Re: tcptraceroute outcome

[Julien <Security () aqwz Com>]

Christian Perst wrote:
> Hi list members,
>
> with tcptraceroute I get
> ...
>  7  213.225.aaa.aaa (213.225.aaa.aaa)  24.396 ms  25.027 ms  25.306 ms
>  8  213.225.bbb.bbb (213.225.bbb.bbb)  29.464 ms  29.012 ms  29.285 ms
>  9  213.225.ccc.ccc (213.225.ccc.ccc)  29.967 ms  30.912 ms  29.656 ms
> 10  193.41.ddd.ddd (193.41.ddd.ddd) [closed]  30.694 ms
>     213.225.ccc.ccc (213.225.ccc.ccc)  30.265 ms
>     193.41.ddd.ddd (193.41.ddd.ddd)  30.501 ms
>
> That seems strange. Could that be a Router with 2 IPs 213.225.ccc.ccc
> on one interface and 193.41.ddd.ddd on the other interface?
>
>   
no you can't know the second ip of that router with your traceroute.

193.41.ddd.ddd is at 99% an other router. But it's seems that there is a routing problem,
perhaps a wrong route on the router 193.41.ddd.ddd


> Why does ccc send "time exceeded" after the package has reached ddd?
>   

Because when the package arrive on ccc, the ttl is null.


/Julien
> Thank,
> Chris
>
> ------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Need to secure your web apps?
> Cenzic Hailstorm finds vulnerabilities fast.
> Click the link to buy it, try it or download Hailstorm for FREE.
> http://www.cenzic.com/products_services/download_hailstorm.php
> ------------------------------------------------------------------------
>
>   


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------