Lucid Projects

Blog - Day to day mumblings...
Traceroute - Am I lost?

Traceroute - Am I lost?

22 Sep 2020 - Jake Sherwood

Traceroute Am I lost? Traceroute - Am I lost?

Traceroute - Am I lost?

This week for Understanding Networks we needed to run a serious of traceroutes from various sources (local terminal, raspi, phone hotspot etc) and analyze the patterns we found.

The sites I decided to traceroute were sites I visit often but also some further away to try to produce more interesting routes.

Traceroute sites:

  • google.com
  • itp.nyu.edu / nyu.edu
  • jakesherwood.com
  • p5js.org
  • thrashermagazine.com
  • kakao.com
  • bbc.uk.co

Analysis Synopsis
The internet is mysterious and this process made me even more in awe that it works, mostly smoothly.

Oddly the majority of my traceroutes ended in a long line of *** hops. Which made full analysis some what difficult. See full traceroute text file here.

I used a number of tools

Tools used:

  • cmd line traceroute (local, local pi, phone hotspot, local from nyu vpn)
  • traceroute-mapper
  • traceroute.py
  • map-maker
  • point plotter
  • whatismyipaddress.com
  • arin.net

All of which are linked below.

Quickthoughts traceroutes on my laptop are slow when they get no responses. Traceroutes from my pi are much quicker. Probably due to being hardwired. Traceroutes from my phone hotspot result in different routes, but also the final hop is usually different.

As mentioned above the majority of my traceroutes ended in *** or no response hops. Only a few fully completed.

Most of them went through 68.173.202.128 which is a Road Runner / Charter / Spectrum IP. Which makes sense as that is my ISP.

I thought it was odd that I couldn’t get a completed traceroute to my site or to nyu.edu. So I tried to use the nyu vpn to see if it was any different. The results were the same and actually got to no response hops much quicker from within the nyu vpn.

From local pi:

traceroute to nyu.edu (216.165.47.10), 30 hops max, 60 byte packets
1  testwifi.here (192.168.86.1)  0.458 ms  0.341 ms  0.521 ms
2  * * *
3  be60.nydbny7002h.nyc.rr.com (68.173.202.130)  14.377 ms  14.395 ms  12.830 ms
4  agg111.nyquny9101r.nyc.rr.com (68.173.198.106)  17.253 ms  13.366 ms  13.265 ms
5  bu-ether15.nycmny837aw-bcr00.tbone.rr.com (66.109.6.76)  17.350 ms bu-ether25.nycmny837aw-bcr00.tbone.rr.com (107.14.19.22)  28.428 ms  19.917 ms
6  66.109.5.139 (66.109.5.139)  15.002 ms bu-ether11.nwrknjmd67w-bcr00.tbone.rr.com (66.109.6.26)  27.017 ms  24.532 ms
7  * * *
8  ae-2-3601.ear3.NewYork1.Level3.net (4.69.150.206)  15.484 ms  14.750 ms *
9  NEW-YORK-UN.ear3.NewYork1.Level3.net (4.28.130.118)  13.676 ms  11.689 ms  11.559 ms
10  dmzgwb-p2p-extgwc.net.nyu.edu (128.122.254.75)  16.445 ms  17.318 ms  16.455 ms
11  nyugwa-ptp-dmzgwb-vl3082.net.nyu.edu (128.122.254.110)  15.767 ms  15.863 ms  15.698 ms
12  nyufw-outside-ngfw-vl3080.net.nyu.edu (128.122.254.116)  16.405 ms  16.467 ms  15.650 ms
13  * * *
14  * * *
15  * * *

From local cmd line in nyu vpn:

traceroute to nyu.edu (216.165.47.10), 64 hops max, 52 byte packets
1  dmzgwa-200-dmz.net.nyu.edu (192.168.184.66)  63.058 ms  33.314 ms  57.313 ms
2  nyugwa-ptp-dmzgwa-vl3081.net.nyu.edu (128.122.254.108)  97.728 ms  156.268 ms  24.652 ms
3  nyufw-outside-ngfw-vl3080.net.nyu.edu (128.122.254.116)  157.307 ms  152.429 ms  30.215 ms
4  nyugwa-vl1500.net.nyu.edu (192.168.184.226)  157.361 ms  23.554 ms *
5  * wsqdcgwa-vl902.net.nyu.edu (128.122.1.38)  25.366 ms  23.224 ms
6  * * *
7  * * *

I also used arin.net to get more details regarding the IPs. I found not surprisingly a number of spectrum and google IPs in most of my routes.

Analysis Rabbit Hole
I did find some fun tools along the way.

I found this python script that will analyze a traceroute and return json data that is a little more readable than the typical traceroute results. The –ip= arg works with both IP or domain name.

I did find I had to run it with python (python2) not python3 due to lib changes

python traceroute.py --ip=nyu.edu
python traceroute.py --ip=216.165.47.10

It shows you host, longitude, latitude, rtt (round trip time), hop_num, and the hop IP.

