UGN Security
Posted By: sprinter tracert question - 04/08/02 11:10 PM
i dunno if this is a newbie question or a general question so...what does this trce route tell you? firewall? obviously the packets timed out. but why?

traceroute 210.174.0.175

Type escape sequence to abort.
Tracing the route to pae00af.tktkpc00.ap.so-net.ne.jp (210.174.0.175)

1 core7.otemachi.dti.ad.jp (203.181.69.6) 0 msec 0 msec 0 msec
2 AS2527-2.ix.jpix.ad.jp (210.171.224.91) [AS 7527] 0 msec 0 msec 0 msec
3 202.213.198.186 [AS 2527] 0 msec 4 msec 0 msec
4 210.132.250.227 [AS 2527] 0 msec 0 msec 0 msec
5 210.132.248.30 [AS 2527] 20 msec 20 msec 24 msec
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Posted By: olosoft Re: tracert question - 04/09/02 12:49 AM
ok, tracert stands for trace route. it returns every ip of every computer you connect to until you reach your destination. for example, when you connect to a site, your computer contacts your local isps server, then the main server for your area, then the main server, then it connects to a server in the area of your target, then to your targets isp, local, and finaly the actualy target.

take undergroundnews.com
Quote:
Code
C:\>tracert -h 100 undergroundnews.com

Tracing route to undergroundnews.com [209.120.128.141]
over a maximum of 100 hops:

  1    30 ms    30 ms    40 ms  dsl-254-066.dsl-isp.net [216.254.66.1]
  2    10 ms    20 ms    20 ms  border28.g3-2.speakeasy-26.nyc.pnap.net [209.191.132.48]
  3    20 ms    10 ms    20 ms  core1.ge3-0-bbnet2.nyc.pnap.net [209.191.128.129]
  4    10 ms    20 ms    10 ms  sl-bb12-nyc-8-0.sprintlink.net [160.81.48.17]
  5    10 ms    20 ms    20 ms  sl-bb20-nyc-12-1.sprintlink.net [144.232.7.121]
  6    10 ms    20 ms    20 ms  pos1-3.core1.NewYork1.Level3.net [209.244.160.185]
  7    10 ms    20 ms    20 ms  ae0-52.mp2.NewYork1.Level3.net [64.159.17.34]
  8    10 ms    20 ms    20 ms  so-0-2-0.mp2.Philadelphia1.Level3.net [64.159.0.133]
  9    20 ms    10 ms    30 ms  gige9-1.hsipaccess1.Philadelphia1.Level3.net [64.159.0.154]
 10    20 ms    20 ms    20 ms  unknown.Level3.net [63.209.178.162]
 11    10 ms    20 ms    20 ms  209.50.43.194
 12    20 ms    20 ms    30 ms  rif0.phl049s101.yipes.com [66.54.144.46]
 13    20 ms    20 ms    30 ms  rif2.phl018s101.yipes.com [209.50.43.26]
 14    20 ms    60 ms    30 ms  66.7.139.82
 15    20 ms    30 ms    20 ms  209.120.128.141

Trace complete.


thats the way it should come out, also, if possible tracert automaticaly looks up the dns' of the ips.

as for those *'s you were getting, thats because you were timing out, try to use -t 1000000000000 wink thats the timeout in miliseconds. also that -h 100 is that maximum number of hops to preform.

ah, and there was some program, i forget what it was called, that did a tracert and then a whois on each of the nodes and tried to find out the location, then it plotted all the points on a map and connected them, it was pretty coo'. i dont remember what it was called tho...
Posted By: CryptoKnight Re: tracert question - 04/09/02 01:07 AM
VisualRoute
Posted By: Gremelin Re: tracert question - 04/09/02 01:31 AM
Basically it logs all hops between you and your specifide host:

Quote:

