0

I'm trying to find out the operating system of a server on which a website is located for my homework.

I figured I could do this by using the combination of tracert and ping commands.

However, when I use tracert I always get 1 less hop than I should (I think?).

When I ping www.google.com the TTL value I get is 119 but tracert only shows 8 hops. I'm assuming the sum of those two values should equal 128.

Similarly when I ping my virtual machine, it shows 1 hop and TTL of 64. Since I'm pinging the local host I would expect 0 hops.

I'm sure there is an easy explanation for this but I haven't been able to found it online or maybe I just worded it poorly.

Thanks for any help with this.

Jamess11
  • 114
  • 6
  • i think this is due to how trace route works, some ISPs doesn't respond to a expired packet but will still forward the packet, check the wiki page. – Jesse Taube May 26 '21 at 16:35
  • After some further searching I've found that tracert won't report devices that don't decrement the TTL. I think that might be the reason. However, it's still unclear to me why it shows the hop to the virtual machine. – Jamess11 May 26 '21 at 16:41

1 Answers1

0

Paths across the internet tend to be asymmetrical. In other words, the path from your computer to Google can (and probably is) different from the path back.

The TTL you're seeing in the ping command suggests that there are 128-119=9 hops on the path from Google to you. Google the ICMP Echo Reply (ping reply) with a TTL of 128, and you got it with 119.

Traceroute however traces the path from your machine to google, and it's quite possible that there's one less hop on that path.

Malt
  • 28,965
  • 9
  • 65
  • 105