Solved

Traceroutes aren't successful

Posted on 2012-04-12
18
537 Views
Last Modified: 2012-08-02
Where would we be able to allow traceroutes? We keep getting a "Request timed out" error every time it gets past the local router.Tracert screenshot
0
Comment
Question by:CJGROSS
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 3
  • +1
18 Comments
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37837842
can you try pathping yahoo.com
0
 

Author Comment

by:CJGROSS
ID: 37837881
Anuroopsundd,

I learn something new everyday. I'd never even heard of pathping before. This is the end result:pingpath yahoo.com
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37837923
Do you have a proxy?
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 35

Assisted Solution

by:Ernie Beek
Ernie Beek earned 150 total points
ID: 37837993
My idea is that it could be a firewall issue. Because tracroute adjust the TTL the intermediate hops give a 'time exceed' in response. Your firewall might be blocking those responses.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838059
It is most probably that their provider is not allowing the response to the route..

if you see response is coming back from the last Hop when it reaches the destination (google).
if it was with their firewall then the response should not have come back from google at last hop.

and google.com server seems to be their very near to the provider.. see response time of 28ms..

below sites are in india so have to leave your provider.
can you try ... tracert timesofindia.com
or google.co.in
0
 

Author Comment

by:CJGROSS
ID: 37838164
These are the new tracert results. Same as the other ones: tracert google.co.intracert timesofindia.com
0
 
LVL 35

Expert Comment

by:Ernie Beek
ID: 37838178
Yep, the last response differs from the intermediate because there is no 'time exceed' there :)
Still could be a firewall, be it at the provider or local (the 10.20.1.1 perhaps?).
0
 

Author Comment

by:CJGROSS
ID: 37838256
Pinging the "india" address got me nowhere so I when to the browser & typed it in. It gave me "http://timesofindia.indiatimes.com/" so I traceroute that. Same result: tracert timesofindia.indiatimes.com
We do have a Barracuda Web Filter 610 in place to filter traffic coming in & going out. My computer has been placed on an exempt list so it's not suppose to block ANY traffic coming or going but I'm not sure about it blocking TTL packets.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838309
the result for India server are also from akamai server. .that means.. local replica server in your location.. which even the 13ms tells us....

one more tracet to ip below..

tracert 203.101.83.197

tracert 59.163.16.5

tracert 122.160.220.72
0
 
LVL 35

Accepted Solution

by:
Ernie Beek earned 150 total points
ID: 37838320
You might want to check then if it is perhaps blocking 'icmp time exceed' packets (ICMP type 11).
0
 
LVL 11

Assisted Solution

by:Khandakar Ashfaqur Rahman
Khandakar Ashfaqur Rahman earned 150 total points
ID: 37838328
Well, at first go to the following site and find out your public IP
http://www.whatismyip.com/

Then go to
 http://lg.level3.net/traceroute/traceroute.cgi

You can see next hops of your IP if it is not blocked by the firewall.However, your net hops might block ICMP and traceroute.
Traceroute ports are : 33434-33534
If you have access into router/firewal you need to unblock these port.Or if it is ISP end contact to your ISP
0
 

Author Comment

by:CJGROSS
ID: 37838461
Earlier stated tracert attempts: tracert 59.163.16.5tracert 122.16.220.72tracert 203.101.83.197
rigan123,

whatismyip.com stated that I don't have a proxy (which is what I figured). I've tried the http://lg.level3.net/traceroute/traceroute.cgi site twice & these are my results: Level-3-NC-tracertLevel-3-MS-tracert
It looks like it could be the ISP.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838511
yes, seems your isp is blocking the UDP ports 33434-33534
0
 
LVL 11

Assisted Solution

by:Khandakar Ashfaqur Rahman
Khandakar Ashfaqur Rahman earned 150 total points
ID: 37838525
I can reach your IP:

Tracing route to mail.southaven.org [66.195.246.226]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  x.x.x.y
  2     1 ms    <1 ms    <1 ms   x.x.x.x
  3     3 ms     2 ms     1 ms     x.x.x.z
  4    13 ms    12 ms    12 ms  196.38.45.65
  5    13 ms    11 ms    11 ms  196.38.45.64
  6   108 ms   108 ms   107 ms  mi-uk-dock-gsrpe2-gi1-0-1-211.ip.isnet.net [196.
36.70.18]
  7   106 ms   106 ms   106 ms  core1a-dock-te2-1.ip.isnet.net [168.209.246.2]
  8   110 ms   109 ms   109 ms  168.209.246.66
  9   112 ms   106 ms   106 ms  195.50.124.33
 10     *      118 ms   106 ms  ae-52-52.csw2.London1.Level3.net [4.69.139.120]

 11   108 ms   108 ms   106 ms  ae-57-222.ebr2.London1.Level3.net [4.69.153.133]

 12   175 ms   180 ms     *     ae-41-41.ebr1.NewYork1.Level3.net [4.69.137.66]

 13   182 ms   182 ms   193 ms  ae-10-10.ebr2.Washington12.Level3.net [4.69.148.
50]
 14   181 ms   188 ms   181 ms  ae-1-100.ebr1.Washington12.Level3.net [4.69.143.
213]
 15   204 ms   198 ms   200 ms  ae-6-6.ebr1.Atlanta2.Level3.net [4.69.148.105]
 16     *      195 ms   197 ms  ae-18-51.car2.Atlanta4.Level3.net [4.69.150.8]
 17   203 ms   200 ms   198 ms  AMERICAN-ME.car2.Atlanta4.Level3.net [4.53.234.1
8]
 18   213 ms   214 ms   213 ms  mem1-ar3-ge-1-0-0-0.us.twtelecom.net [66.192.253
.190]
 19   217 ms   216 ms   214 ms  mail.southaven.org [66.195.246.226]

Trace complete.


Yes, it might be your gateway routers firewall or routing issue.Who is the owner of 66.192.253.190 router???If it is ISP router then contact to your ISP.
0
 
LVL 17

Expert Comment

by:Anuroopsundd
ID: 37838554
C:\Users\sundd>tracert 66.195.246.226

Tracing route to mail.southaven.org [66.195.246.226]
over a maximum of 30 hops:

  1     1 ms     1 ms     1 ms  MYWIRELESS [x.x.X.X]
  2     2 ms     2 ms     4 ms  10.0.0.1
  3    33 ms    40 ms    42 ms   X.X.x.x.
  4  3058 ms  2913 ms  2813 ms  x.x.x.x
   5    29 ms    27 ms    28 ms  203.101.83.197
  6   270 ms   267 ms   269 ms  125.62.187.126
  7   276 ms   326 ms   276 ms  las-b3-link.telia.net [213.248.98.237]
  8     *      264 ms   264 ms  las-bb1-link.telia.net [213.155.130.124]
  9     *        *        *     Request timed out.
 10   336 ms   331 ms   398 ms  mem1-ar3-ge-0-0-0-0.us.twtelecom.net [66.192.253
.186]
 11   338 ms   340 ms   338 ms  mail.southaven.org [66.195.246.226]

Trace complete.


i am also able to reach.......
0
 

Author Comment

by:CJGROSS
ID: 37839057
The .226 address refers to our externally facing Cisco ASA firewall interface. 66.195.246.225 is our default gateway (TWTelecom switch).
0
 
LVL 11

Expert Comment

by:Khandakar Ashfaqur Rahman
ID: 37840154
Your gateway(ISP) may have multiple IP assigned ,multiple interfaces and multiple gateways.So, you need to contact to them.
0
 

Author Closing Comment

by:CJGROSS
ID: 38250467
Thanks for all the help. The problem has been solved. Our firewall was blocking ICMP so traceroutes & pings weren't always going through.
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

We've been using the Cisco/Linksys RV042 for years as: - an internet Gateway - a site-to-site VPN device - a leased line site-to-site subnet-to-subnet interface (And, here I'm assuming that any RV0xx behaves the same way as an RV042.  So that's …
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question