Interpreting traceroute

I have a tracrt which I am struggling to interpret. The reason I am confused is that on the traceroute the first hop is the same as the last.

Normally I would expect to see some form of router or gateway as the first hop but not in this case. I have not been able to replicate the issue either.

Bobby Newmark

Posted 2015-01-19T15:08:04.493

Reputation: 1

1Do you get the same result for different IPs? Maybe it's a bug in your router? – Werner Henze – 2015-01-19T15:28:14.807

Hi Werner, I am not with the equipment so it is not something I can do unfortunately, but your answer suggests that this output is not normal so that is helpful anyway – Bobby Newmark – 2015-01-19T15:48:01.600

Correct, that output is not normal. – Werner Henze – 2015-01-20T08:07:59.487

Answers

Since you’re running MS Windows, I’d suggest running route print -4 to print your IPv4 routing table. Its output will include the IP address of your default gateway, e.g., the output from my computer includes the following:

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     172.22.0.254      172.22.0.43     20

When I run tracert, the first hop that I see is that of my default gateway, 172.22.0.254. You should be seeing the same thing.

However, the output you’re getting is definitely incorrect. I’d suspect that your tracert executable is somehow buggy and I’d suggest running Microsft's pathping as an alternative network debugging tool.

Anthony Geoghegan

Posted 2015-01-19T15:08:04.493

Reputation: 3 095

Thank you for your reply. I will see if I can get ip4 table. I'm not with the machine so it will have to be later on. – Bobby Newmark – 2015-01-19T16:32:04.820

I'm betting your first hop router is a buggy NAT gateway that's accidentally sending ICMP "Destination Unreachable, Time Exceeded" messages from the source address of the machine you were trying to traceroute to rather than sending these messages from its own IP address.

It could be the same box that you have labeled as "CPE gateway". Or it could be that you've got, say, a Wi-Fi AP (wireless router) on your network behind the CPE gateway, and you accidentally have that Wi-Fi AP doing NAT when it should probably be just a bridge to avoid double-NAT.

Spiff

Posted 2015-01-19T15:08:04.493

Reputation: 84 656

Thanks for your comment spiff. The Cpe gateway is a modem only so it doesn't do any routing or have a wireless ap built in so normally I would expect the router to be in the first hop. Your comment regarding whether it s correctly replying to the ICMP is interesting – Bobby Newmark – 2015-01-20T09:48:47.993