60

When I do:

  $ traceroute 8.8.8.8

I get in the output showing only stars, even though pinging to google.com ( 8.8.8.8) appears to be working.

  1. What do I need to fix in my files/conf in order to solve this issue?
  2. what I need to check?

Ping command output

    $ ping 8.8.8.8
    PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
    64 bytes from 8.8.8.8: icmp_seq=1 ttl=46 time=73.4 ms
    64 bytes from 8.8.8.8: icmp_seq=2 ttl=46 time=69.6 ms

traceroute command output

 $ traceroute 8.8.8.8
 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
 1  * * *
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  * * *
 8  * * *
 9  * * *
 10  * * *
 11  * * *
 12  * * *
 13  * * *
  14  * * *
 15  * * *
 16  * * *
 17  * * *
 18  * * *
 19  * * *
 20  * * *
 21  * * *
 22  * * *
 23  * * *
 24  * * *
 25  * * *
 26  * * *
 27  * * *
 28  * * *
 29  * * *
 30  * * *
Rui F Ribeiro
  • 55,929
  • 26
  • 146
  • 227
  • This is usually specific to the local network you're connected to but you might want to check your firewall and/or try with a disabled local firewall. – Pavel Šimerda Apr 28 '14 at 23:31
  • is it posible to make a deep verification from my linux machine ? ( by linux commands ) in order to understand the problem -- please help –  Apr 28 '14 at 23:52
  • @Eytan, please see the updated answer. I have mentioned the configuration files that needs to be changed. – Ramesh Apr 28 '14 at 23:54
  • hi the configuration are the same on both machines , the machines are the same , so what next , what I need to check? –  Apr 29 '14 at 08:17
  • i can't even traceroute to localhost, how strange – Dee Oct 24 '18 at 06:39
  • The stars disappeared when I disabled my firewall with `iptables -F`. It is due to my firewall configuration blocking everything not going through my VPN and I just wanted to traceroute an IP address that I allowed to bypass VPN with route and iptables commands. – baptx Nov 16 '19 at 09:28

3 Answers3

59

I found that traceroute -I gave me more complete results.

-I, --icmp
      Use ICMP ECHO for probes
wrgrs
  • 917
  • 1
  • 7
  • 11
27

The asterisks you're seeing are servers that your packets are being routed through whom are timing out (5.0+ seconds) and so traceroute defaults to printing the *.

NOTE: There's even a warning about this in the traceroute man page.

excerpt

In the modern network environment the traditional traceroute methods can not be always applicable, because of widespread use of firewalls. Such firewalls filter the "unlikely" UDP ports, or even ICMP echoes. To solve this, some additional tracerouting methods are implemented (including tcp), see LIST OF AVAILABLE METHODS below. Such methods try to use particular protocol and source/destination port, in order to bypass firewalls (to be seen by firewalls just as a start of allowed type of a network session).

Most firewalls block traffic outbound on ports other than TCP/80 which is the default IP port for web traffic. traceroute in Linux default use UDP, ping use ICMP, so as your output, it seems that ICMP packets are allowed in your firewall whereas UDP packets are blocked by the firewall.

You can see responses to my question titled: traceroute and ping from school network.

EDIT #1

As per the comments, if this is working in another RHEL machine and not working in this RHEL machine, I would suggest doing the below steps.

From the working RHEL machine (machine A), copy the /etc/sysconfig/iptables file. In the faulty RHEL machine (machine B), copy the original /etc/sysconfig/iptables file to something like /etc/sysconfig/iptables.original. 

$ cp /etc/sysconfig/iptables /etc/sysconfig/iptables.original

This step is just to ensure that if something goes wrong with our setting, we can revert back to the original. Now, copy the /etc/sysconfig/iptables from the machine A to machine B.

Community
  • 1
Ramesh
  • 38,687
  • 43
  • 140
  • 215
  • so the stars are a bad sign? - they indicate about problem ? –  Apr 28 '14 at 23:34
  • but if they block by the Firewall so I have problem - –  Apr 28 '14 at 23:37
  • but how to know if the problem in my linux machine / or maybe the problem is some external isshue? –  Apr 28 '14 at 23:38
  • this machine is in the network I have some other machine but the output on the other machine is diff ( not all stars ) –  Apr 28 '14 at 23:39
  • did you mean about the linux firewall ? or other firewall ? –  Apr 28 '14 at 23:43
  • so how you explain if some machine are ok and some othe rmachine in the smae network have bad results ( stars ) –  Apr 28 '14 at 23:43
  • no all machines are red-hat exepet one unbuntu machine ( all them are VM machine ) , not understand why some of them are ok and some of them get bad results from traceroute –  Apr 28 '14 at 23:46
  • hi again the file iptables is the same on both machine ( the good one have the same file as the faulty one ) –  Apr 29 '14 at 08:12
  • I believe both these machines might be forwarding the packets to some other machine and so in that machine it is possible that the packets from machine B is blocked. I suggest you to open another question with the `/etc/sysconfig/iptables` rules in the question which will help people debug the issue. – Ramesh Apr 29 '14 at 15:25
10

Either the machine you are running the tests from or your local gateway (router) is blocking UDP or ICMP. Make sure these are allowed in your firewall / NAT rule configuration.

unixdude
  • 101
  • 2