It is a astonishing circumstance about trace route....

Hello,eveybody...
I encountered a trouble in trace route.
Today I try to trace to 59.121.187.199 from my computer.
See the result below:
************************************************** *****
Tracing route to 59-121-187-199.dynamic.hinet.net [59.121.187.199]
over a maximum of 30 hops:

1 <10 ms <10 ms <10 ms 192.168.1.100
2 70 ms 70 ms 60 ms 59-121-184-254.dynamic.hinet.net
[59.121.184.254]
3 110 ms 120 ms 110 ms 59-121-187-199.dynamic.hinet.net
[59.121.187.199]
4 121 ms 120 ms 120 ms 59-121-187-199.dynamic.hinet.net
[59.121.187.199]

Trace complete.
************************************************** ****
The third hop and the forth hop is the same address.

What's happen?

How can I explain this matter?

Thanks a million.

Fva wrote:
> Hello,eveybody...
> I encountered a trouble in trace route.
> Today I try to trace to 59.121.187.199 from my computer.
> See the result below:
> ************************************************** *****
> Tracing route to 59-121-187-199.dynamic.hinet.net [59.121.187.199]
> over a maximum of 30 hops:
>
> 1 <10 ms <10 ms <10 ms 192.168.1.100
> 2 70 ms 70 ms 60 ms 59-121-184-254.dynamic.hinet.net
> [59.121.184.254]
> 3 110 ms 120 ms 110 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
> 4 121 ms 120 ms 120 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
>
> Trace complete.
> ************************************************** ****
> The third hop and the forth hop is the same address.
>
> What's happen?

It looks like your traceroute implementation is buggy and doesn't know
when to stop.


> How can I explain this matter?

It looks like you're using a Windows traceroute program; you could try
asking Microsoft.

Paul

On Tue, 2 Aug 2005 16:17:52 +0800, "Fva" <(E-Mail Removed)> wrote:

> Hello,eveybody...
> I encountered a trouble in trace route.
> Today I try to trace to 59.121.187.199 from my computer.
> See the result below:
> ************************************************** *****
> Tracing route to 59-121-187-199.dynamic.hinet.net [59.121.187.199]
> over a maximum of 30 hops:
>
> 1 <10 ms <10 ms <10 ms 192.168.1.100
> 2 70 ms 70 ms 60 ms 59-121-184-254.dynamic.hinet.net
> [59.121.184.254]
> 3 110 ms 120 ms 110 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
> 4 121 ms 120 ms 120 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
>
> Trace complete.
> ************************************************** ****
> The third hop and the forth hop is the same address.

That's not a traceroute, probably msft virusware

--
Whom computers would destroy, they must first drive mad.

In the Usenet newsgroup comp.os.linux.networking, in article
<dcnad5$5gi$(E-Mail Removed)>, Paul Black wrote:

>Fva wrote:

>> 2 70 ms 70 ms 60 ms 59-121-184-254.dynamic.hinet.net
>> [59.121.184.254]
>> 3 110 ms 120 ms 110 ms 59-121-187-199.dynamic.hinet.net
>> [59.121.187.199]
>> 4 121 ms 120 ms 120 ms 59-121-187-199.dynamic.hinet.net
>> [59.121.187.199]
>>
>> Trace complete.
>> ************************************************** ****
>> The third hop and the forth hop is the same address.
>>
>> What's happen?
>
>It looks like your traceroute implementation is buggy and doesn't know
>when to stop.

That's entirely possible, but more likely, the person running
59.121.187.199 has a mis-configured firewall that is forwarding stuff
to a system behind it. The trace looks as if it's the b0rken version
from microsoft, which can only trace using ICMP echos, rather than use
high port UDP that any real traceroute uses.

>> How can I explain this matter?

As the IP appears to be an address on the same network as your system,
you could just ask the owner - you do have permission to be stroking the
box, don't you?

>It looks like you're using a Windows traceroute program; you could try
>asking Microsoft.

windozes doesn't have 'traceroute' - microsoft invented this thing
called TRACERT. Using tcpdump, the O/P could see what the problem
is - except that microsoft hasn't invented that application yet.

Old guy

On 2005-08-02, Moe Trin <(E-Mail Removed)> wrote:
>
> That's entirely possible, but more likely, the person running
> 59.121.187.199 has a mis-configured firewall that is forwarding stuff
> to a system behind it.

My traceroute traces route fine to that IP.

