11-21-2014 12:21 PM - edited 03-05-2019 12:13 AM
HI,
I'm facing a peculiar situation, the trace below can be completed until 190.90.15.3 (destination IP address) but at the same time, I don't have HTTP (80) access to this.
C:/cmd>tracert s.yimg.com
Trace to fo-coa-s.aycs.b.yahoodns.net [190.90.15.3]
1 94 ms 90 ms 87 ms 201.x.x.x
2 92 ms 92 ms 85 ms 172.x.x.x
3 83 ms 76 ms 75 ms 10.x.x.x
4 60 ms 64 ms 64 ms 10.x.x.x
5 110 ms 80 ms 80 ms 10.x.x.x
6 135 ms 141 ms 146 ms 213.248.89.153
7 226 ms 167 ms 138 ms 213.155.130.240
8 142 ms 146 ms 144 ms 62.115.138.25
9 165 ms 165 ms 157 ms 62.115.141.71
10 164 ms 167 ms 173 ms 62.115.33.22
11 202 ms 208 ms 215 ms 200.16.69.61
12 209 ms 196 ms 205 ms 200.16.70.174
13 * * * Request timed out.
14 * 189 ms * 190.90.11.134
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 238 ms 236 ms * 190.90.15.3
19 * * * Request timed out.
20 * * * Request timed out.
21 239 ms * * 190.90.15.3
22 * * * Request timed out.
23 * * * Request timed out.
24 216 ms * 199 ms 190.90.15.3
Trace complete.
What I see (and the reason why I'm asking here) is a kind of loop behavior in the last jump, as is visible the destination IP address is bounding 3 times.
I'm not passing through a firewall or any kind of restriction in my way to the router, so I wondering why this behavior and if it is due the routing tables outside my network.
I'm using a cisco 12406 IOS v12, is it possible to test [ip.dest:80] inside the router, to check if this port is reachable from the router or at least packets are leaving on a interface, So how can I do it?
C:/cmd>nc -vv 190.90.15.3 80 ... (9 sec) Connection timeout
Any help/opinion/light will be welcome.
11-21-2014 09:40 PM
C:\Users\tt>tracert s.yimg.com
Трассировка маршрута к s.gycs.b.yahoodns.net [188.125.93.156]
с максимальным числом прыжков 30:
1 1 ms 3 ms 1 ms 192.168.1.1
2 2 ms 2 ms 2 ms 147.30.20.1
3 25 ms 25 ms 25 ms 82.200.243.6
4 25 ms 25 ms 27 ms 82.200.243.9
5 25 ms 26 ms 54 ms 82.200.243.114
6 * 33 ms 26 ms 95.59.172.17
7 62 ms 61 ms 70 ms msk04.transtelecom.net [217.150.36.58]
8 * * * Превышен интервал ожидания для запроса.
9 103 ms 123 ms 103 ms ge-1-3-0.pat1.dee.yahoo.com [80.81.192.115]
10 103 ms 103 ms 103 ms UNKNOWN-188-125-95-X.yahoo.com [188.125.95.35]
11 104 ms 104 ms 104 ms l1.ycs.vip.dea.yahoo.com [188.125.93.156]
Трассировка завершена.
C:\Users\tt>
11-23-2014 01:42 AM
Hello, you can try telnet on port 80 from your router. You can also create extended ACL on your ingress or egress depending where you want to see traffic going towards this destination. Remember permit ip an any on end of ACL.
11-23-2014 08:07 AM
Hello
your can use an access-list without applying it to any interface to test be it via the IP stack or by a defined port such as port 80
access-list 101 permit ip host x.x.x.x host y.y.y.y
access-list 101 permit IP host y.y.y.y host x.x.x.x
or
ccess-list 101 permit tcp host x.x.x.x eq 80 host y.y.y.y
access-list 101 permit tcp host y.y.y.y eq 80 host x.x.x.x
And make sure you enable debug ONLY on the ACL otherwise you may cause the router high utilisation
debug ip packet detail 101
Res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide