201.224.1) 32.345 ms 1.922 ms 5.634 ms
2 gw01.flfrd.phub.net.cable.rogers.com (66.185.83.173) 20.719 ms 30.709 ms 6.083 ms
3 gw01.mtnk.phub.net.cable.rogers.com (66.185.82.125) 7.328 ms * 13.528 ms
4 gw02.wlfdle.phub.net.cable.rogers.com (66.185.80.149) 42.632 ms 14.706 ms *
5 if-13-0.core3.NewYork.teleglobe.net (64.86.206.133) 23.730 ms 79.698 ms 41.887 ms
6 if-6-0.core2.NewYork.Teleglobe.net (64.86.83.157) 38.833 ms 20.725 ms 42.128 ms
7 if-4-0.bb8.NewYork.Teleglobe.net (66.110.8.130) 25.149 ms 22.670 ms 47.957 ms
8 ix-3-2.bb8.NewYork.Teleglobe.net (207.45.198.82) 50.041 ms * 59.013 ms
9 tbr1-p011601.n54ny.ip.att.net (12.123.1.122) 85.789 ms 75.333 ms 65.931 ms
10 tbr1-p013701.wswdc.ip.att.net (12.122.10.18) 28.626 ms 50.057 ms 89.850 ms
11 tbr1-cl4.sl9mo.ip.att.net (12.122.10.30) 73.502 ms 80.595 ms *
12 gbr6-p100.sl9mo.ip.att.net (12.122.11.110) 107.573 ms 108.502 ms 63.551 ms
13 gar2-p370.sl9mo.ip.att.net (12.123.24.237) 52.944 ms 54.601 ms 48.314 ms
14 12.125.74.38 (12.125.74.38) 56.692 ms 76.492 ms 134.145 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *


On a Windows XP machine connected to Magma.ca, I get the following results:


C:\>tracert olug.org

Tracing route to olug.org [207.252.127.221]
over a maximum of 30 hops:

1 1 ms <1 ms <1 ms 64.26.131.165
2 1 ms 1 ms 1 ms 209.217.112.121
3 1 ms 1 ms 1 ms core2-vlan46.magma.ca [206.191.55.209]
4 1 ms 1 ms 1 ms 206.191.0.97
5 1 ms 1 ms 1 ms border5-faste0-0.magma.ca [209.217.64.42]
6 2 ms 2 ms 2 ms 500.Serial4-2.GW1.OTT1.ALTER.NET [157.130.159.21
3]
7 11 ms 13 ms 12 ms 117.ATM3-0.XR1.TOR2.ALTER.NET [152.63.130.50]
8 8 ms 8 ms 12 ms 0.so-0-0-0.TL1.TOR2.ALTER.NET [152.63.2.109]
9 20 ms 20 ms 21 ms 0.so-2-2-0.TL1.CHI2.ALTER.NET [152.63.2.90]
10 21 ms 20 ms 21 ms 0.so-2-0-0.XL1.CHI2.ALTER.NET [152.63.67.126]
11 21 ms 20 ms 20 ms 0.so-7-0-0.BR6.CHI2.ALTER.NET [152.63.71.94]
12 20 ms 20 ms 21 ms 204.255.168.58
13 * * * Request timed out.
14 28 ms 31 ms 28 ms tbr2-p012501.sl9mo.ip.att.net [12.122.10.10]
15 28 ms 26 ms 27 ms gbr6-p90.sl9mo.ip.att.net [12.122.11.126]
16 27 ms 31 ms 27 ms gar2-p370.sl9mo.ip.att.net [12.123.24.237]
17 35 ms 35 ms 35 ms 12.125.74.38
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

So it seems like the problem is not on your end of things.
My results are pretty much the same regardless of what network I am connected to.
It should also be noted that there is no significant difference between the Linux 'traceroute' (which uses UDP datagrams) results and the Windows XP 'tracert' (which uses an ICMP ECHO packet) results.

As you can see, my requests start to fail after a few hops, of course I am located in Canada and the site is for the 'Omaha Linux Users Group' so it is taking me a couple of hops to get to Omaha whereas you are located in Omaha.

Hope this helps a bit.

[JockVSJock]

I believe it might be somethign with my iptables. I know nothing about it, but it doesn't startup at boottime, so I don't know why it is doing this? The ports under /etc/services are not being blocked for traceroute.

[MrLinus]

Are you blocking outbound pings/icmp in your IPTables?

Traceroute requires pings to go out and in for it to do the tracing. The following should work:

Code:

iptables -A OUTPUT-icmp-external -p icmp --icmp-type echo-request -m state --state NEW -j ACCEPT

iptables -A INPUT-icmp-external -p icmp --icmp-type echo-reply -m state --state ESTABLISHED, RELATED -j ACCEPT

If you're not sure if it's blocked, post the IPTables script here and I'm sure someone can help.

[JockVSJock]

My iptables is under /etc/sysconfig, is this correct? This is somethign that I am lacking skillwise, but I am getting another box from a friend, and I am going to set up iptables on it all by itself.

And, I do not see anything in the script that references the traceroute ports.

Here is the script:

Code:

 

# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 
--dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0 
--dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j 
REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT
# Generated by webmin
*mangle
:FORWARD ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed
# Generated by webmin
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed

[Stormcr0w]

Try running '/sbin/iptables -L' and send us the output.
It should look similar to this:

Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh


Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Also, if you think that it might me related to a misconfiguration with IPTABLES, then try flushing your IPTABLES rules:

# /sbin/iptables -F INPUT
# /sbin/iptables -F OUTPUT
# /sbin/iptables -F FORWARD
# /sbin/iptables -F -t nat
# /sbin/iptables -X
# /sbin/iptables -Z

[JockVSJock]

/sbin/iptables -L get me

Code:

 

bus error

[IKnowNot]

try running a simple traceroute

/usr/sbin/traceroute 127.0.0.1

see if iptables is running

/sbin/chkconfig --list iptables


bus error?? when you installed RH 8.0 did it install the proper motherboard files?? When you boot, do your start-up logs indicate errors loading?

[Stormcr0w]

I apologize, I did not fully read your message.
Upon re-reading your previous post one thing jumped out at me 'LOKKIT'


Lokkit is a Red Hat tool for configuring a firewall and I believe that it uses IPCHAINS and NOT IPTABLES.

So, in this case try running '/sbin/ipchains -L' and send us the output.

Also, if you think that it might me related to a misconfiguration with IPTABLES, then try flushing your IPTABLES rules:

# /sbin/ipchains -F INPUT
# /sbin/ipchains -F OUTPUT
# /sbin/ipchains -F FORWARD
# /sbin/ipchains -F -t nat
# /sbin/ipchains -X
# /sbin/ipchains -Z

[JockVSJock]

loopback works, this I am sure of

Code:

 
1  phoenix (127.0.0.1)  0.171 ms  0.141 ms  0.028 ms

Not sure about this output for iptables

Code:

iptables       	0 : off	 1 : off  2 : on  3 : off  4 : on  5 : on  6 : off