[TriLUG] Understanding Traceroute

Aaron Joyner aaron at joyner.ws
Tue Mar 1 12:04:23 EST 2011


Another way of phrasing this (maybe more precise, maybe less... but
hopefully illuminative) is to say that you'll see an entry for every
host along your path which:
1) is making a layer 3 routing decision about your packet
2) decrements the IP TTL
3) responds with an ICMP TTL Expired in transit when it decrements a
packet's TTL to zero
4) can send you ICMP packets (ie. those packets aren't dropped by some
intermediary)

The reason you don't see the cable modem is that it doesn't pass test
(1) above.  It's picks up packets off your local ethernet segment and
(mostly) blindly transfers them across the cable network to another
end point, where they're picked up off the cable network and injected
onto some other network segment, probably some flavor of Ethernet
inside your provider's central office.  It's acting more like a switch
or a hub, than a router, per-say.  An even better analogy would be to
say that it's acting like a modem.  :)

Not seeing your gateway is marginally more surprising, but there are
some simple / innocent explanations.  What was the first hop you did
see?  It's plausible that is the same machine as your gateway, but it
responds with a TTL expired-in-transit message from a different IP on
the same router.  Routers have (by definition) more than one
interface, usually more than just a couple.  There's not a lot of
benefit in correlating the source IP of that TTL expired-in-transit
packet with the interface IP they received the packet on, so it's
usually not done.

If you can include the output of your traceroute command, sanitized to
protect the innocent if you like, we can probably help you to decode
it's particulars.

Happy networking!
Aaron S. Joyner


On Tue, Mar 1, 2011 at 10:57 AM, Alexey Toptygin <alexeyt at freeshell.org> wrote:
> On Tue, 1 Mar 2011, James Jones wrote:
>
>> All,
>>
>> I attempted to use traceroute ( ubuntu 10.04 ) today and expected
>> certain results which didn't happen. I expected to see:
>> 1. my router's ip address
>> 2. my cable modem's ip address
>> 3. my gateway's ip address
>> 4. finally the route to destination
>> I saw number 1 & 4, but not number 2 or 3.
>>
>> command was simple  traceroute destination
>>
>> Was I expecting too much?
>
> Traceroute will show you the IP on the interface facing you on every device
> along the path to destination that decrements the IP TTL field (i.e. acts as
> a router), with the caviat that some devices will not send the ICMP messages
> that traceroute relies on, in which case you will see stars for that hop.
>
> IME cable modems never have an IP address assigned, they are purely layer 2
> devices.
>
> You should be seeing the IP of the gateway upstream from the router on your
> premises. If you don't and you see a row of stars that means it's not
> sending ICMP TTL exceeded messages. If its IP is missing and you don't see a
> row of stars, it's possible that it's configured to send all ICMP errors
> from a single IP, which is not the one on the interface facing you (i.e. you
> are seeing it, but not with the address you expect); another possibility in
> this case is that the gateway is misconfigured and is not decrementing TTL
> for some reason (this is very rare, but I have seen it at least once).
>
>                        Alexey
> --
> This message was sent to: Aaron S. Joyner <aaron at joyner.ws>
> To unsubscribe, send a blank message to trilug-leave at trilug.org from that
> address.
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> Unsubscribe or edit options on the web  :
> http://www.trilug.org/mailman/options/trilug/aaron%40joyner.ws
> TriLUG FAQ          : http://www.trilug.org/wiki/Frequently_Asked_Questions
>



More information about the TriLUG mailing list