tracert results, I am confused

I am in a hotel on their network (STSN) and I am using a corporate laptop. Things have been buggy here and besides having to put up with slow speeds and the NIC not working here at all, yet when I went home last weekend it worked great and it works great on corporate intranet, I notice something tonight and it caught me off guard...here is the results of a tracert...

1 10 ms 7 ms 7 ms c10-btg-xw-lb.cnet.com [216.239.115.140]
2 10 ms 9 ms 10 ms xx.xx.xx.xx (changed)
3 393 ms 289 ms 337 ms 147.225.57.169
4 384 ms 338 ms 386 ms 152.161.0.182
5 183 ms 173 ms 112 ms 72-255-0-1.client.stsn.net [72.255.0.1]
6 182 ms 233 ms 214 ms 208.254.24.170
7 30 ms 34 ms 77 ms 206.112.64.51
8 214 ms 205 ms 198 ms 0.so-0-0-0.wr1.iad6.alter.net [157.130.59.69]
9 239 ms 303 ms 318 ms 0.so-1-2-0.xl1.dca6.alter.net [152.63.39.114]
10 345 ms 276 ms 269 ms 0.so-7-0-0.xl1.dca5.alter.net [152.63.42.185]
11 242 ms 394 ms 298 ms 0.so-6-0-0.br1.dca5.alter.net 152.63.43.169]
12 223 ms 241 ms 226 ms 204.255.169.2
13 445 ms 388 ms 285 ms 12.122.80.221
14 218 ms 258 ms 245 ms tbr2-cl15.n54ny.ip.att.net [12.122.10.53]
15 335 ms 424 ms 218 ms ar1-p30.n54ny.ip.att.net [12.123.0.53]
16 206 ms 118 ms 415 ms mdf1-gsr12-2-pos-7-0.nyc3.attens.net [12.122.255.162]
17 95 ms 87 ms 209 ms sccsbix12-1-4.attbi.com [63.240.64.46]
18 * * * Request timed out.
19 * * * Request timed out.
20 229 ms 185 ms 253 ms www.comcast.net [63.240.76.72]

What I am trying to understand is this...I always thought that the first line of a tracert was internal on the comp and then it went out from there, what i see is the 2nd hop being the IP i am being assigned by the hotels network. I am having to use a USB hub from dynex to make a net connection...

can anyone tell me what the first hop is in this example??? or whay its coming before the IP I am being assigned??? i also have been seeing some very slow ms times whenever i having been running a tracert at this hotel, but as you can see, its just not on the STSN network, I wonder what is going on??? I should say that the IP is programmed into the STSN modem...Thanx

neomatsu

PS...I am running W2K with SP4

 

Each line prepresents a router you've passed through to get to your destination. For most small networks there is only one router: the one connected to the internet. It is that router that responds first - hence it being the first entry in Tracert

On larger networks there may be a number of routers between an end user and the network's internet connection. As Network Address Translation is set up on the internet connection, the address asignment occurs a few hops away from the initial router.

Also some ISPs (for example those connection via satellite systems) use a extranet type configuration where clients connect to their network and then pass through a common internet connection. NAT is applied at this connection rather than at the point where the clients connect to the ISP network. So again the address assignment is away from the inital router.

 

Sorry. That is absolutly not true. The basic functionality of tracert is not reliant on DNS at all!. You can have a complete tracert response without any DNS name resolution (DNS stands for Domain Name System. All it does is resolve IP addresses to DNS names).

Tracert detects routers!

Tracert uses a quirk of the ICMP Time-to-live system. ICMP is the basic protocol behind PING. When you send a PING packet out, one of the fields set is time-to-live. This basically says "keep on trying for this long ". Once the time-to-live is exceeded the next router to receive the PING packet detects this, decides not to forward the packet and (crucially for Tracert) sends a packet back to the sender telling the sender that the PING packet's time-to-live had been exceeded. This notification also includes the IP address of the router that detected the time out.

Tracert uses this system quite cleverly. First it sends out an ICMP packet with the minimum time-to-live set. It is so short that it has been exceeded before the first router receives it. That router recieves the packet, sees the time-to-live has exceeded and responds telling the sender that the packet has failed and giving the routers IP address. Tracert now has the IP address of the first ROUTER on the path to it's intended destination.

Tracert then increases the time-to-live and send another ICMP packet. The new time-to-live is just long enough to get beyond the first router. It is exceeded before the second router which responds with a failure message giving tracert the next router's IP address.

Tracert continues the process gradually increasing the time-to-live of the ICMP packets it sends out, until the packet has enough time-to-live to reach it's ultimate destination.

So the core Tracert process returns a series of routers' IP addresses. However, the Windows Tracert program does know about DNS. It can use DNS to resolve those IP addresses to DNS names (if they are available - it is not a requirement to define a DNS name to a router. It is just convenient to do so on larger networks). However, it does that for the user's convenience. It is not a requirement of the process.

