traceroute

Printable View

Show 40 post(s) from this thread on one page

October 13th, 2004, 01:02 PM
i2c

traceroute

Hiya,

Im just mucking about on my colleges network, I tried to traceroute to my friend whos on the same subnet and in the same ip range, but the traceroute never seems to end, if I sent the number of hops to 255, it'll go to 255 with "Request timed out" remark for every single result, no matter how many hops it always seems to repeat this going to infinite number of hops timed out, I understand the request timed out is usually the sign of a firewall or other filtering device, but seems odd to me that it allows itself to go to the maximum number of hops when i usually see it stop when it reaches its destination or firewall.

Say my ip in 10.34.120.31 and I traceroute to 10.34.120.30, itll produce a good traceroute results, But if you tracerouote to something like 10.34.120.18 you get the results I explained above.

Is the network somehow segmented? I assume it must be, but how comes things like traceroute wont work but msn messenger transfer will? Is this becuase of something affecting ICMP? and not TCP/IP?

Has anyone got any idea's what causes this?? I find I quite interesting and havent seen this before.

cheers

i2c
October 13th, 2004, 01:54 PM
Guus

Although this doesn't completely answer your question, consider this:

You have to realize that you can't determine in what network segment you are by looking at your IP address alone. In your example, 10.34.120.18 and 10.34.120.31 could be on two different segments.

Visually, we seem to recognize segments of (slightly less than) 256 computers, which range from x.y.z.0 to x.y.z.255. Don't let the decimal notation fool you though!

You can determine the size of a segment by its netmask: a netmask of 255.255.255.0 (or /24) indicate a network of 256 (-2 for administrative reasons) computers. That happens to coincide with the decimal notation of x.y.z.0 to x.y.z.255. If you have a netmask of 255.255.255.248 (or /29), you would create a segment smaller than 10 computers (which, of course, wouldn’t occupy all numbers between x.y.z.0 and x.y.z.255).
October 13th, 2004, 03:15 PM
SirDice

There's a firewall on your path that blocks ICMP echo request and/or ICMP echo reply and/or ICMP time exceeded.

It goes on and on because traceroute cannot determine it's there yet. So it keeps on adding "hops".
October 13th, 2004, 08:00 PM
hypronix

Another possibility is routers along the way, although the fact that you can properly traceroute some IPs and can't do it on others is strange... my router at home does not allow any form of traceroute, always returns timeouts. The Linksys site documents it as being a feature/bug [they aren't clear on what *exactly* it is] of the router model.
October 13th, 2004, 08:54 PM
nebulus200

Re: traceroute

Quote:

Originally posted here by i2c
Hiya,

Im just mucking about on my colleges network, I tried to traceroute to my friend whos on the same subnet and in the same ip range, but the traceroute never seems to end, if I sent the number of hops to 255, it'll go to 255 with "Request timed out" remark for every single result, no matter how many hops it always seems to repeat this going to infinite number of hops timed out, I understand the request timed out is usually the sign of a firewall or other filtering device, but seems odd to me that it allows itself to go to the maximum number of hops when i usually see it stop when it reaches its destination or firewall.

Say my ip in 10.34.120.31 and I traceroute to 10.34.120.30, itll produce a good traceroute results, But if you tracerouote to something like 10.34.120.18 you get the results I explained above.

Is the network somehow segmented? I assume it must be, but how comes things like traceroute wont work but msn messenger transfer will? Is this becuase of something affecting ICMP? and not TCP/IP?

Has anyone got any idea's what causes this?? I find I quite interesting and havent seen this before.

cheers

i2c

I think it would probably be helpful to explain a little of HOW traceroute works and that should help answer your question about the results you are receiving:

Traceroute works by manipulating the TTL field in the IPV4 header or the hop limit field in the IPV6 header. According to the standards, any packet that passes through a device, the TTL field must be decremented by one before passing on the packet to the next gateway/IP. If the value of the TTL ever reaches zero the packet should be discarded and an ICMP message sent (ICMP Type 11) saying TTL exceeded. This is done to keep packets from bouncing around endlessly in the case of a dead gateway or a routing loop. But back to the point, traceroute sends the first packet to the destination with a TTL of 1, the next device will decrement the TTL to zero, discard the packet, and send back an ICMP message. Traceroute will then note who sent the message and record that as a hop. Traceroute will then send another packet to the destination with a TTL of 2, it will pass the already recorded hop, decrement to 1, pass to the next hop, decrement to 0, be dropped, and that device will send an ICMP message. Traceroute continues on in this fashion until the machine is reached or the max hops is reached (a traceroute option).

If somewhere along the way ICMP has been blocked (or limited in a fashion that does not include type 11), then traceroute would never receive the ICMP packet and would not be able to record the hop. This would explain why you can't traceroute but you can get out on the network.

Many locations block traceroute by disallowing ICMP and UDP (there is a certain range traceroute uses by default) because it could allow an attacker to map out the network and aid in enumeration of the network. With that being said, there are traceroutes around that uses slightly different techniques that can get around ICMP being blocked; however, you would have to read the man pages on it to see if your particular version supports it.
October 13th, 2004, 10:15 PM
secure_lockdown

ay.. but blocking ICMP isn't recommened. there is a reason why ICMP was invented and exisits in networking.
October 14th, 2004, 03:18 AM
snoweagle

Microsoft Windows 2000 [Version 5.00.2195]
(C) 1985-2000 Microsoft Corp.

C:\Documents and Settings\Administrator>tracert 192.168.0.255

Tracing route to 192.168.0.255 over a maximum of 30 hops

1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 *
October 14th, 2004, 03:23 AM
snoweagle

because my lan installed a smooth expresss fire wall and use a 386 computer installed linux operating system become a router
October 18th, 2004, 09:47 AM
SirDice

Quote:

Originally posted here by secure_lockdown
ay.. but blocking ICMP isn't recommened. there is a reason why ICMP was invented and exisits in networking.

There are also lots of reasons to block ICMP.
October 18th, 2004, 11:33 AM
secure_lockdown

don't some network devices use ICMP to keep track of host topology & stuff. once you kill ICMP, you create silence. if a host is removed or malfunctioning, there is no way to tell anymore.

Show 40 post(s) from this thread on one page