Trace Route Show IP address for Request Timed out hop.

[Catsrules]

I have been playing around with routing and I was wondering using the tracert command on windows is it possible to show the IP address of the hop that is not responding? It isn't responding because the router has ICMP responded turned off the route is actually working fine, but I want to know what router it is going through. Knowing the ip address would be helpful in this case.

 

 

[samcool55]

You can try https://gsuite.tools/traceroute

But i'm not sure if this gives the answer you want.

[Catsrules]

7 minutes ago, samcool55 said:

You can try https://gsuite.tools/traceroute

But i'm not sure if this gives the answer you want.

Unfortunately all of my routers I am using all all internal (local networks), so an external website on the internet won't be able to see anything. 

[Windows7ge]

I'm a little confused as to the setup. I assume you rightfully have physical access to this router? You should be able to determine the address even if it's set to not respond to tracert requests.

 

I remember back in college we simulated a GRE Tunnel where we made a middle router transparent to the end clients. Tracert couldn't see it at all. Perhaps that's irrelevant information, oh well.

 

If you don't have access to this router I get the feeling you may be trying to do something someone doesn't want you to do/know.

[Catsrules]

1 hour ago, Windows7ge said:

I'm a little confused as to the setup. I assume you rightfully have physical access to this router? You should be able to determine the address even if it's set to not respond to tracert requests.

 

I remember back in college we simulated a GRE Tunnel where we made a middle router transparent to the end clients. Tracert couldn't see it at all. Perhaps that's irrelevant information, oh well.

 

If you don't have access to this router I get the feeling you may be trying to do something someone doesn't want you to do/know.

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shouldn't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  Isn't that the point of routing is to tell you the IP address of other routers?

 

*edit*

I should clarify I know the IP address of all routers already. But in my environment I have two paths to a network I am trying to determine what route my computer it taking to get to this other network. But when it reaches that point it just times out so I don't know what router it is actually going through. 

[Windows7ge]

8 minutes ago, Catsrules said:

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shoudln't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  

To my understanding it doesn't work like that. The only neighbor the computer knows about is the router. If it is told to go to an address that doesn't exist in the LAN/Subnet it sends it to the router. Beyond that it waits patiently for the router to give a response. The computer doesn't actually know if the client exists until the router gives a reply.

 

So if one of the routers on the tracert decides it doesn't want to reply it won't and the computer won't learn it's address as a result and will just go to the next hop.

 

But lets ask someone who will probably know more about it than myself @leadeater

[Lurick]

9 minutes ago, Catsrules said:

Yeah I have full access to everything it is just a demo environment I am playing with.

 

I could just enable ICMP and they would become visible but I was wondering if there was a was to get the IP address without having to enable ICMP. Shoudln't tracert know all of the IP addresses along the hops even if some of them don't respond to a ping?  Isn't that the point of routing is to tell you the IP address of other routers?

Traceroute just uses ICMP to have the router return an unreachable request and that's where the IP comes from since it will originate an unreachable response and send it back to the computer. If you could get routing information from traceroute that would be a HUGE security vulnerability.

[Catsrules]

 

6 minutes ago, Windows7ge said:

To my understanding it doesn't work like that. The only neighbor the computer knows about is the router. If it is told to go to an address that doesn't exist in the LAN/Subnet it sends it to the router. Beyond that it waits patiently for the router to give a response. The computer doesn't actually know if the client exists until the router gives a reply.

 

So if one of the routers on the tracert decides it doesn't want to reply it won't and the computer won't learn it's address as a result and will just go to the next hop.

 

But lets ask someone who will probably know more about it than myself @leadeater

 

5 minutes ago, Lurick said:

Traceroute just uses ICMP to have the router return an unreachable request and that's where the IP comes from since it will originate an unreachable response and send it back to the computer. If you could get routing information from traceroute that would be a HUGE security vulnerability.

 

 

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

 

 

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

 

[Windows7ge]

1 minute ago, Catsrules said:

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

That's my understanding of how it works.

2 minutes ago, Catsrules said:

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

Gonna have to look at Lurick for this one I'm actually not certain. I imagine it's a flag or some type of payload.

[Lurick]

6 minutes ago, Catsrules said:

 

 

 

 

Ahh so tracert actually don't know all of the ip addresses in the route, it is only when the routers replies back to the request telling tracert there ip?

 

 

So how do the routers know I am asking for a response back? Does tracert send a special request or something that most routers listen for?

 

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message back to the client. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

 

Edit:

Forgot to mention, depending on the client it might do UDP instead and in that case it will pick a random port that's usually not listened on and in that case a port unreachable message will be sent instead.

[Windows7ge]

2 minutes ago, Lurick said:

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

Shows how little I know but that's a pretty smart way of doing it.

[Lurick]

Just now, Windows7ge said:

Shows how little I know but that's a pretty smart way of doing it.

Yah, not sure if you saw the edit, but it also depends on the client. Windows uses ICMP while Linux is more likely to use UDP packets instead.

[Catsrules]

11 minutes ago, Lurick said:

Traceroute sends packets with a TTL starting at 1 and increasing by 1 for each hop until the destination is reached. Because the router that receives the packet will decrement the TTL by 1, the router will set it to 0 and by doing so will send out a time exceeded error message back to the client. Repeat by incrementing the TTL by 1 and one further hop sending the time exceeded error message back. The message will be sourced by the routers interface in most cases when it responds back, thus giving the IP address of the router away. Routers can be set to ignore and not respond with the time exceeded messages or they can be filtered by a firewall (which, unless configured otherwise, won't respond by default)

 

Edit:

Forgot to mention, depending on the client it might do UDP instead and in that case it will pick a random port that's usually not listened on and in that case a port unreachable message will be sent instead.

Ahh, now it is starting to come together in my head.

Thanks, for the information, that makes a lot more sense to me now.

 

Oh I and thanks for your help too @Windows7ge

[Windows7ge]

19 minutes ago, Lurick said:

Yah, not sure if you saw the edit, but it also depends on the client. Windows uses ICMP while Linux is more likely to use UDP packets instead.

Interesting. If we wanted to get extremely technical though wouldn't the increment of TTL technically not be +1 or -1 but 2^2?

 

Ex:

1st hop: TTL = 1

2nd hop: TTL = 2

3rd hop: TTL = 4

4th TTL = 8

5th TTL = 16

6th TTL = 32

Etc?

 

25 minutes ago, Catsrules said:

Oh I and thanks for your help too

Your welcome but Lurick did a much better job answering your question. As for answering your topic's question you'd basically be trying to circumvent a security feature. Which is a topic the forum doesn't allow the discussion of (no hacking/cracking). Maybe because you own the equipment it's in a gray area but I wouldn't want to risk the ban hammer.

[Lurick]

Just now, Windows7ge said:

Interesting. If we wanted to get extremely technical though wouldn't the increment of TTL technically not be +1 or -1 but 2^2?

 

Ex:

1st hop: TTL = 1

2nd hop: TTL = 2

3rd hop: TTL = 4

4th TTL = 8

5th TTL = 16

6th TTL = 32

Etc?

 

Your welcome but Lurick did a much better job answering your question. As for answering your topic's question you'd basically be trying to circumvent a security feature. Which is a topic the forum doesn't allow the discussion of (no hacking/cracking). Maybe because you own the equipment it's in a gray area but I wouldn't want to risk the ban hammer.

Since each hop only decrements once then it would just need to increment by 1 each time so you only need +1 to the total number of hops to make sure it gets to the next device in the path.

[Windows7ge]

Just now, Lurick said:

Since each hop only decrements once then it would just need to increment by 1 each time so you only need +1 to the total number of hops to make sure it gets to the next device in the path.

Yes. I'm saying from what I was taught about TTL is that it doesn't operate on a base 10 system it operates on base 2 so each hop would be equal to +1 but the numeric system on how it's shown to the user would be 1 2 4 8 16 32 etc.

 

So as each hop is passed that gets divided by 2 and when it reaches 1 (or 0 not sure) then it gets that ports information. Or would I be wrong about this you've taken more CISCO Networking courses than I have.

[Lurick]

1 minute ago, Windows7ge said:

Yes. I'm saying from what I was taught about TTL is that it doesn't operate on a base 10 system it operates on base 2 so each hop would be equal to +1 but the numeric system on how it's shown to the user would be 1 2 4 8 16 32 etc.

 

So as each hop is passed that gets divided by 2 and when it reaches 1 (or 0 not sure) then it gets that ports information. Or would I be wrong about this you've taken more CISCO Networking courses than I have.

Hmm, I've not heard that before. I've always known hop count to be each time a router would process the packet in the chain. One thing that can add confusion is if you're going to a virtual interface inside the router, then you have 1 hop to the ingress physical interface and then a second hop to the virtual interface but if it's passing through the device then it's just a decrement of 1 since it's only processed by the box once. I know the field in the packet is 8 bits in length though.

[Windows7ge]

24 minutes ago, Lurick said:

Hmm, I've not heard that before. I've always known hop count to be each time a router would process the packet in the chain. One thing that can add confusion is if you're going to a virtual interface inside the router, then you have 1 hop to the ingress physical interface and then a second hop to the virtual interface but if it's passing through the device then it's just a decrement of 1 since it's only processed by the box once. I know the field in the packet is 8 bits in length though.

I will have to try and look this up again if someone doesn't fly in with the answer. I'm pretty sleep deprived so I could just be spewing non-sense but if I use the Ping command as an example you'll see it start at a TTL of 255. From what I understand this will drop to 127 then 63 then 31, etc with each hop until it either reaches the destination or hits 0 and gets dropped.

[leadeater]

@Windows7ge

There's also some stuff that happens at layer 2 i.e. MPLS/VPLS which you can't easily see in things like traceroute.

 

Quote

For end-users the use of MPLS is not visible directly, but can be assumed when doing a traceroute: only nodes that do full IP routing are shown as hops in the path, thus not the MPLS nodes used in between, therefore when you see that a packet hops between two very distant nodes and hardly any other 'hop' is seen in that provider's network (or AS) it is very likely that network uses MPLS.

 

[mynameisjuan]

7 hours ago, leadeater said:

@Windows7ge

There's also some stuff that happens at layer 2 i.e. MPLS/VPLS which you can't easily see in things like traceroute.

 

 

MPLS definitely will show up in a traceroute with ICMP delivering even label information. You tend not to see it because it’s either manually set to a separate TTL in the outer label via a command at the edge, the provider uses IS-IS which CLNP can be used or finally a MPLS core with BGP at the edge. First being a security measure with 2/3 designed around no IP intra transit.

 

You can still use MPLS ICMP at CPE and see MPLS labels and hops. VPLS you will never see hops because tunnels

[leadeater]

4 hours ago, mynameisjuan said:

You tend not to see it because it’s either manually set to a separate TTL in the outer label via a command at the edge, the provider uses IS-IS which CLNP can be used or finally a MPLS core with BGP at the edge. First being a security measure with 2/3 designed around no IP intra transit.

Yea that's more what I was getting at, most really like to obfuscate it. I quite often see traffic traversing over the internet then drop in to what I can tell is an MPLS segment and the operator has configured it in "nothing to see here". I'm pretty sure our UFB (Brand name) GPON network is largely MPLS so they can better deliver Internet/IP + VoIP + PSTN + IPTV among other benefits but often it's not done in the best way i.e. all my traffic goes up to Auckland to my ISP then IP routing is done on my traffic, which most of it is dst my friends place in my town where my other server is so round trip 18ms I don't need grrr (because it goes back to Auckland on the return, fml).

[Windows7ge]

18 hours ago, Lurick said:

Hmm, I've not heard that before.

Yeah, disregard what I said I can't seem to find any information on it. As far as my research is showing me is like you said TTL is decremented by 1 on each hop and that's how it is shown to the user as well. Sorry for introducing confusion.