Greg Wooledge <g...@wooledge.org> wrote: > On Wed, Apr 12, 2023 at 05:37:32PM +0000, Albretch Mueller wrote: > > It is not with every site and it is mostly with one hop. > > > $ traceroute google.com > > traceroute to google.com (172.217.0.174), 30 hops max, 60 byte > > packets 1 _gateway (199.83.128.1) 6.687 ms 6.660 ms 6.683 ms > > 2 199.83.240.2 (199.83.240.2) 6.101 ms 6.622 ms 6.610 ms > > 3 ad.nypl.org (199.254.254.1) 6.600 ms 6.588 ms 6.577 ms > > 4 199.254.252.1 (199.254.252.1) 6.566 ms 6.590 ms 6.738 ms > > 5 * * * > > . . . > > 30 * * * > > First you have to understand how traceroute works. It's like ping, > except that instead of just sending out a stream of normal packets, > one per second, and noting the reply times, it sends out a bunch of > packets with increasing Time To Live fields. > > Each router along the path to the destination decreases the TTL field, > and if it's negative (or zero?) at any given point, that hop is > supposed to return a "Time Exceeded" response. (Time is a badly > chosen word here; it's a hop number, not an actual time interval, > that's being counted.) > > So, in theory, you should get one Time Exceeded response from each > router along the path. That's what traceroute shows you. > > However, some routers may choose not to honor this, and do not send a > Time Exceeded response to you. Or, in some cases, the response packet > may simply be lost in transit. Those are the hops where traceroute > shows * * *. > > An example from my system: > > unicorn:~$ traceroute www.google.com > traceroute to www.google.com (142.250.190.4), 30 hops max, 60 byte > packets 1 routerlogin.net (10.0.0.1) 0.413 ms 0.355 ms 0.415 ms > 2 65-131-222-254.mnfd.centurylink.net (65.131.222.254) 38.070 ms > 39.776 ms 36.299 ms 3 75.160.81.21 (75.160.81.21) 41.687 ms > 45.801 ms 39.873 ms 4 * * * > 5 ae0.11.bar2.Toronto1.level3.net (4.69.151.242) 56.715 ms > ae14.14.bar2.Toronto1.level3.net (4.69.216.246) 56.550 ms > ae0.11.bar2.Toronto1.level3.net (4.69.151.242) 58.637 ms [...] > > No response was received from hop number 4, so traceroute shows me * > * * there.
I was playing with the addresses listed by Albretch and found that 199.254.252.1 is interesting. whois says it belongs to "Alexandria Sash & Door (ASD-1)" and https://opencorporates.com/companies/us_wa/601161047 (via google) tells me that firm was dissolved in 2005. But the whois entry was updated in 2021. So something's a little odd there. ping says "From 51.148.77.136 icmp_seq=1 Destination Net Unreachable" when I try to ping it.
