traceroute
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: traceroute

  1. #1
    Senior Member
    Join Date
    Jul 2003
    Posts
    634

    traceroute

    Hiya,

    Im just mucking about on my colleges network, I tried to traceroute to my friend whos on the same subnet and in the same ip range, but the traceroute never seems to end, if I sent the number of hops to 255, it'll go to 255 with "Request timed out" remark for every single result, no matter how many hops it always seems to repeat this going to infinite number of hops timed out, I understand the request timed out is usually the sign of a firewall or other filtering device, but seems odd to me that it allows itself to go to the maximum number of hops when i usually see it stop when it reaches its destination or firewall.

    Say my ip in 10.34.120.31 and I traceroute to 10.34.120.30, itll produce a good traceroute results, But if you tracerouote to something like 10.34.120.18 you get the results I explained above.

    Is the network somehow segmented? I assume it must be, but how comes things like traceroute wont work but msn messenger transfer will? Is this becuase of something affecting ICMP? and not TCP/IP?

    Has anyone got any idea's what causes this?? I find I quite interesting and havent seen this before.

    cheers

    i2c

  2. #2
    Hi mom!
    Join Date
    Aug 2001
    Posts
    1,103
    Although this doesn't completely answer your question, consider this:

    You have to realize that you can't determine in what network segment you are by looking at your IP address alone. In your example, 10.34.120.18 and 10.34.120.31 could be on two different segments.

    Visually, we seem to recognize segments of (slightly less than) 256 computers, which range from x.y.z.0 to x.y.z.255. Don't let the decimal notation fool you though!

    You can determine the size of a segment by its netmask: a netmask of 255.255.255.0 (or /24) indicate a network of 256 (-2 for administrative reasons) computers. That happens to coincide with the decimal notation of x.y.z.0 to x.y.z.255. If you have a netmask of 255.255.255.248 (or /29), you would create a segment smaller than 10 computers (which, of course, wouldn’t occupy all numbers between x.y.z.0 and x.y.z.255).
    I wish to express my gratitude to the people of Italy. Thank you for inventing pizza.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    There's a firewall on your path that blocks ICMP echo request and/or ICMP echo reply and/or ICMP time exceeded.

    It goes on and on because traceroute cannot determine it's there yet. So it keeps on adding "hops".
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member
    Join Date
    Jul 2003
    Posts
    813
    Another possibility is routers along the way, although the fact that you can properly traceroute some IPs and can't do it on others is strange... my router at home does not allow any form of traceroute, always returns timeouts. The Linksys site documents it as being a feature/bug [they aren't clear on what *exactly* it is] of the router model.
    /\\

  5. #5
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356

    Re: traceroute

    Originally posted here by i2c
    Hiya,

    Im just mucking about on my colleges network, I tried to traceroute to my friend whos on the same subnet and in the same ip range, but the traceroute never seems to end, if I sent the number of hops to 255, it'll go to 255 with "Request timed out" remark for every single result, no matter how many hops it always seems to repeat this going to infinite number of hops timed out, I understand the request timed out is usually the sign of a firewall or other filtering device, but seems odd to me that it allows itself to go to the maximum number of hops when i usually see it stop when it reaches its destination or firewall.

    Say my ip in 10.34.120.31 and I traceroute to 10.34.120.30, itll produce a good traceroute results, But if you tracerouote to something like 10.34.120.18 you get the results I explained above.

    Is the network somehow segmented? I assume it must be, but how comes things like traceroute wont work but msn messenger transfer will? Is this becuase of something affecting ICMP? and not TCP/IP?

    Has anyone got any idea's what causes this?? I find I quite interesting and havent seen this before.

    cheers

    i2c
    I think it would probably be helpful to explain a little of HOW traceroute works and that should help answer your question about the results you are receiving:

    Traceroute works by manipulating the TTL field in the IPV4 header or the hop limit field in the IPV6 header. According to the standards, any packet that passes through a device, the TTL field must be decremented by one before passing on the packet to the next gateway/IP. If the value of the TTL ever reaches zero the packet should be discarded and an ICMP message sent (ICMP Type 11) saying TTL exceeded. This is done to keep packets from bouncing around endlessly in the case of a dead gateway or a routing loop. But back to the point, traceroute sends the first packet to the destination with a TTL of 1, the next device will decrement the TTL to zero, discard the packet, and send back an ICMP message. Traceroute will then note who sent the message and record that as a hop. Traceroute will then send another packet to the destination with a TTL of 2, it will pass the already recorded hop, decrement to 1, pass to the next hop, decrement to 0, be dropped, and that device will send an ICMP message. Traceroute continues on in this fashion until the machine is reached or the max hops is reached (a traceroute option).

    If somewhere along the way ICMP has been blocked (or limited in a fashion that does not include type 11), then traceroute would never receive the ICMP packet and would not be able to record the hop. This would explain why you can't traceroute but you can get out on the network.

    Many locations block traceroute by disallowing ICMP and UDP (there is a certain range traceroute uses by default) because it could allow an attacker to map out the network and aid in enumeration of the network. With that being said, there are traceroutes around that uses slightly different techniques that can get around ICMP being blocked; however, you would have to read the man pages on it to see if your particular version supports it.
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  6. #6
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    ay.. but blocking ICMP isn't recommened. there is a reason why ICMP was invented and exisits in networking.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

  7. #7
    Banned
    Join Date
    Jun 2003
    Posts
    18
    Microsoft Windows 2000 [Version 5.00.2195]
    (C) 1985-2000 Microsoft Corp.

    C:\Documents and Settings\Administrator>tracert 192.168.0.255

    Tracing route to 192.168.0.255 over a maximum of 30 hops

    1 * * * Request timed out.
    2 * * * Request timed out.
    3 * * * Request timed out.
    4 * * * Request timed out.
    5 * * * Request timed out.
    6 * * * Request timed out.
    7 * * * Request timed out.
    8 * * * Request timed out.
    9 * * * Request timed out.
    10 * * * Request timed out.
    11 * * * Request timed out.
    12 * * * Request timed out.
    13 *

  8. #8
    Banned
    Join Date
    Jun 2003
    Posts
    18
    because my lan installed a smooth expresss fire wall and use a 386 computer installed linux operating system become a router

  9. #9
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Originally posted here by secure_lockdown
    ay.. but blocking ICMP isn't recommened. there is a reason why ICMP was invented and exisits in networking.
    There are also lots of reasons to block ICMP.
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  10. #10
    Senior Member
    Join Date
    Jul 2004
    Posts
    131
    don't some network devices use ICMP to keep track of host topology & stuff. once you kill ICMP, you create silence. if a host is removed or malfunctioning, there is no way to tell anymore.
    More cowbell! We need more cowbell!
    http://www.geocities.com/secure_lockdown/
    - - -
    \"Is the firewall there to protect you from the outside world or is it there to protect the outside world from *YOU*?\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •