[e2e] Analysis of Traceroute

Cottrell, Les cottrell at slac.stanford.edu
Mon Dec 19 08:26:06 PST 2005


My understanding is: The !H means the Host requested (198.133.219.25) is unreachable from this router 203.200.10.209 (the man pages mention this). Traceroute then increments the TTL by 1 and sends the default three more UDP probes until the TTL reaches the default max 30. It looks like the router sometime disregards the probes (maybe due to rate limiting) and so traceroute gives the timeout response of * to each probe and sometimes  gives the ICMP host unreachable response.

________________________________

From: end2end-interest-bounces at postel.org [mailto:end2end-interest-bounces at postel.org] On Behalf Of Manjunath D
Sent: Monday, December 19, 2005 4:46 AM
To: end2end-interest at postel.org
Subject: [e2e] Analysis of Traceroute


Hi,

Could you please help me understand the output of the following traceroute output. ?

a) My point of doubt is that from the 2nd hop the packets are hitting the same host (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )
and as you can see, this repeats intermittenly for the other following hops.

(a.1) How can the packets travel back to the same host again?  
(a.2) Does this indicate there was a loop formed (due to router fault?).
(a.3) or Worse, is this a bug in Solaris 10 version of traceroute utility?

b) what does !H indicate in the hop output?


My System:> Solaris 10 on Sparc


Thanks
>> Manjunath

================================================ Traceroute - capture -Start  =======================
traceroute MailScanner has detected a possible fraud attempt from "198.133.219.25" claiming to be MailScanner warning: numerical links are often malicious: 198.133.219.25 <http://198.133.219.25> 
traceroute to MailScanner has detected a possible fraud attempt from "198.133.219.25" claiming to be MailScanner warning: numerical links are often malicious: 198.133.219.25 <http://198.133.219.25>  (MailScanner has detected a possible fraud attempt from "198.133.219.25" claiming to be MailScanner warning: numerical links are often malicious: 198.133.219.25 <http://198.133.219.25> ), 30 hops max, 40 byte packets
 1  fire.mycompany.com (MailScanner has detected a possible fraud attempt from "192.168.3.1" claiming to be MailScanner warning: numerical links are often malicious: 192.168.3.1 <http://192.168.3.1> )  1.071 ms  0.443 ms  0.323 ms
 2  MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209>  (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )  1.662 ms  1.716 ms  1.538 ms
 3  * * *
 4  * MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209>  (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )  1.794 ms !H *
 5  * * *
 6  * * *
 7  * * *
 8  MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209>  (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )  2.678 ms !H * *
 9  * MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209>  (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )  2.548 ms !H *
10  * * *
11  * * MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209>  (MailScanner has detected a possible fraud attempt from "203.200.10.209" claiming to be MailScanner warning: numerical links are often malicious: 203.200.10.209 <http://203.200.10.209> )  1.937 ms !H
12  * * *

================================================ Traceroute - capture - End =======================



More information about the end2end-interest mailing list