Solved

Traceroutes aren't successful

Posted on 2012-04-12
18
536 Views
Last Modified: 2012-08-02
Where would we be able to allow traceroutes? We keep getting a "Request timed out" error every time it gets past the local router.Tracert screenshot
0
Comment
Question by:CJGROSS
  • 6
  • 6
  • 3
  • +1
18 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37837842
can you try pathping yahoo.com
0
 

Author Comment

by:CJGROSS
ID: 37837881
Anuroopsundd,

I learn something new everyday. I'd never even heard of pathping before. This is the end result:pingpath yahoo.com
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37837923
Do you have a proxy?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 150 total points
ID: 37837993
My idea is that it could be a firewall issue. Because tracroute adjust the TTL the intermediate hops give a 'time exceed' in response. Your firewall might be blocking those responses.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838059
It is most probably that their provider is not allowing the response to the route..

if you see response is coming back from the last Hop when it reaches the destination (google).
if it was with their firewall then the response should not have come back from google at last hop.

and google.com server seems to be their very near to the provider.. see response time of 28ms..

below sites are in india so have to leave your provider.
can you try ... tracert timesofindia.com
or google.co.in
0
 

Author Comment

by:CJGROSS
ID: 37838164
These are the new tracert results. Same as the other ones: tracert google.co.intracert timesofindia.com
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37838178
Yep, the last response differs from the intermediate because there is no 'time exceed' there :)
Still could be a firewall, be it at the provider or local (the 10.20.1.1 perhaps?).
0
 

Author Comment

by:CJGROSS
ID: 37838256
Pinging the "india" address got me nowhere so I when to the browser & typed it in. It gave me "http://timesofindia.indiatimes.com/" so I traceroute that. Same result: tracert timesofindia.indiatimes.com
We do have a Barracuda Web Filter 610 in place to filter traffic coming in & going out. My computer has been placed on an exempt list so it's not suppose to block ANY traffic coming or going but I'm not sure about it blocking TTL packets.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838309
the result for India server are also from akamai server. .that means.. local replica server in your location.. which even the 13ms tells us....

one more tracet to ip below..

tracert 203.101.83.197

tracert 59.163.16.5

tracert 122.160.220.72
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 150 total points
ID: 37838320
You might want to check then if it is perhaps blocking 'icmp time exceed' packets (ICMP type 11).
0
 
LVL 11

Assisted Solution

by:Khandakar Ashfaqur Rahman
Khandakar Ashfaqur Rahman earned 150 total points
ID: 37838328
Well, at first go to the following site and find out your public IP
http://www.whatismyip.com/

Then go to
 http://lg.level3.net/traceroute/traceroute.cgi

You can see next hops of your IP if it is not blocked by the firewall.However, your net hops might block ICMP and traceroute.
Traceroute ports are : 33434-33534
If you have access into router/firewal you need to unblock these port.Or if it is ISP end contact to your ISP
0
 

Author Comment

by:CJGROSS
ID: 37838461
Earlier stated tracert attempts: tracert 59.163.16.5tracert 122.16.220.72tracert 203.101.83.197
rigan123,

whatismyip.com stated that I don't have a proxy (which is what I figured). I've tried the http://lg.level3.net/traceroute/traceroute.cgi site twice & these are my results: Level-3-NC-tracertLevel-3-MS-tracert
It looks like it could be the ISP.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838511
yes, seems your isp is blocking the UDP ports 33434-33534
0
 
LVL 11

Assisted Solution

by:Khandakar Ashfaqur Rahman
Khandakar Ashfaqur Rahman earned 150 total points
ID: 37838525
I can reach your IP:

Tracing route to mail.southaven.org [66.195.246.226]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  x.x.x.y
  2     1 ms    <1 ms    <1 ms   x.x.x.x
  3     3 ms     2 ms     1 ms     x.x.x.z
  4    13 ms    12 ms    12 ms  196.38.45.65
  5    13 ms    11 ms    11 ms  196.38.45.64
  6   108 ms   108 ms   107 ms  mi-uk-dock-gsrpe2-gi1-0-1-211.ip.isnet.net [196.
36.70.18]
  7   106 ms   106 ms   106 ms  core1a-dock-te2-1.ip.isnet.net [168.209.246.2]
  8   110 ms   109 ms   109 ms  168.209.246.66
  9   112 ms   106 ms   106 ms  195.50.124.33
 10     *      118 ms   106 ms  ae-52-52.csw2.London1.Level3.net [4.69.139.120]

 11   108 ms   108 ms   106 ms  ae-57-222.ebr2.London1.Level3.net [4.69.153.133]

 12   175 ms   180 ms     *     ae-41-41.ebr1.NewYork1.Level3.net [4.69.137.66]

 13   182 ms   182 ms   193 ms  ae-10-10.ebr2.Washington12.Level3.net [4.69.148.
50]
 14   181 ms   188 ms   181 ms  ae-1-100.ebr1.Washington12.Level3.net [4.69.143.
213]
 15   204 ms   198 ms   200 ms  ae-6-6.ebr1.Atlanta2.Level3.net [4.69.148.105]
 16     *      195 ms   197 ms  ae-18-51.car2.Atlanta4.Level3.net [4.69.150.8]
 17   203 ms   200 ms   198 ms  AMERICAN-ME.car2.Atlanta4.Level3.net [4.53.234.1
8]
 18   213 ms   214 ms   213 ms  mem1-ar3-ge-1-0-0-0.us.twtelecom.net [66.192.253
.190]
 19   217 ms   216 ms   214 ms  mail.southaven.org [66.195.246.226]

Trace complete.


Yes, it might be your gateway routers firewall or routing issue.Who is the owner of 66.192.253.190 router???If it is ISP router then contact to your ISP.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838554
C:\Users\sundd>tracert 66.195.246.226

Tracing route to mail.southaven.org [66.195.246.226]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  MYWIRELESS [x.x.X.X]
  2     2 ms     2 ms     4 ms  10.0.0.1
  3    33 ms    40 ms    42 ms   X.X.x.x.
  4  3058 ms  2913 ms  2813 ms  x.x.x.x
   5    29 ms    27 ms    28 ms  203.101.83.197
  6   270 ms   267 ms   269 ms  125.62.187.126
  7   276 ms   326 ms   276 ms  las-b3-link.telia.net [213.248.98.237]
  8     *      264 ms   264 ms  las-bb1-link.telia.net [213.155.130.124]
  9     *        *        *     Request timed out.
 10   336 ms   331 ms   398 ms  mem1-ar3-ge-0-0-0-0.us.twtelecom.net [66.192.253
.186]
 11   338 ms   340 ms   338 ms  mail.southaven.org [66.195.246.226]

Trace complete.


i am also able to reach.......
0
 

Author Comment

by:CJGROSS
ID: 37839057
The .226 address refers to our externally facing Cisco ASA firewall interface. 66.195.246.225 is our default gateway (TWTelecom switch).
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37840154
Your gateway(ISP) may have multiple IP assigned ,multiple interfaces and multiple gateways.So, you need to contact to them.
0
 

Author Closing Comment

by:CJGROSS
ID: 38250467
Thanks for all the help. The problem has been solved. Our firewall was blocking ICMP so traceroutes & pings weren't always going through.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
Load balancing is the method of dividing the total amount of work performed by one computer between two or more computers. Its aim is to get more work done in the same amount of time, ensuring that all the users get served faster.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

837 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question