Understanding tracert output

  • Thread starter Thread starter Fernando Ronci
  • Start date Start date
F

Fernando Ronci

Hi,

Generally speaking, what does it mean when the last lines of a tracert
output are the same? I'm troubleshooting a network issue and found that when
I do a 'tracert' to a destination address (being 'destination' any host
inside the network I'm troubleshooting) the last five lines are repeated.
For example, suppose aaa.bbb.ccc.ddd is the IP address of the destination
host, then if I perform a tracert from a host just one hop away I get:
tracert -d aaa.bbb.ccc.ddd gives:

TEST #1:
======
Tracing route to aaa.bbb.ccc.ddd over a maximum of 30 hops

1 23 ms 23 ms 23 ms 200.3.60.11
2 28 ms 23 ms 23 ms aaa.bbb.ccc.ddd
3 29 ms 35 ms 35 ms aaa.bbb.ccc.ddd
4 * * * Request timed out.
5 29 ms 35 ms 35 ms aaa.bbb.ccc.ddd
6 30 ms 35 ms 35 ms aaa.bbb.ccc.ddd

Trace complete.

Or from the other side of the world:
TEST #2:
======
[preceding hops trimmed for brevity]
10 81 ms 81 ms 81 ms 154.54.25.238
11 102 ms 99 ms 99 ms 154.54.24.154
12 113 ms 107 ms 117 ms 154.54.3.26
13 112 ms 112 ms 118 ms 154.54.2.154
14 109 ms 109 ms 110 ms 154.54.10.102
15 * * * Timeout
16 * * * Timeout
17 255 ms 257 ms 258 ms aaa.bbb.ccc.ddd
18 255 ms 256 ms 256 ms aaa.bbb.ccc.ddd
19 255 ms 255 ms 255 ms aaa.bbb.ccc.ddd
20 257 ms 256 ms 256 ms aaa.bbb.ccc.ddd
21 257 ms 256 ms 256 ms aaa.bbb.ccc.ddd


As can be seen from both tests, the problem is not dependent on the
host/network initiating the 'tracert'.

A couple more things:
1) When the tracert is performed against my gateway (owned and configured by
the ISP) the same problem happens. This rules out a misconfiguration on my
part.
2) aaa.bbb.ccc.ddd belongs to a small subnet whose mask is: 255.255.255.248
( maybe the masks are messed up somewhere outside of my scope? )

My questions: Why does this happen? What can be so badly configured (and
where) such that the destination has to be probed five times before
'tracert' acknowledges that the host has been reached? How do I identify the
misbehaving device?

Thanks.
Fernando
 
Hi
You Tracert through the Internet into a LAN with Router, Firewalls, and
close ports?
Jack (MS, MVP-Networking)
 
Thanks Jack,

Router --> Yes
Firewall and closed ports --> No (AFAIK)

As you can see this is a very very simple setup. (security hardening will
come at a later stage)
Fernando
 
Hi
A Router acts like a NAT firewall and close all the ports to traffic that
was not generated from inside the Network.
I.e. running a tracert from the outside without special port forwarding
configuration would not work.
Jack (MS, MVP-Networking).
 
Thanks for following up Jack,

On a clean pipe with no firewalls, no NAT, no filters, all ports open, where
you have full visibility to/from the public Internet, there shouldn't be any
issues with tracert (ICMP).
In this context, I cannot understand why the last hop appears five times in
every tracert output targeted at hosts within my subnet. My guess is that
the routes are messed up on my perimeter network, but I don't know how to
prove it so that I call my ISP with a solid argument. Any insights?

Thanks.
Fernando
 
Is your ISP Cox by chance? This occurred in our area about a year or so
ago. Cox claimed nothing was wrong, yet, the problem went away after some
"routine" Cox net maintance.
 
Back
Top