Traceroute number of hops changes depending on the tcp port used

Abdulrahman Mahdy

I use Nmap to traceroute some websites as follows

nmap -Pn --traceroute 108.177.127.103

I notice that the result varies depending on the used TCP port. So, when I use port 25 instead of port 80, it gives different results.

The weird thing is that the routing process should take place in the 3rd layer. The routing process should not depend on the TCP ports.

My first thought was that something is wrong with Nmap. But, when I used Wireshark to sniff the packets. I found the ICMP responses, they perfectly align with what Nmap is giving.

Then, I used windows command line as follows

tracert 108.177.127.103

I got a completely different result (it gave 24 hops, in nmap there were only 9 hops).

Again, I used Wireshark to see what was sent and received and they all perfectly fine. However, cmd tracert uses ping requests, it doesn't use TCP protocol.

What's worse is that in some cases, the traced routers IPs are all private. Even though, the target IP address is not even in my country!

This is one of the Nmap traceroutes on 162.121.211.20 port 25:

192.168.1.1 (192.168.1.1)

host-197.43.213.1.tedata.net (197.43.213.1)

10.45.3.49 (10.45.3.49)

10.38.6.30 (10.38.6.30)

10.38.7.81 (10.38.7.81)

10.37.87.141 (10.37.87.141)

10.37.22.190 (10.37.22.190)

10.37.242.170 (10.37.242.170)

162.121.211.20

Can anyone explain to me what's going on please ?!

Malt

In practice some routing decisions can depend on the upper layers.

For instance if an ISP provides anti-virus, content filtering, or proxying/content-distribution services, then it might send HTTP traffic to some special equipment to provide these services.

Port 25 (SMTP) traffic might be redirected to some anti-spam filters.

Various "low priority" traffic (the definition of which can vary) might be sent through other paths than "high priority" traffic. Classic examples are VoIP or gaming traffic being prioritized over BitTorrent.

This is part of what Net Neutrality is all about.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at
0

Comments

0 comments
Login to comment

Related

Maximum tcp port number constant in java

Given a list of sublists of ordered pairs (hops), how can I count the number of paths through list (each path is a sequence of hops)

Python socketserver, how to get my own tcp port number

Selenium: Clicked Element changes depending on number of instance launched

TCP Traceroute in python

Variable that changes depending on the field being used

TCP open socket from port that's already used for listening

How to calculate number of hops between sourcee and destination?

how to create a dynamic port forwarding with several hops?

Maximal number of hops (path cost) in Thread / OpenThread

PCAP - I'm not capturing the right TCP port number

Oneliner command to use kill given tcp port number instead of PID?

Traceroute hops in the same subnet

How to monitor TCP and UDP port changes

How to find out the source tcp port used by libcurl in a tcp session

How to make traceroute trace beyond 30 hops?

Using nmap to traceroute on a specific port

Udev rule to alias device depending on USB port number

Safely perform TCP traceroute from user request

SElinux and TCP Traceroute

Why UDP and TCP use port number but not PID to locate the destination?

I want to make a variable in my views.py which changes depending the name of the urlpattern used

Where is the port number defined, which is used in JDBC hive connection string?

Maximum port number used for bind() fun call

Is there a well defined default port number to be used as a Java RMI registry port

TCP server takes wrong port number on ubuntu 14.04

AWS changes the port number to name

Redirect to a port number depending on the URL

Getting SQL Server instance name from tcp port number