1. Home
  2. Networking Firewalls
  3. First line in Tracert question

First line in Tracert question

Hello,

I have a question about the first line in tracert.

We just had some network guys come in and set up a new network and firewall. Things suddenly got a lot slower accessing the internet. In every tracert, the first line times out.

Is this a DNS problem? Like is it trying to resolve using the local domain server first, then giving up and trying the ISP's?

Here's an example:

tracert
formatting link

Tracing route to

formatting link
[209.131.36.158] over a maximum of 30 hops:

1 * * * Request timed out. 2 18 ms 30 ms 15 ms rd1bb-ge5-0-0-21.vc.shawcable.net [64.59.159.242] 3 8 ms 18 ms 12 ms rc1bb-ge5-0-0.vc.shawcable.net [66.163.69.105] 4 12 ms 12 ms 15 ms rc1wt-pos4-0-0.wa.shawcable.net [66.163.76.126] 5 12 ms 14 ms 11 ms six.yahoo.com [198.32.180.98] 6 13 ms 12 ms 14 ms ge-0-2-0.pat2.swp.yahoo.com [216.115.110.33] 7 18 ms 19 ms 14 ms UNKNOWN-216-115-110-39.yahoo.com [216.115.110.39] 8 34 ms 33 ms 40 ms so-3-0-0.pat1.sjc.yahoo.com [216.115.110.36] 9 43 ms 34 ms 37 ms g-0-0-0-p170.msr2.sp1.yahoo.com [216.115.107.81] 10 32 ms 36 ms 34 ms te-9-1.bas-a1.sp1.yahoo.com [209.131.32.23] 11 38 ms 33 ms 35 ms f1.www.vip.sp1.yahoo.com [209.131.36.158]
Reply to
Swiftly Z
Loading thread data ...

Well...usually the first hop is your gateway...which in most cases is

192.168.0.1 or 192.168.1.1...depending on the brand you bought. Usually when you get * * * , I can't think exactly what it is...but I want to say the router's/firewall's setting disables ping requests. This helps enables better security but I don't see how it would slow you down. Now the more security you get and the more features you enable...the more time it takes for traffic to come in and out of your router/firewall. Your DNS is fine because DNS is the domain name service. If DNS was not working properly...when you type in the command "tracert
formatting link
" you would get an error because the DNS would not know where to go...it would only go by the IP address. I hope this helps.
Reply to
jonasturner

Your first hop (most likely your router) is denying ICMP

You can also disable name looksup in tracert with a -d flag.

Reply to
AMR

This is normal with some gateway devices and unrelated to your slowdown. It means specifically that the firewall is not replying to ICMP echo (colloquially "ping") requests (if you did this from Windows), or is not sending ICMP "time exceeded" or "host unreachable" replies if you sent it from a Linux box. Traceroute and tracert work a little differently between platforms.

Reply to
Todd H.

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.