From: Kenneth Wygand (KWygand@customonline.com)
Date: Wed Dec 10 2003 - 13:20:13 GMT-3
Well if you think about the way traceroute works, it continues to
increment the TTL value each time it receives back a "TTL expired"
message from the transiting device, and it notes the source of that "TTL
expires" message as that particular hop. This source address will be
the closest interface (relative to the "tracerouting" device) on the
routing device sending the TTL expired message.
It seems to me that the packet is bouncing around interfaces within the
internal host on the destination HP UX server. How many IP addresses
are on this box? Check your routing tables on here. If you can,
perform the traceroute from any other device along the path and see if
the destination repeats several times?
This is what I see, so picture it this way. From where you are pinging,
if you set the TTL to 4 (which is what traceroute does to get the 4th
hop), it might end up on some interface on the HP UX box, BUT it has not
yet reached the destination IP address it is looking for. Consequently,
the HP box will independently send out a "TTL expired" packet to your
"tracerouting" host. The source address will be the closest interface
on the HP UX box relative to the "tracerouting" host. If the routes
bounce around 3 more hops before hitting the final destination, you will
observe what you are seeing.
There are also other possible reasons, including asymmetric route paths,
dynamic or load-balanced (or load-shared) communication paths, etc.
Maybe you can dig a little deeper with these thoughts in mind. I'd be
interested to see what you can find out. :)
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
Custom Computer Specialists, Inc.
"Real Engineers Debug in Binary."
-kw
-----Original Message-----
From: Chris Cole [mailto:CCole@EPLUS.com]
Sent: Wednesday, December 10, 2003 10:37 AM
To: Kenneth Wygand; CCIELAB@groupstudy.com
Subject: RE: traceroute
Ok the end host is a HP UX server. The path goes from a Microsoft 2K
server
through a Cat 4505 to a Cisco router then a ATM connection to the remote
sides Cisco router. After that the end host ip address shows up as then
next
four hops to the end host ip. I then did a trace back from the HP UX box
to
the MS 2K serv and did not get the duplicate ip address. It's vary
funney
every thing is working but the trace just shows up funney..
Thanks
ChrisC
-----Original Message-----
From: Kenneth Wygand [mailto:KWygand@customonline.com]
Sent: Wednesday, December 10, 2003 10:23 AM
To: Chris Cole; CCIELAB@groupstudy.com
Subject: RE: traceroute
What type of host are you pinging? Is this a router or a network node
performing routing functionality? If so, I might have your answer.
Kenneth E. Wygand
Systems Engineer, Project Services
CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
Network+, A+
Custom Computer Specialists, Inc.
"Real Engineers Debug in Binary."
-kw
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Chris Cole
Sent: Wednesday, December 10, 2003 10:19 AM
To: CCIELAB@groupstudy.com
Subject: OT: traceroute
Hello all, I have a question about reading the output of a traceroute. I
have done some research into this on the web and have not found a good
explanation. I did do a search on the Group study archives but the
explanation given would not apply here. Well I don't think it would. So
here
we go. I have a traceroute that has hops 4 - 7 the same IP address as
the
end host. I did notice the different in the Microsoft tracert and the
Unix
still traceroute. One ICMP One UDP. But I don't see how that could
explain
the multiple IP coming up in the traceroute. I can not give the real
trace.
It's for a customer. They are not having problems either with this link.
It
was just some thing that I have not seen and I would like some feed back
if
any body has seen this.
Thanks
ChrisC
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:38 GMT-3