private address in traceroute results

Solution 1

it seems like you are having a bit of a hard time getting what Frank Thomas is saying.

Assuming you are at host A. If you want to get to host D you need to go through both routers B and C. B and C, both have interfaces on the public network (155.10.30.1 and 132.277.62.1 respectively). However, their internal routing network is allocated by private space. That is, to route from B to C you have to go over a private network. If you were to traceroute from A to D you would see something like this:

traceroute to 132.227.62.122 (132.227.62.122), 30 hops max, 60 byte packets 
 1  155.10.30.1 1.103 ms  1.107 ms  1.097 ms
 2  10.10.10.2  1.535 ms  1.625 ms  2.172 ms
 3  132.277.62.122  6.891 ms  6.937 ms  6.927 ms

Please note the times are irrelevant for this example.

So even though both sides of the network are public, router B has a route to D via C. Now, please understand - in the real world B probably also has a route which goes to the Internet. However, in this case D's network had a better route (or in the technical parlance - a lower metric) on B via C. Therefore, you see the private network.

Why this happens depends on the specific network. I will hazard a guess. You seem to be on a University network. I say this based on the fact that your internal IP addresses had a DNS entry. Which have a univ in them. If this is indeed the case, you are now routing within a University - or intra-University. As a result, the best route from one University to another may in fact be an internal route instead of going out over the Internet. They may have a circuit that they ran themselves, or they might be using MPLS or Frame Relay to create a private circuit.

Hope that helps.

Solution 2

Tracert works by sending packets addressed to the target host, but with a TTL set to the next expected hop count (eg its first packest are TTL=0, then TTL=1, etc). when TTL=0, the first router will return a ICMP TTL Exceeded message to the host using its own IP as sender, and drop the packet. That TTL Exceeded message is what tracert pays attention to when listing results.

So, if around hop 9, (the initial TTL=10), and the next hop toward the destination is through an internal network (10.230.10.0/24) the router for that network notices that time to live is expired, and responds once again by sending an ICMP TTL Exceeded message to the host, using the sender IP 10.230.10.1. Remember, both sides of a NAT router have a hop between them, so NAT networks do appear. Without knowing more about your specific circumstance, I cant tell you more, but ISPs and large organizations like universities use many many private networks internally.

By using this method, you can observe a path moving through private networks without actually being able to send to or receive directly from them.

More info here.

Related videos on Youtube

04 : 40

PING and TRACERT (traceroute) networking commands

PowerCert Animated Videos

773

09 : 24

Traceroute (tracert) Explained - Network Troubleshooting

PowerCert Animated Videos

274

32 : 54

Sử dụng lệnh Ping và Tracert để kiểm tra, loại trừ khoanh vùng khu vực, đoạn mạng đang lỗi.

HT ĐỨC HỢP

32

02 : 51

Multiple private addresses in my traceroute results (3 Solutions!!)

Roel Van de Paar

3

02 : 34

private address in traceroute results (2 Solutions!!)

Roel Van de Paar

0

Author by

misteryes

Updated on September 18, 2022