Security Basics mailing list archives
Re: Weird trace route output
From: Scott Pack <packs () ohio edu>
Date: Sun, 15 Apr 2007 12:51:34 -0400
Jody Riding [Jody.Riding () sunflowergroup com] wrote:
Has anyone seen a Class C private Address when running a trace route outside of their own network or domain? Notice the 15th hop address. Some stuff has been *** for my protection ;-)
-- snip --
14 37 ms 28 ms 19 ms chi-dist3-fa13-1.networkgci.net [216.146.70.11] 15 22 ms 30 ms 43 ms 192.168.107.133 16 * ^C
This behavior is pretty well expected. It has more to do with the design of traceroute than anything else. Basically, traceroute uses specially crafted packets to trick machines along the route to respond to you, when normally they wouldn't. What you're seeing is probably the internal routing structure of whatever organization the packets are traversing. This page seems to have a reasonable writeup on the situation, as well as a good enough description on how traceroute works. http://www.exit109.com/~jeremy/news/providers/traceroute.html S. -- -------------------------------------------------- Scott Pack Security Analyst Ohio University 381 HDL Center packs () ohio edu
Attachment:
_bin
Description:
Current thread:
- Weird trace route output Jody Riding (Apr 15)
- RE: Weird trace route output David Gillett (Apr 16)
- Re: Weird trace route output Alex Nedelcu (Apr 16)
- Re: Weird trace route output Scott Pack (Apr 16)
- Re: Weird trace route output Pranay Kanwar (Apr 16)
- Re: Weird trace route output Max Vohra (Apr 17)
- RE: Weird trace route output David Gillett (Apr 17)
- Re[2]: Weird trace route output Thierry Zoller (Apr 17)
- Re: Weird trace route output Pranay Kanwar (Apr 17)
- Re: Weird trace route output Max Vohra (Apr 17)
- <Possible follow-ups>
- Re: Weird trace route output notmyemail (Apr 16)