Using Tracert


I used Tracert -d <ip Address> to see the route to the target address. After running Tracert, I noticed that the first IP address was The first IP address is my router. There are about 10 entries (hops) listed after executing my tracert command. After the router, the hops are displayed and then the 10th entry is the IP address of the destination.

While looking at the list of hops, I noticed that the 9th entry has listed as the IP address. Why would an IP address like this, a non-routable IP address, show up on the list of hops? It would make sense to me if the IP pattern was similar to the subnet pattern for my router but it is slightly different in the 3rd octet. Do you have an idea why this IP address would appear prior to my destination IP address, and especially if it looks like it is an internal non-routable IP address? Where would it come from?

Who is Participating?
Giovanni HewardCommented:
RFC1918 addresses (10/8, 172.16/12 and 192.168/16) should not appear in global routing tables, as they're designed to be used within "a single enterprise". However, it makes sense, to some extent, using RFC1918 addresses for your point-to-point links within your core, even if the traffic going across those links are for "globally routable" IP address ranges, as this conserves a slightly scarce resource.

The reason it shows up in the traceroute is that the TTL of an IP frame expired on an interface with as its interface IP. The down-side of doing this is that it gets harder to ping the interface and do some troubleshooting on the issue, but there is no guarantee that you should be able to do that anyway.

So, I'd say that it may be a bit unusual, but it's certainly not unheard of.
jhiebAuthor Commented:
This kind of makes sense. I am not an expert at IP addresses and routing so I need the answer explained to me in more simpler terms. However, I also like your answer because it sounds right and I know I can rely on it.

It sounds like you are saying that the TTL of the packet issued by tracert was longer than usual and therefore it expired? Since it expired, tracert grabbed an IP address from the internal network somehow and then finally was able to get to the destination on the next hop? Is this what happened? Since the IP address in question is has a different range, I am not sure where it came from.
jhiebAuthor Commented:

I have someone else looking at this too, and I am referred to the following link:

It sounds like the problem might be similar to response #3. What is your impression that a router could be sending ICMP responses with a private IP that was bound to the management interface? Does this make sense to you?

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.