traceroute of an e-mail

A question. I recently recieved an e-mail with an indiatimes.com
mail address. The hotmail look up showed an ip of Indian origin.
However when I put the information into a traceroute program
it showed the origin and track of the sender back to the U.S.
How did the traceroute know the information when the stamped
priginal IP was of Indian origin.
I can understand if you track a net address say windowsbbs.com. In that case the program will ping the address
and follow the trail.
However in this case how does it know the info ?

 

Traceroute bounced a packet along until it found the server.

Whois told you where it had been registered.

Very likely both were correct.

I could register a domain for myself and list all the contact info for North Carolina, USA where I live. I could then locate the site on a server in England. Whois would show NC, USA registration and tracert would hop to England.

 

still do not understand

Newt,
me again.
I do not understand how if the ip address on the header
was from India how could visual route determine that the original command was issued from an american ip.
The only ip on the "View E-mail Message Source" in hotmail
listed the source as indiatimes.com.
How did visual route find out the american origin of the message ????

 

please explain this to me

Newt,
It seems to me and my son's nature to figure out how systems work. Why ????
Following your example I set out the following test case

Received: from WS0005.indiatimes.com ([203.199.93.15])


here is the " View E-mail Message Source " in hotmail:

Received: from WS0005.indiatimes.com ([203.199.93.15]) by mc9-f18.bay6.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
Thu, 9 Jan 2003 03:02:24 -0800
Received: from 192.168.57.15 (a3 [192.168.57.23])
by WS0005.indiatimes.com (8.9.3/8.9.3) with SMTP id QAA02728
for <schamish@hotmail.com>

here is the tracerroute . (note ends up in India :Bbone.vsnl.net.in)
3 130.152.180.21 60.476 ms isi-1-lngw2-atm.ln.net [AS226] Los Nettos origin AS
4 198.172.117.161 4.944 ms ge-2-3-0.a02.lsanca02.us.ra.verio.net [AS2914] Verio
5 129.250.29.126 9.874 ms ge-6-2-0.r00.lsanca01.us.bb.verio.net [AS2914] Verio
6 64.86.173.133 4.404 ms DNS error [AS6453] BCE Teleglobe Canada Inc.
7 64.86.80.14 9.550 ms if-8-0.core2.LosAngeles2.Teleglobe.net [AS6453] BCE Teleglobe Canada Inc.
8 64.86.83.145 3.342 ms if-9-0.core2.LosAngeles.Teleglobe.net [AS6453] BCE Teleglobe Canada Inc.
9 64.86.83.173 78.305 ms if-5-0.core3.NewYork.Teleglobe.net [AS6453] BCE Teleglobe Canada Inc.
10 66.110.8.138 78.348 ms if-4-0.core2.NewYork.Teleglobe.net [AS6453] BCE Teleglobe Canada Inc.
11 207.45.221.103 78.924 ms if-5-0-0.bb5.NewYork.teleglobe.net [AS6453] BCE Teleglobe Canada Inc.
12 216.6.118.130 361.808 ms DNS error [AS6453] BCE Teleglobe Canada Inc.
13 202.54.2.189 350.209 ms vsb-lvsb-stm-1.Bbone.vsnl.net.in (DNS error)
14 203.197.33.194 338.458 ms DNS error
15 203.197.72.241 340.263 ms DNS error
16 203.199.93.15 350.288 ms DNS error

here is the visual route report:
Report for 203.199.93.15

Analysis: '203.199.93.15' was found in 18 hops (TTL=243).