Results for undergroundnews.com:
traceroute to undergroundnews.com (209.120.128.141) from chiba.eol.ca (205.189.151.6), 30 hops max, 40 byte packets
1 gateway.echo-on.net (205.189.152.126) 1.625 ms 1.213 ms 0.959 ms
2 border1.echo-on.net (192.168.12.2) 1.839 ms 1.636 ms 1.726 ms
3 FastEthernet1-0.tor1.westel.com (204.244.24.245) 2.119 ms 2.011 ms 1.762 ms
4 * * *
5 if-5-1.core1.Toronto2.Teleglobe.net (64.86.84.221) 2.483 ms 2.410 ms 2.347 ms
6 if-10-0.core1.Scarborough.Teleglobe.net (64.86.80.241) 3.348 ms 3.124 ms 3.055 ms
7 if-8-0.core2.Scarborough.Teleglobe.net (207.45.222.206) 127.025 ms 110.942 ms 78.949 ms
8 if-3-0.core2.Chicago3.Teleglobe.net (207.45.222.182) 107.920 ms 106.073 ms 106.650 ms
9 if-2-0.core3.NewYork.Teleglobe.net (64.86.83.218) 106.682 ms 108.240 ms 106.765 ms
10 if-8-0.core2.LosAngeles.Teleglobe.net (64.86.83.174) 106.126 ms 108.046 ms 109.939 ms
11 if-5-0.core1.LosAngeles.Teleglobe.net (207.45.223.62) 108.934 ms 106.097 ms 107.920 ms
12 pos6-1.core2.LosAngeles1.Level3.net (209.0.227.33) 105.805 ms 107.336 ms 106.229 ms
13 so-4-1-0.mp2.LosAngeles1.Level3.net (209.247.10.205) 90.317 ms 90.483 ms 90.551 ms
14 so-0-0-0.mp1.Philadelphia1.Level3.net (64.159.0.110) 96.880 ms 97.260 ms 98.446 ms
15 gige9-0.hsipaccess1.Philadelphia1.Level3.net (64.159.0.146) 97.084 ms 96.874 ms 97.054 ms
16 unknown.Level3.net (63.209.178.162) 98.328 ms 96.987 ms 96.949 ms
17 209.50.43.194 (209.50.43.194) 97.550 ms 97.527 ms 107.598 ms
18 rif0.phl049s101.yipes.com (66.54.144.46) 99.631 ms 99.220 ms 100.057 ms
19 rif2.phl018s101.yipes.com (209.50.43.26) 98.791 ms 98.471 ms 98.556 ms
20 66.7.139.82 (66.7.139.82) 99.153 ms 98.500 ms 98.841 ms
21 209.120.128.141 (209.120.128.141) 98.824 ms 98.997 ms 100.086 ms


chiba.eol.ca to undergroundnews.com smile
Posted By: sprinter Re: tracert question - 04/09/02 02:05 AM
yeah i understand how it works i was just curious why this IP was unreachable? i havent tried changing the default time out. this is the first time i have seen an IP that would time out like this. ill try it again with the -t switch? (<--proper name here?)


ok tryed in windows shell and it says to use a -w so i di and it still times out. doesnt this have to do with the TTL? i know the TTL is time to live but i have to look up how that is determined.

so there is nothing special about the ip address i traced? or at least nothing we can get by using tracert?
Posted By: Gremelin Re: tracert question - 04/09/02 07:51 AM
perhaps it wasn't logged into the internet? either via it bein shut down or dosed heh
Posted By: SilentRage Re: tracert question - 04/09/02 02:34 PM
yep, the computer is not online, the IP is not in use. At least not at the time I checked it out.
Posted By: sprinter Re: tracert question - 04/09/02 03:37 PM
ok that makes sense but its kind of unusual. there is a pretty good chance that there is a hardware firewall there so i was just curious what i was looking at. thanks guys.
Posted By: Scallion Re: tracert question - 04/09/02 07:18 PM
You could check that ip with nslookup .(something most windows folks don't have)

For those of you who don't have nslookup, I've written a version and posted it near the bottom of www.scallion.sp00fed.net for your convinience. THis will look up the IP and tell you what it's DNS record says about it - if you get a negative result, this means that the IP has no DNS record, therefore it is unused, eliminating the need for tracert as a tool to find whether it's online or not.
Posted By: Mornse Re: tracert question - 04/09/02 10:59 PM
sprinter, you're right, it could be a firewall. Sometimes firewalls block certain requests, so either the computer doesn't exist, or you hit a firewall.
Posted By: sprinter Re: tracert question - 04/10/02 02:19 AM
SCALLION- thanks for the effort but im proficient with google and that seems to get me by on most things smile.
http://network-tools.com/

Mornse- could be a firewall i dunno. i will find out soon though smile. or at least have some more info. i would really like to know what it takes to make an addy unreachable as though its not there. a firewall? or a hardware firewall or just something like ipchains,freesco,natd or other setups like this?
© UGN Security Forum