Using Tracert

Posted on 2013-12-18
Last Modified: 2014-01-22

I used Tracert -d <ip Address> to see the route to the target address. After running Tracert, I noticed that the first IP address was The first IP address is my router. There are about 10 entries (hops) listed after executing my tracert command. After the router, the hops are displayed and then the 10th entry is the IP address of the destination.

While looking at the list of hops, I noticed that the 9th entry has listed as the IP address. Why would an IP address like this, a non-routable IP address, show up on the list of hops? It would make sense to me if the IP pattern was similar to the subnet pattern for my router but it is slightly different in the 3rd octet. Do you have an idea why this IP address would appear prior to my destination IP address, and especially if it looks like it is an internal non-routable IP address? Where would it come from?

Question by:jhieb
  • 2
LVL 14

Accepted Solution

Giovanni Heward earned 500 total points
ID: 39727024
RFC1918 addresses (10/8, 172.16/12 and 192.168/16) should not appear in global routing tables, as they're designed to be used within "a single enterprise". However, it makes sense, to some extent, using RFC1918 addresses for your point-to-point links within your core, even if the traffic going across those links are for "globally routable" IP address ranges, as this conserves a slightly scarce resource.

The reason it shows up in the traceroute is that the TTL of an IP frame expired on an interface with as its interface IP. The down-side of doing this is that it gets harder to ping the interface and do some troubleshooting on the issue, but there is no guarantee that you should be able to do that anyway.

So, I'd say that it may be a bit unusual, but it's certainly not unheard of.

Author Comment

ID: 39727188
This kind of makes sense. I am not an expert at IP addresses and routing so I need the answer explained to me in more simpler terms. However, I also like your answer because it sounds right and I know I can rely on it.

It sounds like you are saying that the TTL of the packet issued by tracert was longer than usual and therefore it expired? Since it expired, tracert grabbed an IP address from the internal network somehow and then finally was able to get to the destination on the next hop? Is this what happened? Since the IP address in question is has a different range, I am not sure where it came from.

Author Comment

ID: 39727612

I have someone else looking at this too, and I am referred to the following link:

It sounds like the problem might be similar to response #3. What is your impression that a router could be sending ICMP responses with a private IP that was bound to the management interface? Does this make sense to you?


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now