Solved

Using Tracert

Posted on 2013-12-18
3
326 Views
Last Modified: 2014-01-22
Hello,

I used Tracert -d <ip Address> to see the route to the target address. After running Tracert, I noticed that the first IP address was 192.168.4.1. The first IP address is my router. There are about 10 entries (hops) listed after executing my tracert command. After the router, the hops are displayed and then the 10th entry is the IP address of the destination.

While looking at the list of hops, I noticed that the 9th entry has 192.168.1.82 listed as the IP address. Why would an IP address like this, a non-routable IP address, show up on the list of hops? It would make sense to me if the IP pattern was similar to the subnet pattern for my router but it is slightly different in the 3rd octet. Do you have an idea why this IP address would appear prior to my destination IP address, and especially if it looks like it is an internal non-routable IP address? Where would it come from?

Thanks.
0
Comment
Question by:jhieb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 15

Accepted Solution

by:
Giovanni Heward earned 500 total points
ID: 39727024
RFC1918 addresses (10/8, 172.16/12 and 192.168/16) should not appear in global routing tables, as they're designed to be used within "a single enterprise". However, it makes sense, to some extent, using RFC1918 addresses for your point-to-point links within your core, even if the traffic going across those links are for "globally routable" IP address ranges, as this conserves a slightly scarce resource.

The reason it shows up in the traceroute is that the TTL of an IP frame expired on an interface with 192.168.1.82 as its interface IP. The down-side of doing this is that it gets harder to ping the interface and do some troubleshooting on the issue, but there is no guarantee that you should be able to do that anyway.

So, I'd say that it may be a bit unusual, but it's certainly not unheard of.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39727188
This kind of makes sense. I am not an expert at IP addresses and routing so I need the answer explained to me in more simpler terms. However, I also like your answer because it sounds right and I know I can rely on it.

It sounds like you are saying that the TTL of the packet issued by tracert was longer than usual and therefore it expired? Since it expired, tracert grabbed an IP address from the internal network somehow and then finally was able to get to the destination on the next hop? Is this what happened? Since the IP address in question is has a different range, I am not sure where it came from.
0
 
LVL 1

Author Comment

by:jhieb
ID: 39727612
x66_x72_x65_x65,

I have someone else looking at this too, and I am referred to the following link:
http://serverfault.com/questions/59516/traceroute-includes-un-routable-ip

It sounds like the problem might be similar to response #3. What is your impression that a router could be sending ICMP responses with a private IP that was bound to the management interface? Does this make sense to you?

Thanks.
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
An article on effective troubleshooting
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Suggested Courses

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question