---------------------------------------------------------------------------------------------------------------------------------------------------------------
| Hop | %Loss | IP Address | Node Name | Location | Tzone | ms | Graph | Network |
---------------------------------------------------------------------------------------------------------------------------------------------------------------
| 0 | | 24.85.89.5 | h24-85-89-5.wp.shawcable.net | * | | | | 24.85.89.0 |
| 1 | | 24.85.88.1 | - | | | 24 | x | 24.85.88.0 |
| 2 | | 24.66.95.3 | rc2nr-ge3-0.wp.shawcable.net | | | 29 | x | 24.66.95.0 |
| 3 | | 66.163.73.129 | rc1nr-pos15-0.wp.shawcable.net | | | 35 | x- | 66.163.73.0 |
| 4 | | 66.163.76.78 | rc1ar-pos14-0.ed.shawcable.net | | | 42 | x | 66.163.76.0 |
| 5 | | 66.163.76.173 | rc1bb-pos12-1.vc.shawcable.net | | | 114 | -x-- | 66.163.76.0 |
| 6 | | 66.163.76.58 | rc2wt-pos2-2.wa.shawcable.net | | | 53 | x | 66.163.76.0 |
| 7 | | 129.250.10.21 | ge-7-2-0.r03.sttlwa01.us.bb.verio.net | Seattle, WA, USA | -08:00 | 53 | x | 129.250.10.0 |
| 8 | | 207.45.196.33 | if-3-0.core1.Seattle.Teleglobe.net | Seattle, WA, USA | -08:00 | 53 | x- | 207.45.196.0 |
| 9 | | 64.86.83.193 | if-13-0.core2.Sacramento.Teleglobe.net | Sacramento, CA, USA | -08:00 | 72 | x | 64.86.83.0 |
| 10 | | 64.86.83.222 | if-1-0.core2.Sacramento.Teleglobe.net | Sacramento, CA, USA | -08:00 | 74 | x | 64.86.83.0 |
| 11 | | 64.86.83.137 | if-9-0.core2.Chicago3.Teleglobe.net | Chicago, IL, USA | -06:00 | 84 | x | 64.86.83.0 |
| 12 | | 64.86.83.218 | if-2-0.core3.NewYork.Teleglobe.net | New York, NY, USA | -05:00 | 108 | x- | 64.86.83.0 |
| 13 | | 66.110.8.133 | if-10-0.core1.NewYork.Teleglobe.net | New York, NY, USA | -05:00 | 108 | x- | 66.110.8.0 |
| 14 | | 207.45.221.103 | if-5-0-0.bb5.NewYork.teleglobe.net | New York, NY, USA | -05:00 | 99 | x | 207.45.221.0 |
| 15 | | 216.6.118.130 | - | | | 372 | -x | 216.6.118.0 |
| 16 | | 202.54.2.10 | LVSB-VSB-stm-3.Bbone.vsnl.net.in | ?--- | | 367 | -x | VSNL Backbone Network Links |
| 17 | | 203.197.72.110 | - | ?Bombay, India | +05:30 | 381 | -x--- | Videsh Sanchar Nigam Ltd - India. |
| 18 | | 203.199.93.15 | - | ?Bombay, India | +05:30 | 375 | -x | Videsh Sanchar Nigam Ltd - India. |
---------------------------------------------------------------------------------------------------------------------------------------------------------------
Roundtrip time to 203.199.93.15, average = 375ms, min = 326ms, max = 401ms -- 09-Jan-03 5:18:01 AM

Newt :
the key phrase is "wp.shawcable.net ' which is my isp.
My ip does not seem to appear in this report.
The question is how did virtual route get the original isp when
Received: from WS0005.indiatimes.com ([203.199.93.15]) is present.
can you please explain this to me.
I should really go to http://www.visualware.com/visualroute/index.html and read up
Imagine if all of this effort was put to good use !!!!!

 

sorry Newt

Sorry Newt I mistakenly thought that it was you and not Arie
who posted the reply.
All this unlimited Internet time is great. Rmember when the meter was running.
With Compuserve you had to use some type of shared long distance service. Here it was called "datapac ". You were bundled
with other users.
Back then the standard was 2400 baud (b.p.s. for purists) GASSSP.
Not only was it very expensive even with offline e-mail trackers
and readers but slow.
One Saturday night I thought I had it figured it -limited users
hence fast speeds. Everything was clicking along on the 2400 bps modem (may even have updated to 9600 bps high speed
modem)
With time changes at 12:01 a.m. Sunday morning every commercial computer in Toronto must of kicked in. Service slowed to a halt.
The Compuserve tech were really quite helpfull. One tech told
me why don't you use the 800 number . Its a dollar cheaper
an hour but it is a direct line hence faster.
Is there a 800 line I asked incrediously. Yes he explained but we have an arrangement with the Canadian phone companies.
We promote Datapac and are not allowed to tell users about the
800 number . And it was much faster and marginally cheaper.
This one tech must of told a few people.
It did not take long ( month or two) and we got an e-mail
message from the Compuserve administration.
It said that a "mistake" had been made in pricing. The 800
number charge had been incorrectly listed.
The "new correct Charge" was $ 40 an hour revised from 8
an hour. Fun and games!!!
Remember when high tech was calling a cute girl across town with a rotary dial phone.

 

Arie my mistake

Arie,
my mistake. Figured it out.
the shaw.ca came from the way visual route works- it draws the line from search host ip or isp.