?
Solved

Last 3 hops of a traceroute are the exact same address, why?

Posted on 2011-02-21
10
Medium Priority
?
4,007 Views
Last Modified: 2013-11-13
If I do a traceroute from my office to one of my customer locations it finishes fine, but the last three hops are the exact same public IP.  This public IP is NAT'ed to a Server on the network.   Does it show up three times because thats the amount of hops from the firewall to the server? I have a complete cisco infrastucture.  Below is my traceroute:  See the last three hops:

C:\>tracert xx.124.54

Tracing route to x.x.124.54 over a maximum of 30 hops

  1     1 ms    <1 ms    <1 ms  10.0.0.2
  2     1 ms     1 ms     1 ms  hx.x.x.74.static.ip.windstream.net [x.x.x.129]
  3    25 ms    23 ms     2 ms  hx.x.x.66.static.ip.windstream.net [x.x.x.129]
  4    36 ms     2 ms     2 ms  hx.x.x.x.66.static.ip.windstream.net [x.x.x.113]
  5    19 ms    26 ms     3 ms  hx.x.x.173.static.ip.windstream.net [173.189.232.113]
  6    72 ms    34 ms    29 ms  h19.236.109.66.static.ip.windstream.net [66.109.236.19]
  7    30 ms    49 ms    53 ms  h96.254.213.151.static.ip.windstream.net [151.213.254.96]
  8    53 ms    53 ms    54 ms  h11.254.213.151.static.ip.windstream.net [151.213.254.11]
  9    47 ms    47 ms    51 ms  h13.254.213.151.static.ip.windstream.net [151.213.254.13]
 10    74 ms    88 ms    56 ms  ip65-47-204-81.z204-47-65.customer.algx.net [65.47.204.81]
 11    60 ms    70 ms    89 ms  207.88.14.238.ptr.us.xo.net [207.88.14.238]
 12    88 ms   105 ms    81 ms  vb24.rar3.washington-dc.us.xo.net [207.88.12.34]
 13    91 ms    68 ms    86 ms  ae0d0.mcr1.philadelphia-pa.us.xo.net [216.156.0.42]
 14    62 ms    63 ms   103 ms  ae1d0.mcr2.philadelphia-pa.us.xo.net [216.156.1.22]
 15    75 ms   100 ms   103 ms  x.x.8.158.ptr.us.xo.net [x.x.8.158]
 16    72 ms    82 ms   110 ms  ipx-47-x-x.z113-x-65.customer.algx.net [x.x.x.118]
 17    80 ms   108 ms   108 ms  x.x.124.54
 18    88 ms   101 ms   107 ms  x.x.124.54
 19    78 ms    96 ms    103 ms  x.x.124.54

Trace complete.
You will see that the last three hops are the exact same IP.  This IP is the public address of a Server I have Nat'ed.  I'm just looking for an explanation of why the last 3 hops are the same IP.  Thanks.

 

0
Comment
Question by:denver218
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 20

Expert Comment

by:woolnoir
ID: 34946076
Check the routing on the box which is natting, it may be that its bouncing between interfaces.
0
 
LVL 4

Author Comment

by:denver218
ID: 34946126
I have a Cisco ASA5510 doing the natting.  I have one route outside statement that goes to my router that connects to the ISP.  I also have route inside statements for my internal networks.  
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34946290
That explains it then, its just that the route the packets are taking are being natted to the external interface address if your NAT box.. nothing to worry about.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 4

Author Comment

by:denver218
ID: 34946504
Can you explain a little further, I'm still not completely sure why the last three hops are the same IP address.  Thanks.
0
 
LVL 20

Accepted Solution

by:
woolnoir earned 1000 total points
ID: 34946526
I'd imagine you have 3 interfaces involved

the external one (which has the IP being reported)
The internal one (which is probably being natted to the external ip, so the tracert is reporting that IP)
finally, the server itself which is configured specifically by your natting to be translated to the external IP.

Essentially each hope being reported by the traceroute is having its address reported, or translated to the external address.
0
 
LVL 24

Assisted Solution

by:rfc1180
rfc1180 earned 1000 total points
ID: 34946815
You are seeing the same IP address as all the return echo replies are being translated due to the overload of the outside interface.

You might have something like.

ASA(config)# global (outside) 1 interface
ASA(config)# nat (inside) 1 0.0.0.0 0.0.0.0

Each router that is sending the ICMP Echo-Reply is being natted:

Hop 17 (ASA)
Hop 18 (possible an ISA, Router, additional Firewall)
Hop 19 (Server)

Billy
0
 
LVL 4

Author Comment

by:denver218
ID: 34946825
OK, so this is normal and nothing to worry about right?  
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 34947035
Normal is no need to worry.

Billy
0
 
LVL 20

Expert Comment

by:woolnoir
ID: 34947296
Yep its fine.. no need to worry
0
 
LVL 4

Author Closing Comment

by:denver218
ID: 34947764
Thanks
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question