Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Traceroute strangeness

0 views
Skip to first unread message

Blake

unread,
Dec 28, 2009, 2:02:54 AM12/28/09
to
My internet connection's been dropping for 3-5 seconds at a time
lately, happening rather frequently. While trying to diagnose, i
noticed something odd going on... When I run a tracert somewhere, it
shows the 1st hop (after my router) as ***, 2nd hop as
208.180.yyy.zzz. However, when I tracert 208.180.yyy.zzz, it shows
that as being only 1 hop away from my router (i.e. skipping the ***).
Similarly, when people are trying to tracert back to me, they get to
the 208.180.yyy.zzz address, then it ***'s out.

It's been quite a while since i've dealt with anything this low level,
but as best I recall, this shouldn't be possible, right? A device
with 1 NIC and 1 IP address shouldn't have multiple devices only 1 hop
away? Assuming that i'm not being a complete moron and this situation
is abnormal, any idea what is / could be going on?

--
Thanks,

Blake

*To Email, remove the hyphens

Pascal Hambourg

unread,
Dec 28, 2009, 5:07:58 AM12/28/09
to
Hello,

Blake a ï¿œcrit :


> My internet connection's been dropping for 3-5 seconds at a time

> lately, happening rather frequently. [...]

May I ask what this has to do with Linux ?

Blake

unread,
Dec 28, 2009, 11:05:27 AM12/28/09
to
On Mon, 28 Dec 2009 11:07:58 +0100, Pascal Hambourg
<boite-...@plouf.fr.eu.org> wrote:

>Hello,
>
>Blake a �crit :


>> My internet connection's been dropping for 3-5 seconds at a time
>> lately, happening rather frequently. [...]
>
>May I ask what this has to do with Linux ?

Not much, maybe. I wasn't 100% sure where I should be posting
something as generic as this, but I was running the tracert on a Linux
box (CentOS 5.4, 2.6.18 kernel) and wondered if, perhaps, what was
going on had something to do with that. I've found in the past that
Linux users are typically more knowledgeable about networking issues,
so I assumed that if the problem wasn't Linux related someone would
probably be able to point me in the right direction.

--
Thanks,

Blake

Moe Trin

unread,
Dec 28, 2009, 2:52:15 PM12/28/09
to
On Mon, 28 Dec 2009, in the Usenet newsgroup comp.os.linux.networking, in
article <bclgj51bqr54gk5rs...@4ax.com>, Blake wrote:

>My internet connection's been dropping for 3-5 seconds at a time
>lately, happening rather frequently. While trying to diagnose, i
>noticed something odd going on... When I run a tracert somewhere

1. tracert is an intentionally crippled microsoft application.
2. tracert uses ICMP Echo Request (ICMP Type 8) as a probe. This
protocol is very often handled differently from TCP, never mind
UDP used by the LBL 'traceroute' application. You're using the
wrong tool and wrong protocol.

>When I run a tracert somewhere, it shows the 1st hop (after my
>router) as ***,

[compton ~]$ whatis traceroute
traceroute (8) - print the route packets take to network host
[compton ~]$

Read the man page and discover this is well known and well documented
behavior - and has been for more than twenty years.

>2nd hop as 208.180.yyy.zzz. However, when I tracert 208.180.yyy.zzz,
>it shows that as being only 1 hop away from my router (i.e. skipping
>the ***).

A packet sniffer might show more - look at the TTLs

>Similarly, when people are trying to tracert back to me, they get to
>the 208.180.yyy.zzz address, then it ***'s out.

See the man page above.

>It's been quite a while since i've dealt with anything this low level,
>but as best I recall, this shouldn't be possible, right?

See the TTLs and source address of the ICMP error packets.

Old guy

0 new messages