dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
7098
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

[Connectivity] Traceroute broken hop - what can I do?

So I have been going in circles with Comcast trying to get an issue resolved. Basically, I'm trying to reach a specific website (lush-brush.com) but cannot. All other performance seems to be good. I did a traceroute to that site and there is a broken hop outside of the Comcast network. When I first spoke to them, they made it sound like they could fix it by rerouting or doing something else. I don't know enough about this but it sounded good.

I can access the site through a proxy service and the Comcast reps can pull it up no problem. It just seems the route my request is taking isn't working. I also can't ping lush-brush.com

Now, seven phone calls and at least 4 tickets later, I still cannot access the site. The latest they told me was to "call the website" and let them know there is a problem - whatever that means. As far as I can tell, there is a problem in the middle and I don't know what to do to get this resolved.

Am I missing something? Any ideas on what I can do to get access this site again?

Here's my latest traceroute:
traceroute to lush-brush.com (65.182.101.135), 64 hops max, 40 byte packets
 1  192.168.0.1 (192.168.0.1)  1.231 ms  0.783 ms  0.733 ms
 2  c-24-98-68-1.hsd1.ga.comcast.net (24.98.68.1)  9.730 ms  6.355 ms  7.989 ms
 3  ge-2-2-ur01.g3lilburn.ga.atlanta.comcast.net (68.86.107.221)  7.979 ms  7.419 ms  7.492 ms
 4  te-9-1-ur01.g4snellville.ga.atlanta.comcast.net (68.86.106.178)  6.474 ms  5.895 ms  8.986 ms
 5  te-9-1-ur01.g5snellville.ga.atlanta.comcast.net (68.86.106.182)  7.978 ms  8.332 ms  6.477 ms
 6  te-9-1-ur01.d2lithonia.ga.atlanta.comcast.net (68.86.106.186)  9.476 ms  12.682 ms  7.985 ms
 7  te-9-2-ur01.d1stonemtn.ga.atlanta.comcast.net (68.86.106.190)  8.474 ms  7.413 ms  6.489 ms
 8  po-4-ar01.d1stonemtn.ga.atlanta.comcast.net (68.86.106.158)  8.974 ms  6.409 ms  8.985 ms
 9  po-3-ar01.B0atlanta.ga.atlanta.comcast.net (68.86.107.126)  11.480 ms  9.903 ms  9.476 ms
10  te-0-1-0-5-cr01.atlanta.ga.ibone.comcast.net (68.86.90.125)  12.478 ms  11.171 ms  10.729 ms
11  te-4-4.car1.Atlanta2.Level3.net (4.71.252.13)  13.223 ms  10.770 ms  12.976 ms
12  ae-73-52.ebr3.Atlanta2.Level3.net (4.68.103.62)  17.474 ms  18.376 ms  17.476 ms
13  ae-7.ebr3.Dallas1.Level3.net (4.69.134.21)  45.211 ms  35.903 ms  36.215 ms
14  ae-63-63.csw1.Dallas1.Level3.net (4.69.136.154)  33.957 ms  35.871 ms  35.964 ms
15  ae-61-61.ebr1.Dallas1.Level3.net (4.69.136.121)  35.695 ms  36.365 ms  37.714 ms
16  ae-8-8.car1.Phoenix1.Level3.net (4.69.133.29)  66.438 ms  69.941 ms  67.689 ms
17  4.79.184.138 (4.79.184.138)  66.428 ms  71.110 ms  67.442 ms
18  * * *
19  * * *
 

Many thanks.

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Can you try getting tracetcp and using it instead of tracert? tracetcp will send a TCP SYN packet (basically the same thing your browser does initially to establish the TCP connection for the http protocol).

See if a trace via TCP stops at the same hop.

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

4 edits

EG to phattymatty

Premium Member

to phattymatty
Hmmmm:

Tracing route to lush-brush.com [65.182.101.135]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.1.1
2 * * * Request timed out.
3 7 ms 7 ms 7 ms s01c1.hinesville.ga.savannah.comcast.net [68.86.
192.177]
4 12 ms 9 ms 9 ms po-10-ur01.jerseycity.nj.panjde.comcast.net [68.
86.209.242]
5 8 ms 7 ms 9 ms po-10-ur02.jerseycity.nj.panjde.comcast.net [68.
86.209.246]
6 10 ms 10 ms 8 ms po-10-ur01.narlington.nj.panjde.comcast.net [68.
86.209.250]
7 8 ms 9 ms 9 ms po-10-ur02.narlington.nj.panjde.comcast.net [68.
86.158.178]
8 10 ms 23 ms 9 ms po-70-ar01.verona.nj.panjde.comcast.net [68.86.2
09.254]
9 13 ms 11 ms 11 ms pos-0-11-0-0.ar01.plainfield.nj.panjde.comcast.n
et [68.86.153.98]
10 11 ms 11 ms 11 ms pos-0-3-0-0-cr01.newyork.ny.ibone.comcast.net [6
8.86.90.25]
11 12 ms 18 ms 13 ms xe-10-2-0.edge1.NewYork2.Level3.net [4.78.169.49
]
12 20 ms 18 ms 18 ms vlan89.csw3.NewYork1.Level3.net [4.68.16.190]
13 15 ms 18 ms 17 ms ae-83-83.ebr3.NewYork1.Level3.net [4.69.134.105]

14 57 ms 51 ms 54 ms ae-6.ebr2.Dallas1.Level3.net [4.69.137.121]
15 62 ms 53 ms 54 ms ae-62-62.csw1.Dallas1.Level3.net [4.69.136.138]

16 49 ms 53 ms 53 ms ae-61-61.ebr1.Dallas1.Level3.net [4.69.136.121]

17 83 ms 85 ms 84 ms ae-8-8.car1.Phoenix1.Level3.net [4.69.133.29]
18 89 ms 85 ms 85 ms 4.79.184.138
19 84 ms 84 ms 85 ms yuma3.brinkster.com [65.182.101.135]

Trace complete.

The server seems to respond to ICMP pings.

I'm traversing the same last 3 Level3 hops that you are.

Maybe for some reason your IP, or that block of IP's is being blocked ?

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog to phattymatty

MVM

to phattymatty
Can you go to »www.whatsmyip.net/, what is your IP address - just report the first 3 octets.

For example, if it reports:

1.2.3.4

Just tell us:

1.2.3.x

It could be you're on a newer IP block and somewhere along the route has an out of date bogon filter. This has been happening quite frequently for Verizon customers, but I'm not sure if Comcast has added any new IP blocks from IANA lately or not.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

Here you go:
24.98.70.xxx

Any idea how I can run a tracetcp on a mac?

Thanks again.

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

said by phattymatty:

Here you go:
24.98.70.xxx

Any idea how I can run a tracetcp on a mac?
Well, you can use (a better program) called tcptraceroute, but you'd have to install Mac Ports.

I can see if I can build a static tcptraceroute binary and post it here.

The IP address you have should be fine, 24/8 has been in use for a loooong time.
pflog

pflog to phattymatty

MVM

to phattymatty
Which version of OSX and PPC or Intel? I have a Leopard box here, but can get my friend to let me have access to his Tiger box. Both are Intel-based Macs, though, so if you have PPC, I'd have to point you to Mac Ports.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

OS X 10.5.5 - Intel.

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Cool, I need to compile all the dependencies myself in Mac Ports. tcptraceroute appears to support an --enable-static option to it's ./configure script, so I should be able to build a static binary for you which you can just grab and run via Terminal.app.
pflog

pflog to phattymatty

MVM

to phattymatty
Ok, grab this file and save it to your Desktop:

»pflog.net/~floyd/tcptraceroute

Then run Terminal.app, and:

cd ~/Desktop
chmod +x tcptraceroute
sudo ./tcptraceroute lush-brush.com 80

You should see something similar to this:


macbook:Desktop floyd$ sudo ./tcptraceroute lush-brush.com 80
Selected device en1, address 10.0.0.10, port 52800 for outgoing packets
Tracing the path to lush-brush.com (65.182.101.135) on TCP port 80 (http), 30 hops max
1 10.0.0.1 0.612 ms 0.596 ms 0.861 ms
2 L300.VFTTP-16.PHLAPA.verizon-gni.net (71.162.151.1) 5.716 ms 4.465 ms 4.947 ms
3 P6-2.LCR-03.PHLAPA.verizon-gni.net (130.81.96.84) 7.578 ms 7.187 ms 7.564 ms
4 so-6-0-0-0.PEER-RTR1.NY111.verizon-gni.net (130.81.17.129) 22.330 ms 17.398 ms 17.4 02 ms
5 so-0-3-1.mpr2.lga5.us.above.net (64.125.13.33) 17.470 ms 17.147 ms 22.427 ms
6 so-0-0-0.mpr1.lga5.us.above.net (64.125.27.237) 18.471 ms 16.175 ms 17.476 ms
7 so-0-2-0.mpr1.dca2.us.above.net (64.125.26.97) 17.386 ms 27.040 ms 17.998 ms
8 so-1-0-0.mpr3.iah1.us.above.net (64.125.29.37) 56.465 ms 57.049 ms 57.340 ms
9 xe-1-1-0.mpr4.phx2.us.above.net (64.125.28.73) 92.361 ms 92.151 ms 92.492 ms
10 xe-0-0-0.mpr3.phx2.us.above.net (64.125.27.41) 92.356 ms 92.414 ms 92.463 ms
11 64.124.200.162 92.507 ms 96.892 ms 93.012 ms
12 yuma3.brinkster.com (65.182.101.135) [open] 86.788 ms 86.114 ms 87.365 ms


Let me know if you have any trouble getting it to run. The binary isn't static, but doesn't seem to need the libnet11 library from mac ports installed on the system to run (I removed it and the tcptraceroute binary still ran ok).
phattymatty
join:2002-11-18
Lawrenceville, GA

1 edit

phattymatty

Member

Seems to have worked just fine. Awesome. So here are the results - the same IP at hop 17 isn't working.

Selected device en1, address 192.168.0.105, port 50089 for outgoing packets
Tracing the path to lush-brush.com (65.182.101.135) on TCP port 80 (http), 30 hops max
1 192.168.0.1 1.692 ms 2.085 ms 3.936 ms
2 c-24-98-68-1.hsd1.ga.comcast.net (24.98.68.1) 10.983 ms 8.146 ms 7.475 ms
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 po-4-ar01.d1stonemtn.ga.atlanta.comcast.net (68.86.106.158) 9.691 ms 7.731 ms 8.513 ms
9 po-3-ar01.B0atlanta.ga.atlanta.comcast.net (68.86.107.126) 9.946 ms 11.585 ms 11.977 ms
10 te-0-1-0-5-cr01.atlanta.ga.ibone.comcast.net (68.86.90.125) 10.455 ms 10.911 ms 10.936 ms
11 te-4-4.car1.Atlanta2.Level3.net (4.71.252.13) 10.694 ms 15.160 ms 12.450 ms
12 ae-73-52.ebr3.Atlanta2.Level3.net (4.68.103.62) 14.858 ms 19.353 ms 17.991 ms
13 ae-7.ebr3.Dallas1.Level3.net (4.69.134.21) 35.334 ms 36.470 ms 36.206 ms
14 ae-83-83.csw3.Dallas1.Level3.net (4.69.136.162) 36.464 ms 45.698 ms 36.122 ms
15 ae-81-81.ebr1.Dallas1.Level3.net (4.69.136.129) 46.974 ms 46.401 ms 36.005 ms
16 ae-8-8.car1.Phoenix1.Level3.net (4.69.133.29) 68.539 ms 68.022 ms 67.978 ms
17 4.79.184.138 68.030 ms 69.712 ms 67.551 ms
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Destination not reached

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Hrm, very strange. Well, it was worth a shot. Was hoping we might see it get further.

Ok, 4.79.184.138 is the last hop before the host itself (if you look at EG See Profile's trace, the host itself is the next hop).

So either that host is blocking traffic for your IP or IP range for some reason, or there's some other strangeness going on.

Since you have a mac and have tcpdump installed by default, you can sniff and see if there's anything strange showing up.

Open up Terminal.app and run:

sudo tcpdump -s 0 -v -w lush-brush.pcap host 4.79.184.138 or host 65.182.101.135

Then in your browser, try to browse to the site. Let it go for maybe 5-10 seconds, then go over too the tcpdump command and hit ctrl-c.

Then you can upload the lush-brush.pcap file here.

Note: people can see your IP address via this pcap file, so if you're not ok with that, I can make arrangements for you to upload it to me directly (if that's ok with you) for me to take a look. If not, I think there is a perl script out there that can remap IP addresses in a pcap file, but I've never used it.

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

EG to phattymatty

Premium Member

to phattymatty
Call the host.

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

said by EG:

Call the host.
Booo!! That's no fun for us I like sleuthing, that's cheating to call the hosting company

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

1 edit

EG

Premium Member

LOLLLL !!!!

Seems we posted simultaneously deblin !!

Sorry..

We really have to stop meeting like this !

People will talk !

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

*shify eyes*

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

EG

Premium Member

HeeHeeHee

I agree that the "sleuthing" makes it all worthwhile bud !!!
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

Thanks guys. I've been on hold with the host while trying your suggestions out. Hopefully they answer before my cell phone dies

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Are you going to try the tcpdump thing, or do you not want your IP known? I can understand if that's the case. I'm really curious what's happening on their end. Most likely, though, the tcpdump is just going to show:

you => SYN => them

then nothin, when it should be sending a SYN,ACK back.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

So I'm chatting with Brinkster and they say "If we had any type of router issues there would be hundreds of thousands of customers" and "That is not an IP on our network" and finally
"People could be just trying to pass the buck"

arrgh
phattymatty

phattymatty to pflog

Member

to pflog
I tried. It produced the pcap file but there were just a few odd characters in the file. This is all that was in there "Ôò¡

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Yeah, you can read it with tcpdump -r file.pcap

Or use something like wireshark to view it, which can be more useful as it has some analysis tools, built in filtering expressions, etc. Most of which can be done with tcpdump natively, but it's a nice fancy GUI.

If you still have the .pcap file and are willing to upload it to the thread here, I can take a look for you.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

I must be doing something wrong but here's the file anyway

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog

MVM

Hmm strange. The capture is empty.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

I opened a ticket with Brinkster. Although they insist it is not their hardware I think they are interested in helping resolve this b/c they don't want it to reflect poorly on them. There was another forum post from some time ago that had the same ip and brinkster mentioned (»member.dnsstuff.com/foru ··· 13360702). We'll see what comes of it.

pflog
Bueller? Bueller?
MVM
join:2001-09-01
El Dorado Hills, CA

pflog to phattymatty

MVM

to phattymatty
Ok, it's possible the default interface for tcpdump is not the one that your connection is using.

Are you on a macbook/macbook pro? e.g. something with a wireless card in it? Are you connected wirelessly or via ethernet?

If over wireless, try adding -i en1 to the tcpdump command.

So the full command would be:

sudo tcpdump -i en1 -s 0 -v -w lush-brush.pcap host 4.79.184.138 or host 65.182.101.135

I think it captured on the default (first) interface, which is probably your ethernet connection, but if you're on wireless it wouldn't be sniffing on the right one. Try the above and after you have the running, hit the site (or try to), then once you've waited 5-10 seconds, ctrl-c that tcpdump command and then upload that new pcap file.
vferrari
join:2008-07-25

vferrari to phattymatty

Member

to phattymatty
What you want is for them to do a return traceroute back to you from their network. Sometimes there is a problem on the return and it can also be an asymetric path meaning the path from them back to your source address may not follow the same path you took to get to them.
phattymatty
join:2002-11-18
Lawrenceville, GA

phattymatty

Member

Just wanted to post a followup. So, after all the detective work the hosting company admitted that they blocked my IP. My client changed their password and after a few failed attempts to log in they banned my IP. A little drastic I think but that was the problem all along.

Thanks everyone for your help!

CUBS_FAN
2016 World Series Champs
join:2005-04-28
Chicago, IL

CUBS_FAN

Member

Darn, If I only read this thread yesterday. Just by the way your tracert dies at the hop before the host tells me your IP was banned/blocked by the host. Good to see it's been resolved.

EG
The wings of love
Premium Member
join:2006-11-18
Union, NJ

1 edit

1 recommendation

EG

Premium Member

said by CUBS_FAN:

Darn, If I only read this thread yesterday. Just by the way your tracert dies at the hop before the host tells me your IP was banned/blocked by the host.
If you snooze, you lose around here bud...

Too bad you weren't here to save the day..