[c-nsp] Traceroute results masking path to destination
Randy Heimann
heimannrj at gmail.com
Fri Feb 3 07:46:37 EST 2012
That looks exactly like what is happening to my traces. I am sitting on the 'outside'. Thanks for the link.
-Randy
-----Original Message-----
From: Peter Rathlev [mailto:peter at rathlev.dk]
Sent: Thursday, February 02, 2012 7:43 PM
To: Randy Heimann
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] Traceroute results masking path to destination
On Thu, 2012-02-02 at 14:39 +0100, Randy Heimann wrote:
> I am having some difficulty understanding some trace route results
> that I am receiving from the network I am on. If I tracert from my
> location (France), the results are all masked with the destination
> address (Google's public DNS). I understand that something in the
> network is substituting the actual hop address with the dest. address,
> but I do not completely understand why this is happening or how it is being accomplished.
I seem to remember that some PIX/ASA firewalls would do this "inspect icmp error". Take a look at this:
http://www.cisco.com/en/US/products/hw/vpndevc/ps2030/products_tech_note09186a0080094e8a.shtml#trace
On an ASA 8.2 one seems to only be able to either hide the intermediate hops altogether or make them plain visible. I'm trying a traceroute from inside to outside, and the other way might be different. Maybe you're on the "outside" (lower security level) interface of a firewall in between you and 8.8.8.8. :-)
--
Peter
More information about the cisco-nsp
mailing list