Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
Catsrules

Trace Route Show IP address for Request Timed out hop.

6 minutes ago, Catsrules said:

 

 

 

 

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

 

 

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

 

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message back to the client. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

 

Edit:

Forgot to mention, depending on the client it might do UDP instead and in that case it will pick a random port that's usually not listened on and in that case a port unreachable message will be sent instead.

Recommended Posts

Posted · Original PosterOP

I have been playing around with routing and I was wondering using the tracert command on windows is it possible to show the IP address of the hop that is not responding? It isn't responding because the router has ICMP responded turned off the route is actually working fine, but I want to know what router it is going through. Knowing the ip address would be helpful in this case.

 

 

Link to post
Share on other sites

I'm a little confused as to the setup. I assume you rightfully have physical access to this router? You should be able to determine the address even if it's set to not respond to tracert requests.

 

I remember back in college we simulated a GRE Tunnel where we made a middle router transparent to the end clients. Tracert couldn't see it at all. Perhaps that's irrelevant information, oh well.

 

If you don't have access to this router I get the feeling you may be trying to do something someone doesn't want you to do/know.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Posted · Original PosterOP
1 hour ago, Windows7ge said:

I'm a little confused as to the setup. I assume you rightfully have physical access to this router? You should be able to determine the address even if it's set to not respond to tracert requests.

 

I remember back in college we simulated a GRE Tunnel where we made a middle router transparent to the end clients. Tracert couldn't see it at all. Perhaps that's irrelevant information, oh well.

 

If you don't have access to this router I get the feeling you may be trying to do something someone doesn't want you to do/know.

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shouldn't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  Isn't that the point of routing is to tell you the IP address of other routers?

 

*edit*

I should clarify I know the IP address of all routers already. But in my environment I have two paths to a network I am trying to determine what route my computer it taking to get to this other network. But when it reaches that point it just times out so I don't know what router it is actually going through. 

Link to post
Share on other sites
8 minutes ago, Catsrules said:

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shoudln't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  

To my understanding it doesn't work like that. The only neighbor the computer knows about is the router. If it is told to go to an address that doesn't exist in the LAN/Subnet it sends it to the router. Beyond that it waits patiently for the router to give a response. The computer doesn't actually know if the client exists until the router gives a reply.

 

So if one of the routers on the tracert decides it doesn't want to reply it won't and the computer won't learn it's address as a result and will just go to the next hop.

 

But lets ask someone who will probably know more about it than myself @leadeater


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
9 minutes ago, Catsrules said:

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shoudln't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  Isn't that the point of routing is to tell you the IP address of other routers?

Traceroute just uses ICMP to have the router return an unreachable request and that's where the IP comes from since it will originate an unreachable response and send it back to the computer. If you could get routing information from traceroute that would be a HUGE security vulnerability.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Posted · Original PosterOP

 

6 minutes ago, Windows7ge said:

To my understanding it doesn't work like that. The only neighbor the computer knows about is the router. If it is told to go to an address that doesn't exist in the LAN/Subnet it sends it to the router. Beyond that it waits patiently for the router to give a response. The computer doesn't actually know if the client exists until the router gives a reply.

 

So if one of the routers on the tracert decides it doesn't want to reply it won't and the computer won't learn it's address as a result and will just go to the next hop.

 

But lets ask someone who will probably know more about it than myself @leadeater

 

5 minutes ago, Lurick said:

Traceroute just uses ICMP to have the router return an unreachable request and that's where the IP comes from since it will originate an unreachable response and send it back to the computer. If you could get routing information from traceroute that would be a HUGE security vulnerability.

 

 

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

 

 

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

 

Link to post
Share on other sites
1 minute ago, Catsrules said:

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

That's my understanding of how it works.

2 minutes ago, Catsrules said:

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

Gonna have to look at Lurick for this one I'm actually not certain. I imagine it's a flag or some type of payload.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
6 minutes ago, Catsrules said:

 

 

 

 

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

 

 

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

 

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message back to the client. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

 

Edit:

Forgot to mention, depending on the client it might do UDP instead and in that case it will pick a random port that's usually not listened on and in that case a port unreachable message will be sent instead.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
2 minutes ago, Lurick said:

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

Shows how little I know but that's a pretty smart way of doing it.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Just now, Windows7ge said:

Shows how little I know but that's a pretty smart way of doing it.

Yah, not sure if you saw the edit, but it also depends on the client. Windows uses ICMP while Linux is more likely to use UDP packets instead.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Posted · Original PosterOP
11 minutes ago, Lurick said:

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message back to the client. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

 

Edit:

Forgot to mention, depending on the client it might do UDP instead and in that case it will pick a random port that's usually not listened on and in that case a port unreachable message will be sent instead.

Ahh, now it is starting to come together in my head.

Thanks, for the information, that makes a lot more sense to me now.

 

Oh I and thanks for your help too @Windows7ge

Link to post
Share on other sites
19 minutes ago, Lurick said:

Yah, not sure if you saw the edit, but it also depends on the client. Windows uses ICMP while Linux is more likely to use UDP packets instead.

Interesting. If we wanted to get extremely technical though wouldn't the increment of TTL technically not be +1 or -1 but 2^2?

 

Ex:

1st hop: TTL = 1

2nd hop: TTL = 2

3rd hop: TTL = 4

4th TTL = 8

5th TTL = 16

6th TTL = 32

Etc?

 

25 minutes ago, Catsrules said:

Oh I and thanks for your help too

Your welcome but Lurick did a much better job answering your question. As for answering your topic's question you'd basically be trying to circumvent a security feature. Which is a topic the forum doesn't allow the discussion of (no hacking/cracking). Maybe because you own the equipment it's in a gray area but I wouldn't want to risk the ban hammer.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
Just now, Windows7ge said:

Interesting. If we wanted to get extremely technical though wouldn't the increment of TTL technically not be +1 or -1 but 2^2?

 

Ex:

1st hop: TTL = 1

2nd hop: TTL = 2

3rd hop: TTL = 4

4th TTL = 8

5th TTL = 16

6th TTL = 32

Etc?

 

Your welcome but Lurick did a much better job answering your question. As for answering your topic's question you'd basically be trying to circumvent a security feature. Which is a topic the forum doesn't allow the discussion of (no hacking/cracking). Maybe because you own the equipment it's in a gray area but I wouldn't want to risk the ban hammer.

Since each hop only decrements once then it would just need to increment by 1 each time so you only need +1 to the total number of hops to make sure it gets to the next device in the path.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
Just now, Lurick said:

Since each hop only decrements once then it would just need to increment by 1 each time so you only need +1 to the total number of hops to make sure it gets to the next device in the path.

Yes. I'm saying from what I was taught about TTL is that it doesn't operate on a base 10 system it operates on base 2 so each hop would be equal to +1 but the numeric system on how it's shown to the user would be 1 2 4 8 16 32 etc.

 

So as each hop is passed that gets divided by 2 and when it reaches 1 (or 0 not sure) then it gets that ports information. Or would I be wrong about this you've taken more CISCO Networking courses than I have.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites
1 minute ago, Windows7ge said:

Yes. I'm saying from what I was taught about TTL is that it doesn't operate on a base 10 system it operates on base 2 so each hop would be equal to +1 but the numeric system on how it's shown to the user would be 1 2 4 8 16 32 etc.

 

So as each hop is passed that gets divided by 2 and when it reaches 1 (or 0 not sure) then it gets that ports information. Or would I be wrong about this you've taken more CISCO Networking courses than I have.

Hmm, I've not heard that before. I've always known hop count to be each time a router would process the packet in the chain. One thing that can add confusion is if you're going to a virtual interface inside the router, then you have 1 hop to the ingress physical interface and then a second hop to the virtual interface but if it's passing through the device then it's just a decrement of 1 since it's only processed by the box once. I know the field in the packet is 8 bits in length though.


Current Network Layout:

Current Build Log/PC:

Prior Build Log/PC:

Link to post
Share on other sites
24 minutes ago, Lurick said:

Hmm, I've not heard that before. I've always known hop count to be each time a router would process the packet in the chain. One thing that can add confusion is if you're going to a virtual interface inside the router, then you have 1 hop to the ingress physical interface and then a second hop to the virtual interface but if it's passing through the device then it's just a decrement of 1 since it's only processed by the box once. I know the field in the packet is 8 bits in length though.

I will have to try and look this up again if someone doesn't fly in with the answer. I'm pretty sleep deprived so I could just be spewing non-sense but if I use the Ping command as an example you'll see it start at a TTL of 255. From what I understand this will drop to 127 then 63 then 31, etc with each hop until it either reaches the destination or hits 0 and gets dropped.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites

@Windows7ge

There's also some stuff that happens at layer 2 i.e. MPLS/VPLS which you can't easily see in things like traceroute.

 

Quote

For end-users the use of MPLS is not visible directly, but can be assumed when doing a traceroute: only nodes that do full IP routing are shown as hops in the path, thus not the MPLS nodes used in between, therefore when you see that a packet hops between two very distant nodes and hardly any other 'hop' is seen in that provider's network (or AS) it is very likely that network uses MPLS.

 

Link to post
Share on other sites
7 hours ago, leadeater said:

@Windows7ge

There's also some stuff that happens at layer 2 i.e. MPLS/VPLS which you can't easily see in things like traceroute.

 

 

MPLS definitely will show up in a traceroute with ICMP delivering even label information. You tend not to see it because it’s either manually set to a separate TTL in the outer label via a command at the edge, the provider uses IS-IS which CLNP can be used or finally a MPLS core with BGP at the edge. First being a security measure with 2/3 designed around no IP intra transit.

 

You can still use MPLS ICMP at CPE and see MPLS labels and hops. VPLS you will never see hops because tunnels

Link to post
Share on other sites
4 hours ago, mynameisjuan said:

You tend not to see it because it’s either manually set to a separate TTL in the outer label via a command at the edge, the provider uses IS-IS which CLNP can be used or finally a MPLS core with BGP at the edge. First being a security measure with 2/3 designed around no IP intra transit.

Yea that's more what I was getting at, most really like to obfuscate it. I quite often see traffic traversing over the internet then drop in to what I can tell is an MPLS segment and the operator has configured it in "nothing to see here". I'm pretty sure our UFB (Brand name) GPON network is largely MPLS so they can better deliver Internet/IP + VoIP + PSTN + IPTV among other benefits but often it's not done in the best way i.e. all my traffic goes up to Auckland to my ISP then IP routing is done on my traffic, which most of it is dst my friends place in my town where my other server is so round trip 18ms I don't need grrr (because it goes back to Auckland on the return, fml).

Link to post
Share on other sites
18 hours ago, Lurick said:

Hmm, I've not heard that before.

Yeah, disregard what I said I can't seem to find any information on it. As far as my research is showing me is like you said TTL is decremented by 1 on each hop and that's how it is shown to the user as well. Sorry for introducing confusion.


Guides & Tutorials:

A Beginners Guide to Debian CLI Based File Servers

A Beginners Guide to PROXMOX

How to Use Rsync on Microsoft Windows for Cross-platform Automatic Data Replication

A How To Guide: Setting up SMB3.0 Multichannel on FreeNAS

How You can Reset Your Windows Login Password with Hiren's BootCD

 

Guide/Tutorial in Progress:

How to recover your Windows login password with CMD | Hiren'sBootCD(updated) | Medicat

 

In the Queue:

How to Build Your Own DAS

GPU Pass-though w/ QEMU on Debian Linux

 

Don't see what you need? Check the Full List or *PM me, if I haven't made it I'll add it to the list.

*NOTE: I'll only add it to the list if the request is something I know I can do.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×