How do I find out what this unknown device is on my network?

0

Backstory: I have a home PC network that is mixed hardwired and wireless, with a wireless access point and hardwired PCs - connected to a dual-WAN capable router, connected to a cable modem, connected to Cox Internet (only one WAN is in use at present). The LAN is 10.0.0.1/255.255.255.0. WAN is 68.7.112.78/255.255.252.0

For reasons I won't go into here, I recently had occasion to do a tracert to a web site that I frequent:

 1    <1 ms    <1 ms    <1 ms  10.0.0.1
 2     8 ms     7 ms     7 ms  **10.165.32.1**
 3     8 ms     7 ms     7 ms  **68.6.14.168**
 4     9 ms     9 ms     9 ms  100.120.108.30
 5    13 ms    13 ms    13 ms  68.1.1.167
 6    23 ms    22 ms    24 ms  68.105.30.190
 7    13 ms    14 ms    13 ms  a23-57-47-92.deploy.static.akamaitechnologies.com [23.57.47.92]

10.0.0.1 is my router.

10.165.32.1 is nonroutable, but is not on my LAN. What is it? Is it my cable modem?

68.6.14.168 is not my WAN IP address. It is a Cox IP address with no domain name, in the same netblock (NETBLK-SD-RDC-68-6-0-0) as my WAN IP address. My WAN IP address does not appear in the tracert. Why does something other than my WAN IP address appear here?

100.120.108.30 is in a shared address space for service providers, and the rest appears to be routing to get to an akamai server.

Thanks for any info.

Rebeccah

Posted 2019-01-29T23:49:28.340

Reputation: 3

Answers

1

I'm not sure how much you understand (but everything in the traceroute is normal)

Traceroute works by showing you the routers that packets go through to get from you to your destination.

I'm pretty sure that if 10.0.0.1 is your router (which makes sense) then 10.165.32.1 is your providers router. They are probably providing you with the service - incompetently - using NAT. (I say incompetently because they should be using Carrier Grade NAT and the 100.x.x.x network, nonetheless, using 10.x is fairly commonly used by ISPs)

Your WAN address would not appear in the traceroute because traceroute shows the "next router" address, not the address packets are leaving from - much like your home computers address is not 10.0.0.1 yet the first hop is - IE what you are seeing is equivalent to the LAN Interface on your router.

I can confirm that it is entirely possible for traceroute to report back private IP addresses in other peoples networks. This is because the packets are not destined for that IP address, rather the TTL packet which decreases for each hop is adjusted so it times out and returns a result. The source address (ie one which the router is replying to) is your WAN interface IP address, so the packet can then be sent back to it.

davidgo

Posted 2019-01-29T23:49:28.340

Reputation: 49 152

OK, I see now why 68.7.112.78 would not be on the traceroute. It's another interface on the same device as 10.0.0.1. But I would expect the "next hop" from 68.7.112.78 to be on the same network. So if 10.65.32.1 is Cox's router (my router's "next hop" towards the final destination), does that mean that Cox's router also has an IP address in 68.6.0.0/15 (so, two or more interfaces), and it just chooses to report back the private IP address? – Rebeccah – 2019-01-30T03:26:25.363

Its definately possible, but not clear that that is the case. How did you find 68.7.112.78? I could be an external interface of the router on hop 2 or 4 of the traceroute, and NAT being used to deliver back to an IP address range in the 10.165 network - If you log into your router and view the WAN IP address that would confirm either way. – davidgo – 2019-01-30T03:40:35.200

68.7.112.78 is from my router's configuration information. – Rebeccah – 2019-01-30T03:46:27.473

WAN1 Link Up Primary Connection: Dynamic IP Status: Connected IP Address: 68.7.112.78 Subnet Mask: 255.255.252.0 Gateway: 68.7.112.1 – Rebeccah – 2019-01-30T03:46:39.393

So, Cox's router then would have an IP address of 68.7.112.1 and another one of 10.65.32.1? – Rebeccah – 2019-01-30T03:48:04.283

Correct. (padding for minimum character length) – davidgo – 2019-01-30T03:49:21.257

Also, I need to retract what I said about CGN earlier - they are not using GGN to you - although they are using internal IP addresses in their network (which is OK) – davidgo – 2019-01-30T03:50:15.140

Asked: 2019-01-29T23:49:28.340

Viewed: 98 times

Active: 2019-01-30T02:13:51.383