Weird Traceroute
I was looking at a development web site I am involved with and I was interested in where the site was in the big bad world, so I decided to traceroute to it[1]. What seemed very unusual was that the 5th hop reported an ip address in the 10.0.0.0/8 private address space. To quote Sam “10.what now?”. I’m still amazed that packets with source addresses with private addresses are routed across the internet![2]
[1]
$ sudo traceroute -m 10 -N 1 -M default 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
1 80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1) 0.389 ms 0.174 ms 0.154 ms
2 89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3) 0.366 ms 0.440 ms 0.326 ms
3 gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73) 6.822 ms 6.707 ms 7.314 ms
4 * * linx-gw1.betherenow.co.uk (195.66.224.232) 11.099 ms
5 10.1.3.177 (10.1.3.177) 9.041 ms 8.237 ms 7.706 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
$
$ sudo traceroute -m 10 -N 1 -M icmp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
1 80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1) 0.216 ms 0.134 ms 0.092 ms
2 89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3) 0.404 ms 0.382 ms 0.451 ms
3 gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73) 8.107 ms 7.459 ms 7.462 ms
4 linx-gw1.betherenow.co.uk (195.66.224.232) 7.653 ms 7.440 ms 8.356 ms
5 10.1.3.177 (10.1.3.177) 10.940 ms 20.268 ms 9.236 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
$
$ sudo traceroute -m 10 -N 1 -M tcp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
1 80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1) 0.323 ms 0.437 ms 0.200 ms
2 89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3) 0.446 ms 0.333 ms 0.391 ms
3 gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73) 7.120 ms 6.713 ms 6.800 ms
4 linx-gw1.betherenow.co.uk (195.66.224.232) 7.925 ms 7.737 ms 7.881 ms
5 10.1.3.177 (10.1.3.177) 7.816 ms 7.500 ms 8.614 ms
6 78-86-199-179.zone2.bethere.co.uk (78.86.199.179) 21.213 ms 21.239 ms 21.242 ms
7 78-86-199-179.zone2.bethere.co.uk (78.86.199.179) 20.770 ms 21.662 ms 22.061 ms
$
$ sudo traceroute -m 10 -N 1 -M udp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
1 80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1) 0.276 ms 0.096 ms 0.091 ms
2 89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3) 0.444 ms 0.409 ms 0.403 ms
3 gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73) 6.747 ms 6.797 ms 6.844 ms
4 * linx-gw1.betherenow.co.uk (195.66.224.232) 7.620 ms 7.488 ms
5 10.1.3.177 (10.1.3.177) 8.766 ms 7.501 ms 8.638 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
$
$ sudo traceroute -m 10 -N 1 -M raw 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
1 80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1) 0.314 ms 0.097 ms 0.093 ms
2 89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3) 0.378 ms 0.412 ms 0.330 ms
3 gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73) 23.388 ms 8.331 ms 7.084 ms
4 linx-gw1.betherenow.co.uk (195.66.224.232) 8.294 ms 7.517 ms 8.027 ms
5 10.1.3.177 (10.1.3.177) 8.502 ms 7.589 ms 7.450 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
$
[2]
$ tshark -r cap -R "ip.src == 10.0.0.0/8"
177 8.113729 10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
183 8.122267 10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
187 8.130944 10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
$
