networking - How does a packet reach its destination?
2014-04
Friend of Kim
Inside a router network it's easy to route all the packages. The router knows all the clients. However, on the internet, there are so many IP addresses.
I send a packet from my computer to the IP 1.2.3.4. It reaches the router. It checks it against its rules and sees that this isn't on the local network. Then it routes it through the Ethernet port. What happens next? Then it reaches the server, and the server sends a packet in return. Finally it reaches the router. How does the router know which computer (mine) to send it to?
Michael P
In a nut-shell, when a router doesn't know how to route a packet it'll send the packet to the default gateway/the next "hop".
Basically, when your router can't find a valid rules (or more formally, it's route table) it will send the packet to the default gateway, which will typically send it upstream to your ISP.
Once the packet arrives at your ISP's routers, much like your own router, they will have their own route tables. But this time they'll be more detailed. Knowing about other customers and other ISP's.
This will continue on until the final router that has the final destination rule attached to it, sending it onto the specific computer/Interface.
All along this way, the packet includes source information indicating where the original packet came from. Your router (likely, with NAT) would had converted this source information from your local machine's internal only IP address (e.g. 192.168.1.25) to your WAN IP address given to you by your ISP (e.g. 121.147.148.55) and this WAN IP will be what's contained within the packet's source information.
Thus, all the upstream routers can simply perform the same routing as above, but in reverse to send your packet back to you. However, once it reaches your router. Your router has it's own special rules to know that that certain packet should be forwarded back to your local machine with it's internal only IP address. This is called Network Address Translation.
David Z
For about a week I've been having trouble accessing a website I frequently visit from my laptop in my apartment. (The domain is http://www.irishgaelictranslator.com if it matters.) Symptoms are as follows:
- Whenever I try to access the site normally (i.e. in a browser) the connection times out.
- Trying to resolve the site name on DNS using
dig +showsearch +trace www.irishgaelictranslator.comends with the message "connection timed out; no servers could be reached".digis able to retrieve the NS records for the domain, which specify the nameserversns1.irish-sayings.com.(207.58.181.154) andns2.irish-sayings.com.(207.58.181.155). It times out trying to connect to either of those servers. - The IP address for
www.irishgaelictranslator.comis 207.58.181.154, and attempts to ping that IP address are unsuccessful. The connection times out. - When running
traceroutethe trace reaches up tosc-smv1461.servint.net (209.50.237.172)(step 21) with no problems or delays, and then I get just* * *after that.
So far it just sounds like the server is down. But here's the weird thing: I have no problems accessing http://www.irishgaelictranslator.com from any other computer. I also have no problems accessing any other websites from my laptop. As far as I can tell, it's only the one particular combination of my laptop in my apartment and this one website that is causing problems. (I haven't tried taking my laptop elsewhere, but that's probably next on my list)
What sort of diagnostics can/should I run to try to figure out what's going on here? As mentioned, I've already tried ping, traceroute, and dig, and I've also fired up Wireshark during all three of these to see if it showed anything useful, but I haven't seen anything that signals a problem to me. (I'm not the greatest networking expert, I could be missing something) Is there anything else to do?
As the tags suggest, I primarily run Linux, but I do have Windows available to test with as well. (I have the same connectivity problems to the website when I'm running Windows, so it's not an operating-system-dependent problem.)
EDIT: The problem turned out to be that my IP address was blacklisted by the server's firewall. No idea how it got on the blacklist, but the site admin removed it and the connection works now. Anyway, even though my specific problem has been resolved, I'm still interested in any more suggestions as to tests I could have done to gather useful information.
William Hilsum
Have you tried another computer in your house on the same internet connection (1), or your laptop on a different internet connection (2)?
I had a friend with the same issue and when he tried (1), he had the same problem and could not work out why when he took his laptop to my house, he could access a website.
I emailed the site administrator, and it turns out that he had blocked the entire IP range because someone was giving him problems.
You never know, it may be worth a try!
It could explain why DNS can resolve, but no connectivity. (just tried pinging from here and it worked)
If you have tried (2), ignore the above and I will give it another think!
Until then, if you need it urgently, try using a proxy server and see if you have any luck,
edit -- as well as that, it could be your ISP blocking it. If they have any forums, you may want to take a look. I know that I was trying to diagnose a similar problem for a good 2 days for a client and it turned out that the site was incorrectly placed on the IWF list (good in principal, rubbish in implementation), and the ISP was simply dropping all packets to the site without any warning. It got removed after I kicked up a fuss, but got no apology or explanation.
nik
Firstly, the server is reachable from where I try.
$ ping 207.58.181.154 PING 207.58.181.154 (207.58.181.154): 56 data bytes 64 bytes from 207.58.181.154: icmp_seq=0 ttl=52 time=312 ms 64 bytes from 207.58.181.154: icmp_seq=1 ttl=52 time=296 ms 64 bytes from 207.58.181.154: icmp_seq=2 ttl=52 time=296 ms 64 bytes from 207.58.181.154: icmp_seq=3 ttl=52 time=296 ms 64 bytes from 207.58.181.154: icmp_seq=4 ttl=52 time=296 ms ----207.58.181.154 PING Statistics---- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip (ms) min/avg/max/med = 296/299/312/296
Was able to complete a traceroute in 9 hops.
[snip] 8 296 ms 296 ms 296 ms sc-smv1461.servint.net [209.50.237.172] 9 296 ms 296 ms 296 ms vps.irish-sayings.com [207.58.181.154]
The site seems to have recently (July 29) changed from 69.57.140.72 to 207.58.181.154.
- Can you try the following lookup?
dig @208.67.222.222 -x 207.58.181.154
- Since changing the OS on the same laptop reproduces the problem,
It is more likely to be on the network path beyond it.
Some curious questions:- Does your external IP address change across the Linux and Winodws boot?
- Do the other machines you use from the same point as your laptop have different IP addresses?
- Do you have broadband/dialup connection that gives you a different IP address each time you login?