Home page logo
/

nanog logo nanog mailing list archives

Re: next hop packet loss
From: William Herrin <bill () herrin us>
Date: Tue, 7 Aug 2012 04:50:43 -1000

On Mon, Aug 6, 2012 at 11:27 AM, Jim Ray <jim () neuse net> wrote:
I have a Time Warner Business Class connection and am unable to reach
http://www.checkpoint.com to research product line I wish to carry. I
did a trace route and confirmed packets are past my network, Time Warner
network and onto next hop where they execute jump to nowhere
instruction.
Here is the tracert just now (it has been failing for weeks):

That's an artifact of Checkpoint blocking pings. Note the difference
between ICMP and TCP-based traceroutes:

traceroute -I 216.200.241.66
traceroute to 216.200.241.66 (216.200.241.66), 30 hops max, 60 byte packets
 1  sark.dirtside.com (70.182.189.216)  0.462 ms  0.494 ms  0.555 ms
 2  10.1.192.1 (10.1.192.1)  9.023 ms  9.197 ms  9.247 ms
 3  ip72-196-255-1.dc.dc.cox.net (72.196.255.1)  15.210 ms  15.497 ms  15.548 ms
 4  mrfddsrj01gex070003.rd.dc.cox.net (68.100.0.141)  13.594 ms
13.765 ms  13.817 ms
 5  68.1.4.139 (68.1.4.139)  14.752 ms  15.016 ms  14.951 ms
 6  ge-8-0-7.er2.iad10.us.above.net (64.125.12.241)  15.075 ms  9.565
ms  9.384 ms
 7  xe-5-1-0.cr2.dca2.us.above.net (64.125.29.77)  33.238 ms  26.629
ms  26.554 ms
 8  xe-2-2-0.cr2.iah1.us.above.net (64.125.30.53)  45.079 ms  45.230
ms  45.264 ms
 9  xe-0-3-0.cr2.lax112.us.above.net (64.125.30.50)  75.982 ms  76.212
ms  76.154 ms
10  xe-2-1-0.cr2.sjc2.us.above.net (64.125.26.30)  93.901 ms  94.044
ms  88.715 ms
11  xe-1-1-0.er2.sjc2.us.above.net (64.125.26.202)  88.542 ms  88.885
ms  90.094 ms
12  64.124.201.230.b709.above.net (64.124.201.230)  89.691 ms  89.060
ms  88.895 ms
13  * * *
14  * * *
15  * * *

traceroute -T -p 80 216.200.241.66
traceroute to 216.200.241.66 (216.200.241.66), 30 hops max, 60 byte packets
 1  sark.dirtside.com (70.182.189.216)  0.487 ms  0.520 ms  0.568 ms
 2  10.1.192.1 (10.1.192.1)  20.018 ms  24.851 ms  25.144 ms
 3  ip72-196-255-1.dc.dc.cox.net (72.196.255.1)  25.415 ms  25.502 ms  25.591 ms
 4  mrfddsrj01gex070003.rd.dc.cox.net (68.100.0.141)  25.139 ms
25.178 ms  25.260 ms
 5  68.1.4.139 (68.1.4.139)  37.509 ms  37.437 ms  37.362 ms
 6  ge-5-3-0.mpr2.iad10.us.above.net (64.125.13.57)  91.097 ms  89.808
ms ge-8-0-7.er2.iad10.us.above.net (64.125.12.241)  24.078 ms
 7  xe-5-1-0.cr2.dca2.us.above.net (64.125.29.77)  26.324 ms  11.950
ms  12.477 ms
 8  xe-2-2-0.cr2.iah1.us.above.net (64.125.30.53)  74.680 ms  74.575
ms  74.355 ms
 9  xe-0-3-0.cr2.lax112.us.above.net (64.125.30.50)  76.781 ms  76.330
ms  76.118 ms
10  xe-2-1-0.cr2.sjc2.us.above.net (64.125.26.30)  100.310 ms  100.026
ms  98.495 ms
11  xe-1-1-0.er2.sjc2.us.above.net (64.125.26.202)  98.631 ms  93.570
ms  94.380 ms
12  64.124.201.230.b709.above.net (64.124.201.230)  94.420 ms  97.053
ms  95.015 ms
13  208.185.174.208 (208.185.174.208)  96.208 ms  96.541 ms  96.384 ms
14  www.checkpoint.com (216.200.241.66)  97.406 ms  97.534 ms  97.891 ms


Since you get all the way to the Checkpoint border, try some basic
diagnostics like:

telnet www.checkpoint.com 80
GET / HTTP/1.1
Host: www.checkpoint.com

Wait for the telnet to succeed before you type GET. Make sure you
press enter twice after the last line. You're hand-jamming an HTTP
request.

If you don't connect then checkpoint is blocking your IP address for
one reason or another. Maybe there are hackers in your neighborhood.
Take it up with them by phone.

If you do connect but get no response to the "get" http request then
most likely checkpoint is blocking all ICMP packets and your path MTU
is smaller than 1500 bytes. The ICMP block prevents the fragmentation
needed message from reaching their web server, so it never figures out
it needs to shorten its packets. If, as a firewall company, they have
made this beginner mistake... 'nuff said.

And of course if you do get complete content back from the web server
then you have some other problem with your PC that's getting in the
way.

Regards,
Bill Herrin



-- 
William D. Herrin ................ herrin () dirtside com  bill () herrin us
3005 Crane Dr. ...................... Web: <http://bill.herrin.us/>
Falls Church, VA 22042-3004


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]