Why does my tracert output not match my ipconfig?

2

When I ran into some intermittent Internet connectivity issues the other day at home, I decided to do something I rarely bother with - I plugged my laptop directly into the cable modem to see what was up. Once the connection came back up, I decided to do some diagnostics while I was still directly connected to be sure everything was properly functioning.

During this test:

  • My laptop was plugged directly into the cable modem.
    • As far as I know, this is a "dummy" modem - it's not an all-in-one cable modem/router/wifi device.
  • I had no other devices on the network being tested.
  • My laptop received an IP address and gateway via DHCP, both of which were publicly-routable "Class A" addresses.

If I ran a pathping or tracert to the gateway, everything came back normal - nothing appeared to be in between my laptop and the gateway.

However, when I ran the same utilities against other targets (Google, Yahoo, etc.) on the Internet, the first hop came back in the "Class A" range of RFC 1918 addresses. Also, the publicly-routable Default Gateway address did not show up at all in the traces.

Again, the only devices connected in my house at this point were my laptop and the cable modem. So, presumably the first hop to any address not in my DHCP-assigned subnet should always be whichever address shows up in ipconfig as the "Default Gateway".

Could someone explain how this can happen, and why there might be legitimate reason for it?

Iszi

Posted 2011-05-02T13:07:39.977

Reputation: 11 686

I haven't tried it but that sounds very strange, if out on the internet there's a computer with a private ip, are you sure it's not one of your computers? which would also be a bit strange.. Why not include a dump of output, but change the public ip so it's not recognisable as you. – barlop – 2011-05-02T17:22:19.333

@barolp - I might do that sometime. Just not at home (and not inclined to disconnect the rest of my home network) right now to do it. It definitely wasn't "one of my computers", since the only computer networked at the time was my laptop and it was plugged directly to the cable modem. I'll try to clarify in my OP. – Iszi – 2011-05-02T17:38:15.823

Answers

3

tracert works by sending packets which have a short TTL ("time to live") and gather the obituaries which are sent back. Namely, when a packet is sent, is has a numerical TTL, which is decremented by each host through which the packet goes. If the TTL reaches zero, the packet dies. The host in which the packet dies normally sends back a control message (ICMP) to state "the packet died here"; that message contains the address that the said host considers to be his own true address. This is not necessarily the address which you so: a router, by construction, has several addresses.

For instance, if your gateway as public address 66.131.127.1 but also has, within the ISP network, the address 10.35.184.1, then the ICMP message may perfectly come back tagged with 10.35.184.1 (this address is not "public" but that's mostly a convention, of which the router needs not be aware).

Thomas Pornin

Posted 2011-05-02T13:07:39.977

Reputation: 508

1Thomas, you have a marvelous way with words - gather the obituaries which are sent back :) – nealmcb – 2011-05-02T19:17:34.057

0

Sometimes providers use the private address space for internal routing. Germany's largest internet provider T-Online even put servers into that address space until the end of 2005.

While using private address space for internal routing does not have a negative impact on reachability, it is generally considered bad practice: It makes tracing down issues using traceroute harder and causes support calls.

Hendrik Brummermann

Posted 2011-05-02T13:07:39.977

Reputation: 101

Asked: 2011-05-02T13:07:39.977

Viewed: 1 681 times

Active: 2011-05-02T18:30:22.937