Re: What do all those "* * *" mean on a traceroute log?

To: debian-user@lists.debian.org
Subject: Re: What do all those "* * *" mean on a traceroute log?
From: debian-user@howorth.org.uk
Date: Wed, 12 Apr 2023 20:18:19 +0100
Message-id: <[🔎] 20230412201819.145f8267@acer-suse.lan>
In-reply-to: <[🔎] ZDb1rYq2SM3NzdbS@wooledge.org>
References: <[🔎] CAFakBwhuHCiDYLtjH-NE0_R4wQBQHPDva=g-TTQwpbr0ExJ4wQ@mail.gmail.com> <[🔎] ZDb1rYq2SM3NzdbS@wooledge.org>

Greg Wooledge <greg@wooledge.org> wrote:
> On Wed, Apr 12, 2023 at 05:37:32PM +0000, Albretch Mueller wrote:
> >  It is not with every site and it is mostly with one hop.  
> 
> > $ traceroute google.com
> > traceroute to google.com (172.217.0.174), 30 hops max, 60 byte
> > packets 1  _gateway (199.83.128.1)  6.687 ms  6.660 ms  6.683 ms
> >  2  199.83.240.2 (199.83.240.2)  6.101 ms  6.622 ms  6.610 ms
> >  3  ad.nypl.org (199.254.254.1)  6.600 ms  6.588 ms  6.577 ms
> >  4  199.254.252.1 (199.254.252.1)  6.566 ms  6.590 ms  6.738 ms
> >  5  * * *
> > . . .
> > 30  * * *  
> 
> First you have to understand how traceroute works.  It's like ping,
> except that instead of just sending out a stream of normal packets,
> one per second, and noting the reply times, it sends out a bunch of
> packets with increasing Time To Live fields.
> 
> Each router along the path to the destination decreases the TTL field,
> and if it's negative (or zero?) at any given point, that hop is
> supposed to return a "Time Exceeded" response.  (Time is a badly
> chosen word here; it's a hop number, not an actual time interval,
> that's being counted.)
> 
> So, in theory, you should get one Time Exceeded response from each
> router along the path.  That's what traceroute shows you.
> 
> However, some routers may choose not to honor this, and do not send a
> Time Exceeded response to you.  Or, in some cases, the response packet
> may simply be lost in transit.  Those are the hops where traceroute
> shows * * *.
> 
> An example from my system:
> 
> unicorn:~$ traceroute www.google.com
> traceroute to www.google.com (142.250.190.4), 30 hops max, 60 byte
> packets 1  routerlogin.net (10.0.0.1)  0.413 ms  0.355 ms  0.415 ms
>  2  65-131-222-254.mnfd.centurylink.net (65.131.222.254)  38.070 ms
> 39.776 ms  36.299 ms 3  75.160.81.21 (75.160.81.21)  41.687 ms
> 45.801 ms  39.873 ms 4  * * *
>  5  ae0.11.bar2.Toronto1.level3.net (4.69.151.242)  56.715 ms
> ae14.14.bar2.Toronto1.level3.net (4.69.216.246)  56.550 ms
> ae0.11.bar2.Toronto1.level3.net (4.69.151.242)  58.637 ms [...]
> 
> No response was received from hop number 4, so traceroute shows me *
> * * there.

I was playing with the addresses listed by Albretch and found that
199.254.252.1 is interesting. whois says it belongs to "Alexandria Sash
& Door (ASD-1)" and
https://opencorporates.com/companies/us_wa/601161047 (via google) tells
me that firm was dissolved in 2005. But the whois entry was updated in
2021. So something's a little odd there. ping says "From 51.148.77.136
icmp_seq=1 Destination Net Unreachable" when I try to ping it.

Reply to:

Follow-Ups:
- Re: What do all those "* * *" mean on a traceroute log?
  - From: David Wright <deblis@lionunicorn.co.uk>

References:
- What do all those "* * *" mean on a traceroute log?
  - From: Albretch Mueller <lbrtchx@gmail.com>
- Re: What do all those "* * *" mean on a traceroute log?
  - From: Greg Wooledge <greg@wooledge.org>

Prev by Date: Re: What do all those "* * *" mean on a traceroute log?
Next by Date: Re: What do all those "* * *" mean on a traceroute log?
Previous by thread: Re: What do all those "* * *" mean on a traceroute log?
Next by thread: Re: What do all those "* * *" mean on a traceroute log?
Index(es):
- Date
- Thread