Traceroute bizarreness - TCP-IP

This is a discussion on Traceroute bizarreness - TCP-IP ; I'm getting bizarre responses to traceroute - every reply ICMP Time- Exceeded message has a source address matching the target I was tracing to. It seems to be some kind of confused NAT happening at my broadband router (3rd party ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Traceroute bizarreness

  1. Traceroute bizarreness


    I'm getting bizarre responses to traceroute - every reply ICMP Time-
    Exceeded message has a source address matching the target I was
    tracing to.

    It seems to be some kind of confused NAT happening at my broadband
    router (3rd party equipment, believed Linux-based) but I don't
    understand why or how. If anyone could shed any light I'd greatly
    appreciate it.

    Network:
    {Winbox 10.1.3.9} ---- { 10.1.3.1 Linbox 192.168.1.2 } ----
    { 192.168.1.1 BroadbandRouter x.x.x.x } ---Z---

    A traceroute from Winbox comes out looking like this:
    Tracing route to 12.12.12.12 over a maximum of 30 hops

    1 <1 ms <1 ms <1 ms 10.1.3.1
    2 1 ms 1 ms 1 ms 12.12.12.12
    3 390 ms 389 ms 399 ms 12.12.12.12
    4 395 ms 392 ms 401 ms 12.12.12.12
    [..and so on]

    I get the same result whether doing an ICMP-based traceroute from
    Winbox, ICMP-based traceroute from Linbox or UDP-based traceroute from
    Linbox.

    BroadbandRouter has a "DMZ Host" setting, pointed at 192.168.1.2, so
    that all incoming connections are forwarded to Linbox.

    All TCP and UDP connections inbound and outbound work as expected, and
    pinging with the RecordRoute flag set behaves as expected.

    Can anyone tell me what on earth is going on?

    -Pik.

  2. Re: Traceroute bizarreness

    On 2008-05-01 00:38:13 -0400, PiK said:

    > 1 <1 ms <1 ms <1 ms 10.1.3.1
    > 2 1 ms 1 ms 1 ms 12.12.12.12
    > 3 390 ms 389 ms 399 ms 12.12.12.12
    > 4 395 ms 392 ms 401 ms 12.12.12.12
    > [..and so on]



    Take a packet trace with WireShark, load it up on the Winbox, and take
    a look at the TTL on the packets in the traceroute. If you don't see a
    continual TTL decrement lower as the traceroute runs, that is
    definitely bizarre. Haven't seen this behavior before myself, kind of a
    cool (but annoying problem) - I'd guess there is some brain-dead NAT
    going on if the TTL is indeed decrementing.

    /dmfh

    --
    _ __ _
    __| |_ __ / _| |_ 01100100 01101101
    / _` | ' \| _| ' \ 01100110 01101000
    \__,_|_|_|_|_| |_||_| dmfh(-2)dmfh.cx


+ Reply to Thread