PDA

View Full Version : Network IP Traceroute Results?




pianoman1976
May 20, 2008, 11:09 PM
When running a traceroute line quality check, http://www.dslreports.com/linequality), my line quality test results came back good (pass), yet on the traceroute host list I show a host titled "???" that is one hop before my IP that shows 100% loss. 100% loss should fail the test shouldn't it?

Using another trace I can see that this unknown IP is 192.168.33.166, which I thought was a private local designation, yet I am not using this IP on my equipment.

Please advise.



savar
May 22, 2008, 04:03 PM
When running a traceroute line quality check, http://www.dslreports.com/linequality), my line quality test results came back good (pass), yet on the traceroute host list I show a host titled "???" that is one hop before my IP that shows 100% loss. 100% loss should fail the test shouldn't it?

Using another trace I can see that this unknown IP is 192.168.33.166, which I thought was a private local designation, yet I am not using this IP on my equipment.

Please advise.

No, the ??? represents a server that wouldn't respond to your traceroute probe, but it was still forwarding your packets.

You see, traceroute does it's magic by manipulating a little trick in IP (Internet protocol, the base layer of TCP/IP). IP has a field called "time to live", which represents how many hops a packet is allowed to travel before it gets dropped. Everytime a router forwards your packet from one network to the next, it subtracts 1 from the time to live. If a router receives a packet with a time to live equal to 0, then it does not forward that packet. Many routers will send a packet back to the original sender indicating that the packet was dropped, but some do not send this message.

The original purpose of this was so that if a routing system was misconfigured and send packets in an inifinite loop, the packets would eventually die out, and not just continue to circle around.

But traceroute does something cool. It intentionally puts a low time to live so that the router receive the packet will send the packet back. So to discover the first hop between you and a destination, it sets the time to live to 1. The first router subtracts 1, sees that the new time to live is zero, and it sends the packet back to you. When it does that, it's own IP address is stored in the packet that it sends to you.

By incrementing the time to live in successive packets, you can get each router in the chain to send a packet back to you. But as I said above, some routers do not respond -- they just drop the packet. So traceroute waits a certain amount of time (and will try resending up to 3 times) until it gives up waiting to hear back from that router and it moves on to the next one.

So long story short, the router with ??? just means it is configured not to respond to dropped packets (either to reduce traffic or so as to not reveal it's IP address), but if you can ping the final destination, then all of the router's in between are working properly.

pianoman1976
May 26, 2008, 04:29 PM
Well stated, and thank you for taking the time.

Still, how do you explain that this "???" server is 192.168.33.166? I assume you are familiar with this IP designation? What's you spin on this?

pianoman1976
May 26, 2008, 06:51 PM
192.168.0.1 is the IP for my earthlink DSL modem. If I connect my DLink Router to my modem so that I can connect my mac online, does this mean that the modem and the router are using the same IP? I'm trying to determine where this additional local IP is coming from? (192.168.33.166).

savar
May 27, 2008, 04:09 PM
192.168.0.1 is the IP for my earthlink DSL modem. If I connect my DLink Router to my modem so that I can connect my mac online, does this mean that the modem and the router are using the same IP? I'm trying to determine where this additional local IP is coming from? (192.168.33.166).

I'm not sure I understand where you got this IP address from. Can you post your traceroute? (Command and output) If you run traceroutes from 2 different locations you'll get 2 different results, so I don't understand what you mean when you say that ???=192.168.33.166.

The first few hops will be in your local vicinity. If you see a hop that is outside your local network followed by a farther hop that starts with "192.168", then that is weird. A remote computer can lie to you about its IP address, but that would be abnormal behavior for a router since I think it would wreak havoc on adjacent routers.

pianoman1976
May 27, 2008, 09:11 PM
http://i125.photobucket.com/albums/p77/pianoman1976/trace.jpg