{
    "hostname": "core-87-router",
    "longitude": -97.822,
    "rtt": "0.842 ms",
    "hop_num": 1,
    "latitude": 37.751,
    "ip_address": "128.112.128.2"
},
{
    "hostname": "rtr-border-hpcrc-router.princeton.edu",
    "longitude": -74.7632,
    "rtt": "1.537 ms",
    "hop_num": 2,
    "latitude": 40.2514,
    "ip_address": "128.112.12.110"
},

I kinda went down a rabbit hole, I know again…, after this and with the help of this thread wrote my own little python script to parse out only the long / lat values so I could plot them on a map with this plotter.

Python script for parsing long lat:

import json
import argparse

parser = argparse.ArgumentParser(description='parson json file for longitude latitude')

parser.add_argument('input_file', help='json file to parse')
parser.add_argument('output_file', help='json file to write to')

args = parser.parse_args()

myInput = args.input_file
myOutput = args.output_file

input_file=open(myInput, 'r')
output_file=open(myOutput, 'w')

json_decode=json.load(input_file)

result = []
latlong_result = []
latlong_rev_result = []
for item in json_decode:
	my_dict={}
	my_dict['longitude']=item.get('longitude')
	my_dict['latitude']=item.get('latitude')
	mylist = list(my_dict.values())
	print (*mylist, sep=',')

	result.append(my_dict)

back_json=json.dumps(result)

output_file.write(back_json)
output_file.close()

I made it so I could pass input and output args, but I am mostly using just the printed values in terminal. I guess I could pipe / redirecet “>” these into a file instead or adjust the script to just write those instead of another json file. Once I had all my traceroutes I wanted to plot, I did end up appending “»” to a single longlat.txt file I used for plotting.

WIth all that sorted out I also redirected the traceroute.py results to my json files, with a simple shellscript, to use with my parse script.

I Tried going into the inspector and making some adjustments to make the map look a bit better.

point plotter map

That didn’t quite give me the feeling I wanted so I also tried this map maker tool. That tool of course wanted them in the reverse order lat, long but also allowed me to plot them on google maps. And custom color the dropped pins. So I of course made another python script to reverse the order and add a random hex color code.

import json
import argparse

import random
color = "%06x" % random.randint(0, 0xFFFFFF)

parser = argparse.ArgumentParser(description='parson json file for longitude latitude')

parser.add_argument('input_file', help='json file to parse')
parser.add_argument('output_file', help='json file to write to')

args = parser.parse_args()

myInput = args.input_file
myOutput = args.output_file

input_file=open(myInput, 'r')
output_file=open(myOutput, 'w')

json_decode=json.load(input_file)

result = []
latlong_result = []
latlong_rev_result = []
for item in json_decode:
    my_dict={}
    my_dict['latitude']=item.get('latitude')
    my_dict['longitude']=item.get('longitude')
    my_dict['color']=color
    mylist = list(my_dict.values())
    print (*mylist, sep=',')

    result.append(my_dict)

back_json=json.dumps(result)

output_file.write(back_json)
output_file.close()

I guess I could make this one script and just change the order and add color with args. I’ll probably do that at some point.

But after further analysis, I realize that this data seemed a bit off. There were a LARGE number of of these values -97.822,37.751, which lo and behold is Cherry Reservoir. Looking on the traceroute.py github repo there were no issues about this but the IP ranges associated didn’t show up in my actual cmd line traceroutes. There were also a number of IPs with that longitude and latitude so they must just not have specific geo data associated with them. However looking a few of them up on whatismyipaddress.com gives me a more realistic geo location. So who knows?

Cherry Reservoir

So while fun to use and made me mess around with python a bit more. I don’t think the data 100% reliable.

I also used the traceroute mapper tool we looked at in class. It was giving me some odd results and I think all the blanked out hops weren’t helping. I also added it to my bash.profile so I could just run it cmd line.

Here are some of the maps it produced:

Traceroute-mapper maps

thrashermagazine.com This one seemed somewhat correct and the actual traceroute did return almost full results, but the mapper appeared like it just started on the #4 hop? thrashermagazine_com traceroute-mapper image

bbc.co.uk This one was very odd. Just plotted one point smack dab in the middle of the US. Traceroute cmd actually made it to hop #6 (a charter exchange) before going silent in the *** hops. If I took the traceroute from the terminal and paste it into traacroute-mapper instead of running the mapper cmdline I get a little better results. bbc.co.uk traceroute-mapper image

nyu.edu Again oddness in what was plotted. nyu.edu traceroute-mapper image

kakao.com This one was mostly for fun. I just wanted a longer geographic distance to map. kakao.com traceroute-mapper image

Final Thoughts
The internet is still mysterious and you get what you paid for. After this process I am not sure I know more or less about where I am in the interwebs. Which is why I titled this post - “Am I lost.”

categories: understandingnetworks

join me on this crazy ride. enter your email:

contact [at] jakesherwood [dot] com

contact me if you'd like to work together