How is it possible for traceroute to timeout, yet the site will load fine in a browser?

traceroute
jpeskin picture jpeskin · May 11, 2013 · Viewed 50.3k times · Source

I am able to load www.cnn.com in Chrome, yet when I do a traceroute from the command line (OSX), it times out at level3.net

I used this Chrome extension to verify the IP that Chrome is using for www.cnn.com (I can't find a way with Chrome debugger to view IP addresses): https://chrome.google.com/webstore/detail/ipvfoo/ecanpcehffngcegjmadlcijfolapggal

And when I use the CLI to traceroute to the same IP address, it times out??

Are there any diagnostics to figure out or understand why traceroute is timing out in this case? I thought both traceroute and browsers are using the same OS network layer to route TCP/IP traffic?

Answer

Lasse V. Karlsen picture Lasse V. Karlsen · May 11, 2013

If a router along the way decides to not send the ICMP time exceeded (i.e. TTL reached en-route) or destination unreachable message (i.e. UDP-packet reached final host but port closed, proper behaviour though), you will get a timeout at that point in the traceroute.

In short, if you are running a traceroute xyz you are doing what is called an UDP-based traceroute, that is sending UDP-packets with a low TTL, starting from 1, and increasing by 1 per step. If you packet dies at a router, i.e. TTL becomes 0, that router should, according to RFC 792 and some others, send an ICMP "time exceeded" message, ergo saying that we could not deliver the package within the timeframe, but at least we tell you that your package died.

There are two other methods for doing a traceroute, I'd recommend the a man-page for help, such as this one, if you want to understand the differences better. But in short you can also send ICMP Echo packets or TCP SYN packets. To summarise, there are three methods all based on an ever increasing TTL to map the "hosts" along the route:

  • UDP to random port (usually 33434 + 100) at host with low TTL
    • In my experience the default for all command line tools, such as traceroute and tracert
  • ICMP Echo to host with low TTL
    • I've encountered this in a couple of graphical tools, also as an option for most command line tools.
  • TCP SYN, often to port 80, that way the traffic is "kinda" masked as http-traffic is passes by many routers which normally drop ICMP Echoes and UDP-packets to weird ports.
    • Neat trick and "new" method, although unorthodox, for finding a route to a host. Unorthodox in that you are in a way missusing Internet-standards. Exists as an option for most command line tools.

The router may pass on normal traffic, thus allowing your TCP-based http request to complete, but it may silently drop UDP to weird ports, half open TCP to weird ports or ICMP pings with low TTL, leaving your local traceroute process waiting and then timing out on that stop.

Related questions

tracert command returns timed out

tracert returns requested time out. What I understand from this is the packets lost some where on the network. Does it mean the issue is with the ISP or with the hosting provider or my windows system? 10 * * * Request timed out. 11 * * * …

Read More
TraceRoute and Ping in C#

Does anyone have C# code handy for doing a ping and traceroute to a target computer? I am looking for a pure code solution, not what I'm doing now, which is invoking the ping.exe and tracert.exe program and …

Read More
Script to start traceroute if continuous ping fails, output to log

I want to continuously ping my home public IP address, and if the ping fails automatically do a traceroute to see where it's failing. I've been trying to follow the comments made here: http://social.technet.microsoft.com/Forums/en-US/…

Read More