Traceroute Theory

Question

I am toying with trace route, my application send a ICMP echo request with a ttl of 0 every time i receive a time exceeded message i increment the ttl by one and resent the package, but what happens is I have 2 routers on my network i can trace the route through these router but third hop always ends up being one of the open dns servers same ip every time no matter where i traceroute to. AFAIK this is the correct traceroute implementation, can anyone tell me what i am doing wrong?

The first packet should have a ttl of 1, not 0. It sounds to me like a route is forwarding all ICMP request to a specific location. Take your app to a different location and see if it works there. — dbasnett, Apr 05 '10 at 21:44

score 1 · Answer 1 · answered Mar 31 '10 at 12:13

1

It's possible that both routers connect to the same peer, and you'd get the described behaviour.

Without more info, it's not really possible to answer your question.

answered Mar 31 '10 at 12:13

Frank Shearar

17,012
8
67
94

"routers connect to the same peer" can you explain what you meant by that? – Hamza Yerlikaya Mar 31 '10 at 13:20
I mean that there's nothing particularly strange about your two routers routing to the same machine. – Frank Shearar Mar 31 '10 at 13:53

score 0 · Answer 2 · answered Mar 31 '10 at 12:22

While it's hard to say without any additional information, the best bet would be to install some packet sniffer — probably wireshark / www.wireshark.org — and compare the icmp packets — what goes on the wire with your traceroute, and what does the system /usr/bin/traceroute (or \windows\system32\tracert) send.

score 0 · Answer 3 · answered Mar 31 '10 at 14:58

0

If you have a NAT router on the path it can screw up your nicely adjusted TTL's

answered Mar 31 '10 at 14:58

joveha

2,599
2
17
19

i have two routers on the path one is mine which i use inside the room the other belongs to the building i'm living in which very much like to mess with my connection, but regular traceroute works fine in this situation. – Hamza Yerlikaya Mar 31 '10 at 15:08
I see. This "open dns server", is that also a router "in the building" or somewhere close? Have you tried using the regular traceroute command (with ICMP and UDP) to see if the result differ? Without more information I would conclude that the third router, which also acts as DNS, is blocking your packets - possibly because it's also NAT'ing. – joveha Mar 31 '10 at 16:04
Are you saying that if you use the traceroute command it works, but your app that is mimicking traceroute doesn't? Seeing code might help us help you. – dbasnett Apr 05 '10 at 21:46

Traceroute Theory

3 Answers3