 

My first hop was my router

Code:

C:\>tracert [url]www.windowsbbs.com[/url]

Tracing route to [url]www.windowsbbs.com[/url] [67.15.19.177]
over a maximum of 30 hops:

  1    <1 ms    <1 ms    <1 ms  192.168.1.1
  2    20 ms     9 ms     9 ms  user-xx-1-9-129.knology.net [xx.1.9.129]
  3     9 ms     9 ms     9 ms  SSR8600.MONT.knology.net [24.214.0.97]
  4    10 ms     8 ms    10 ms  ge.0-1-0.cr-Mont.AL.US.knology.net [24.214.0.153]
  5    45 ms    16 ms    17 ms  so.2-1-0.cr-Atla.GA.US.knology.net [24.214.0.169]
  6    25 ms    14 ms    31 ms  atl-a00.ge-4-0.33.knology.wvfiber.net [63.223.8.133]
  7    15 ms    19 ms    16 ms  atl-c00.pos-1-17-1.lan-atl-e00-pos9-0.wvfiber.net [63.223.8.53]
  8    22 ms    23 ms    22 ms  nsh-l3-c00-pos-3-0.OC48-atl-c00.pos-1-16-1.wvfiber.net [63.223.8.78]
  9    34 ms    33 ms    33 ms  cin-l3-c00-pos-5-0.OC48-nsh-l3-c00-pos-2-0.wvfiber.net [63.223.8.101]
 10    39 ms    34 ms    36 ms  chi-c00-pos-1-7-1.OC48-cin-l3-c00-pos-4-0.wvfiber.net [63.223.16.53]
 11    35 ms    34 ms    34 ms  so-4-1-1.mpr2.ord7.us.above.net [64.125.12.193]

 12    41 ms    34 ms    35 ms  so-1-0-0.cr1.ord2.us.above.net [64.125.30.146]
 13    63 ms    60 ms    60 ms  so-2-0-0.cr1.dfw2.us.above.net [64.125.30.245]
 14    66 ms    87 ms    64 ms  so-4-3-0.mpr1.iah1.us.above.net [64.125.29.25]
 15    63 ms    56 ms    65 ms  t289.216-200-251-170.iah1.us.above.net [216.200.251.170]
 16    57 ms    55 ms    54 ms  gphou-66-98-241-29.ev1.net [66.98.241.29]
 17    55 ms    53 ms    57 ms  66.98.240.103
 18    54 ms    58 ms    68 ms  windowsbbs.com [67.15.19.177]

Trace complete

 

As far as I know, the first hop would be your gateway (it could be a hardware router or a computer). The gateway would then direct it to DNS & so on.

If you are not connected through a router (directly), your DNS server would be the first hop (it acts as a router).

 

I just found what I needed . A new toy to play with.

In the start run line I typed "tracert www.windowsbbs.com" and clicked OK.

Up came a DOS window showing about 20 steps. But the Window also closed down at the end.

What am I not doing or doing wrong ?

How can I keep the windows from closing.

However I did see a range from 5ms to 40ms.

BillyBob

 

Ah! I see where you are getting confused. If you enter tracert with a DNS address rather than an IP address, the tracert program must first resolve the DNS name to an IP address before it can start its work. So the process is:

1. Send a request to a DNS server to resolve the DNS address to an IP address.
2. Receive the correct mapping of DNS name to IP address.
3. Start tracert route to IP address that is mapped to DNS address supplied by user.

So yes. The first step is to resolve the DNS name. However, that does not mean that the DNS server even needs to appear in the tracert output. The DNS lookup is done silently in the background.

In fact, in the vast majority of cases DNS servers are standalone systems that do not provide a routing service. On small networks the DNS service may be provided by a gateway server (the classic SBS model) or the router may act as a forwarder (most DSL routers do this). Therefore, on small networks you may well find that the first router is your SBS server or DSL router, either of which could also be your DNS server.

 

Actually to press the point even further, Tony look at your trace. The first lines are:

Code:

Tracing route to www.windowsbbs.com [67.15.19.177]
over a maximum of 30 hops:

The DNS resolution is done at that point. That is it has already completed, www.windowsbbs.com has been mapped to 67.15.19.177, before the trace proper start with the following line:

Code:

  1    11 ms    10 ms    13 ms  ip68-100-232-1.dc.dc.cox.net [68.100.232.1]
  2    13 ms     9 ms     9 ms  mrfdaggc01.dc.dc.cox.net [68.100.1.65]

 

Well folks I am gaining knowledge and having fun with my new found toy.

Thanks to Arie I got Tracert to work properly.

But isn't there a way to save the results ?

When I type CMD it goes to C:\Documents and settings\Bob> and returns there at the end.

BillyBob

 

Another way would be tracert domain.name > filename.txt

 

Tracert is a fabulously useful tool in any network engineer's toolbox. I've settled plenty of arguements with ISPs with a TRACERT output. (btw, rsinfo's is the easiest way to get an output file), and there's no better tool for checking routing issues.

 

My favourite is providing an ISP with the trace that shows the packets are looping round BT's routers. The ISPs love you giving them ammunition to beat BT up with (BT provide the core telecoms infrastructure in the UK).

 

Good morning to all.

First and foremost I wish to say thank you to everyone for their help. It took a bit of practice to get things working but I guess I finally have it right.

I now have two printouts of this site. Over 20 hops At 7AM it ran 7-85. At 8AM it is 7-46.

But what worried ( scared ) me the most was that when I asked for a .txt file it did not come up on the screen. Is this correct ?

BillyBob

 

tracert domain > c:\dir\filename.txt