Re: What do all those "* * *" mean on a traceroute log?
On 4/12/23, Albretch Mueller <lbrtchx@gmail.com> wrote:
> I have found a few examples and "explanations" but in the cases of
> the examples I have seen by other people, like:
>
> https://serverfault.com/questions/733005/what-does-having-mean-in-the-command-traceroute-and-how-can-you-cope-wit
>
> It is not with every site and it is mostly with one hop. I my case it
> is with all sites and once the packets reach the web (from hop 5 to
> 30), from wherever I connect to the Internet. Why would that happen
you should probably start off with
https://archive.nanog.org/sites/default/files/10_Roisman_Traceroute.pdf
A Practical Guide to (Correctly)
Troubleshooting with Traceroute
> and why would that -consistently- "happen" to me?
Ask your ISP - or VPN provider or whatever it is that you're using..
I did a search on your _gateway (199.83.128.1) address and found
https://www.sitelock.com/blog/sitelock-trueshield-web-application-firewall-updates/
SiteLock TrueShield Complete IP Range in long form:
199.83.128.1-199.83.135.254
Maybe they can explain what's going on?
Interestingly enough, I tried a traceroute to the last ip address that
answered in your traceroute and got an answer from
1. my router
2. my ISP's router
and nothing else !??
It seems that Verizon doesn't have a route to 199.83.128.1 --
https://www.verizon.com/business/why-verizon/looking-glass/
doesn't show anything for 199.83.128.1, so I'm guessing verizon is
doing some form of Unicase Reverse Path Filtering (URPF) and dropping
all those packets that don't have a route to the destination
I also tried a traceroute to your _gateway (199.83.128.1) and got
$ traceroute 199.83.128.1
traceroute to 199.83.128.1 (199.83.128.1), 30 hops max, 60 byte packets
<.. snip ..>
4 0.ae5.BR2.IAD8.ALTER.NET (140.222.6.175) 12.963 ms
0.ae1.BR2.IAD8.ALTER.NET (140.222.239.85) 9.400 ms
0.ae5.BR2.IAD8.ALTER.NET (140.222.6.175) 12.919 ms
5 ash-b2-link.ip.twelve99.net (80.239.135.178) 9.211 ms 9.334 ms 9.424 ms
6 imperva-svc087369-lag004786.ip.twelve99-cust.net (62.115.55.139)
9.612 ms 7.612 ms 7.445 ms
7 * * *
8 * * *
9 * * *
10 * * *
... etc
And finally
https://bgp.tools/prefix/199.83.128.0/24#connectivity
Anycast Detected
When bgp.tools scanned this prefix, we found that 199.83.128.0 was anycasted.
Upstreams This info take up to 6 hours to fully update
ASN Description
AS2914 NTT America, Inc.
AS1299 Arelion (fka. Telia Carrier)
So it seems you're doing something ... different.
Regards,
Lee
>
> $ traceroute google.com
> traceroute to google.com (172.217.0.174), 30 hops max, 60 byte packets
> 1 _gateway (199.83.128.1) 6.687 ms 6.660 ms 6.683 ms
> 2 199.83.240.2 (199.83.240.2) 6.101 ms 6.622 ms 6.610 ms
> 3 ad.nypl.org (199.254.254.1) 6.600 ms 6.588 ms 6.577 ms
> 4 199.254.252.1 (199.254.252.1) 6.566 ms 6.590 ms 6.738 ms
> 5 * * *
> . . .
> 30 * * *
>
> $ traceroute microsoft.com
> traceroute to microsoft.com (20.81.111.85), 30 hops max, 60 byte packets
> 1 _gateway (199.83.128.1) 12.353 ms 12.319 ms 12.306 ms
> 2 199.83.240.2 (199.83.240.2) 11.803 ms 12.281 ms 12.268 ms
> 3 ad.nypl.org (199.254.254.1) 12.256 ms 12.244 ms 12.231 ms
> 4 199.254.252.1 (199.254.252.1) 12.255 ms 12.243 ms 12.511 ms
> 5 * * *
> . . .
> 30 * * *
>
> $ traceroute debian.org
> traceroute to debian.org (149.20.4.15), 30 hops max, 60 byte packets
> 1 _gateway (199.83.128.1) 16.821 ms 17.804 ms 17.784 ms
> 2 199.83.240.2 (199.83.240.2) 4.739 ms 5.086 ms 5.070 ms
> 3 ad.nypl.org (199.254.254.1) 5.054 ms 5.389 ms 5.023 ms
> 4 199.254.252.1 (199.254.252.1) 6.805 ms 6.282 ms 6.773 ms
> 5 * * *
> . . .
> 30 * * *
>
> lbrtchx
>
>
Reply to: