Weird Traceroute

I was looking at a development web site I am involved with and I was interested in where the site was in the big bad world, so I decided to traceroute to it[1]. What seemed very unusual was that the 5th hop reported an ip address in the 10.0.0.0/8 private address space. To quote Sam “10.what now?”. I’m still amazed that packets with source addresses with private addresses are routed across the internet![2]

[1]
$ sudo traceroute -m 10 -N 1 -M default 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
 1  80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1)  0.389 ms  0.174 ms  0.154 ms
 2  89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3)  0.366 ms  0.440 ms  0.326 ms
 3  gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73)  6.822 ms  6.707 ms  7.314 ms
 4  * * linx-gw1.betherenow.co.uk (195.66.224.232)  11.099 ms
 5  10.1.3.177 (10.1.3.177)  9.041 ms  8.237 ms  7.706 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
$
$ sudo traceroute -m 10 -N 1 -M icmp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
 1  80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1)  0.216 ms  0.134 ms  0.092 ms
 2  89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3)  0.404 ms  0.382 ms  0.451 ms
 3  gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73)  8.107 ms  7.459 ms  7.462 ms
 4  linx-gw1.betherenow.co.uk (195.66.224.232)  7.653 ms  7.440 ms  8.356 ms
 5  10.1.3.177 (10.1.3.177)  10.940 ms  20.268 ms  9.236 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
$
$ sudo traceroute -m 10 -N 1 -M tcp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
 1  80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1)  0.323 ms  0.437 ms  0.200 ms
 2  89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3)  0.446 ms  0.333 ms  0.391 ms
 3  gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73)  7.120 ms  6.713 ms  6.800 ms
 4  linx-gw1.betherenow.co.uk (195.66.224.232)  7.925 ms  7.737 ms  7.881 ms
 5  10.1.3.177 (10.1.3.177)  7.816 ms  7.500 ms  8.614 ms
 6  78-86-199-179.zone2.bethere.co.uk (78.86.199.179)  21.213 ms  21.239 ms  21.242 ms
 7  78-86-199-179.zone2.bethere.co.uk (78.86.199.179)  20.770 ms  21.662 ms  22.061 ms
$
$ sudo traceroute -m 10 -N 1 -M udp 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
 1  80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1)  0.276 ms  0.096 ms  0.091 ms
 2  89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3)  0.444 ms  0.409 ms  0.403 ms
 3  gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73)  6.747 ms  6.797 ms  6.844 ms
 4  * linx-gw1.betherenow.co.uk (195.66.224.232)  7.620 ms  7.488 ms
 5  10.1.3.177 (10.1.3.177)  8.766 ms  7.501 ms  8.638 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
$
$ sudo traceroute -m 10 -N 1 -M raw 78.86.199.179
traceroute to 78.86.199.179 (78.86.199.179), 10 hops max, 40 byte packets
 1  80-68-93-1.no-reverse-dns-set.bytemark.co.uk (80.68.93.1)  0.314 ms  0.097 ms  0.093 ms
 2  89-16-188-3.no-reverse-dns-set.bytemark.co.uk (89.16.188.3)  0.378 ms  0.412 ms  0.330 ms
 3  gi4-19.cr01.thn.bytemark.co.uk (80.68.80.73)  23.388 ms  8.331 ms  7.084 ms
 4  linx-gw1.betherenow.co.uk (195.66.224.232)  8.294 ms  7.517 ms  8.027 ms
 5  10.1.3.177 (10.1.3.177)  8.502 ms  7.589 ms  7.450 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
$ 

[2]
$ tshark -r cap -R "ip.src == 10.0.0.0/8"
177   8.113729   10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
183   8.122267   10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
187   8.130944   10.1.3.177 -> 80.68.93.148 ICMP Time-to-live exceeded (Time to live exceeded in transit)
$ 

Computer enthusiast and sysadmin

Related