> The trace looks as if it's the b0rken version
> from microsoft, which can only trace using ICMP echos, rather than use
> high port UDP that any real traceroute uses.

The OP's output doesn't look like any traceroute output I've seen on various
linuces or UNIXes. It *does* remind me of MS tracert, but I haven't
used that in a few months, so my memory could be faulty.

--keith

--
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

On Tue, 02 Aug 2005 16:17:52 +0800, Fva wrote:

> I encountered a trouble in trace route.
> Today I try to trace to 59.121.187.199 from my computer.
> See the result below:
> ************************************************** *****
> Tracing route to 59-121-187-199.dynamic.hinet.net [59.121.187.199]
> over a maximum of 30 hops:
>
> 1 <10 ms <10 ms <10 ms 192.168.1.100
> 2 70 ms 70 ms 60 ms 59-121-184-254.dynamic.hinet.net
> [59.121.184.254]
> 3 110 ms 120 ms 110 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
> 4 121 ms 120 ms 120 ms 59-121-187-199.dynamic.hinet.net
> [59.121.187.199]
>
> Trace complete.
> ************************************************** ****
> The third hop and the forth hop is the same address.
>
> What's happen?
>
> How can I explain this matter?

Is 59.121.187.199 running 4.3BSD? There was a bug in 4.3BSD that can
cause this.

http://www.zytek.com/traceroute.man.html
Note that lines 2 & 3 are the same. This is due to a
buggy kernel on the 2nd hop system - lbl-csam.arpa - that
forwards packets with a zero ttl (a bug in the distributed
version of 4.3BSD).

On Tue, 02 Aug 2005 15:06:09 -0500, (E-Mail Removed)
(Moe Trin) wrote:

>Using tcpdump, the O/P could see what the problem
>is - except that microsoft hasn't invented that application yet.

No, but windows can use ethereal (even though microsoft didn't invent
it).

Dan

In the Usenet newsgroup comp.os.linux.networking, in article
<(E-Mail Removed)>, Keith Keller wrote:

>Moe Trin wrote:

>> That's entirely possible, but more likely, the person running
>> 59.121.187.199 has a mis-configured firewall that is forwarding stuff
>> to a system behind it.
>
>My traceroute traces route fine to that IP.

[compton ~]$ host 59.121.187.199
199.187.121.59.IN-ADDR.ARPA domain name pointer
59-121-187-199.dynamic.hinet.net
[compton ~]$

Thing is, that's a dynamic address. Between the time the O/P tested it,
and your test, the address could have changed has several times. The
APNIC data doesn't give a clue what type of connection it is. The
block is supposedly HINET in Taiwan, but whois.twnic.net says it's
not their turf.

Old guy

On 2005-08-03, Moe Trin <(E-Mail Removed)> wrote:
> In the Usenet newsgroup comp.os.linux.networking, in article
><(E-Mail Removed)>, Keith Keller wrote:

>>My traceroute traces route fine to that IP.
>
> [compton ~]$ host 59.121.187.199
> 199.187.121.59.IN-ADDR.ARPA domain name pointer
> 59-121-187-199.dynamic.hinet.net
> [compton ~]$
>
> Thing is, that's a dynamic address. Between the time the O/P tested it,
> and your test, the address could have changed has several times. The
> APNIC data doesn't give a clue what type of connection it is. The
> block is supposedly HINET in Taiwan, but whois.twnic.net says it's
> not their turf.

Fair enough. But you gotta admit the output pasted by the OP did
not look much like what you'd expect from a linux traceroute. And
in any case, I still don't care enough to get to a Windows box to
test it.

--keith

--
kkeller-(E-Mail Removed)
(try just my userid to email me)
AOLSFAQ=http://wombat.san-francisco.ca.us/cgi-bin/fom
see X- headers for PGP signature information

Moe Trin wrote:
>
> [compton ~]$ host 59.121.187.199
> 199.187.121.59.IN-ADDR.ARPA domain name pointer
> 59-121-187-199.dynamic.hinet.net
> [compton ~]$
>
> Thing is, that's a dynamic address. Between the time the O/P tested it,

Social engineering caveat: reverse DNS comes up with a hostname with
'dynamic' in it. Nothing stops someone from doing that on a static
address, to discourage abuse complainants: "oh, dynamic IP, we have to
get some ISP to dig in the logfiles to see whom it was assigned to at
the time, too much trouble'.