How to interpret this tracerout?

0

I have a traceroute result that looks like this:

HOST: local                       Loss%   Snt  Last   Avg  Best  Wrst StDev
  1.|-- 10.0.1.1                  0.0%    10    1.2  10.2   1.1  32.1  10.9
  2.|-- 111.111.11.21             0.0%    10    3.4  47.6   2.6 331.0 102.6
  3.|-- bt-128-389.bta.net.cn     0.0%    10    4.5  11.9   4.5  25.9   7.4
  4.|-- 124.65.28.229             0.0%    10    7.7  12.1   4.1  35.8   9.5
  5.|-- 152.75.194.93             0.0%    10   11.0  17.3   6.2  35.7  10.3
  6.|-- 219.111.6.110             0.0%    10   44.4  46.8  39.4  55.8   5.1
  7.|-- 119.138.23.25             0.0%    10   56.4  68.2  51.1 110.3  19.5
  8.|-- 212.111.96.222            0.0%    10   54.0  65.8  54.0  88.6  13.2
  9.|-- 189.158.97.242            0.0%    10   61.3  71.2  51.5  98.4  18.1
 10.|-- 231.158.40.102           10.0%    10   54.4  67.4  47.0  93.8  16.8
 11.|-- 118.188.104.14            0.0%    10   54.0  66.7  45.6 103.6  19.7
 12.|-- 116.151.36.153            0.0%    10   61.4  68.9  50.2 103.9  15.9
 13.|-- ???                      100.0    10    0.0   0.0   0.0   0.0   0.0
 14.|-- 57.30.49.32              10.0%    10   54.5  68.9  46.2 102.1  20.1

I don't understand:

  1. why is the avg connection time lower at hop 3-5 than 2? (since hop 3-5 is further away, how come it is faster to connect to them than hop 2?)
  2. At hop 13, if that hop drops all the packets, then how did I connect to hop 14 eventually? (Does that mean hop 13 doesn't respond to ICMP but still forwarded the packets to hop 14?)

Cheng

Posted 2016-12-27T16:23:05.160

Reputation: 103

2 start="2">

  • Yes. If you can run pathping - it will make that clearer.
    • < – DavidPostill – 2016-12-27T16:35:35.323

    Answers

    0

    First you need to understand how tracert works.

    tracert sends individual packets to the destination with a increasing Time To Live. each router decrements TTL and when it reaches 0, the router will usually send an ICMP TTL Exceeded message back to the host. so to test the first hop, the TTL is 1 (which the router decrements and immediately sends back a TTL exceeded)), the second hop uses 2, and so on.

    so, for Hop 13, the device is configured not to send TTL exceeded messages. tracert just waits until the timeout is reached, increments TTL, and tries the subsequent hop.

    As for your time variance, note that the average is high because the "worst" was a whopping 331ms, but your "best" is only 2.6, and the standard deviation is huge, indicating that your "average" is based on figures that vary widely (like 2.6 and 331). I'd say hop two was just having a bad half second.

    Frank Thomas

    Posted 2016-12-27T16:23:05.160

    Reputation: 29 039

    How to distinguish between "a device configured to not send TTL" and "a device that is simply dropping packets" from a MTR report. – Cheng – 2016-12-28T13:28:26.810

    I don;t think you will be able to tell from an MTR report, unless you can sort an analyze dropped packets by protocol and type. It depends on whether the router is blocking TTL messages outbound (in which case it would appear in your reports) or whether it is using a special configuration to control ICMP output (in which case it would probably not appear in MRTG at all.) – Frank Thomas – 2016-12-28T20:49:27.097

    Found a good explanation here: https://www.linode.com/docs/networking/diagnostics/diagnosing-network-issues-with-mtr/ check the heading under "Verifying Packet Loss"

    – Cheng – 2016-12-29T05:09:44.803

    Asked: 2016-12-27T16:23:05.160

    Viewed: 95 times

    Active: 2016-12-27T18:04:43.203