i have run all these commands below to try to figure out third hop in my trace route , not being lucky to find ip , please advice , also for your consideration my ISP is Du in Dubai, UAE , how to find ip for third hop , is there a way ?
mtr -U google.com
acir.local (192.168.1.116) -> google.com (142.250.181.46) 2023-06-05T11:23:01+0400
Keys: Help Display mode Restart statistics Order of fields quit
ckets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 58.3% 85 7013. 1920. 3.7 7013. 1756.
2. 192.168.70.1 58.3% 85 11016 3722. 8.4 11016 2709.
3. (waiting for reply)
4. 10.142.57.141 61.9% 85 18026 8417. 1005. 18026 3744.
10.100.136.34
10.100.137.77
5. 10.100.137.86 61.9% 85 21027 8699. 2006. 21027 4079.
6. (waiting for reply)
7. 10.100.144.9 63.1% 85 25031 14662 5008. 25031 4846.
10.17.40.109
10.254.41.249
10.254.41.253
8. (waiting for reply)
9. 172.253.51.55 67.9% 85 17027 11569 4007. 18016 3643.
172.253.51.205
10. 142.251.50.213 67.9% 85 20028 12237 3006. 20028 3738.
142.251.50.211
11. fjr04s06-in-f14.1e100.net 58.3% 85 40049 19937 10011 40049 7010.```
traceroute google.com this's usually happens in traceroute
1 192.168.1.1 (192.168.1.1) 5.263 ms 1.096 ms 3.895 ms
2 192.168.70.1 (192.168.70.1) 2.022 ms 1.532 ms 1.455 ms
3 * * *
4 10.142.57.141 (10.142.57.141) 4.724 ms
10.100.136.34 (10.100.136.34) 8.350 ms
10.100.137.77 (10.100.137.77) 4.721 ms
5 10.100.137.86 (10.100.137.86) 5.127 ms 4.964 ms 4.957 ms
6 10.17.40.109 (10.17.40.109) 15.318 ms
10.254.41.253 (10.254.41.253) 11.774 ms 8.695 ms
7 10.17.40.109 (10.17.40.109) 12.398 ms
10.254.41.253 (10.254.41.253) 9.982 ms
10.254.41.249 (10.254.41.249) 11.794 ms
8 * * *
9 * * *
10 74.125.253.226 (74.125.253.226) 11.832 ms
216.239.59.2 (216.239.59.2) 8.613 ms
142.251.51.58 (142.251.51.58) 11.218 ms
11 142.251.50.213 (142.251.50.213) 10.323 ms 8.705 ms 8.545 ms
12 fjr04s06-in-f14.1e100.net (142.250.181.46) 7.684 ms 8.139 ms 6.810 ms
sudo hping -S -T -p 443 --fast facebook.com however in hping always resolve in 433 and 80
HPING facebook.com (en0 157.240.7.35): S set, 40 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=192.168.1.1 name=UNKNOWN
hop=1 hoprtt=4.1 ms
hop=2 TTL 0 during transit from ip=192.168.70.1 name=UNKNOWN
hop=2 hoprtt=2.0 ms
4: hop=4 TTL 0 during transit from ip=10.100.137.77 name=UNKNOWN
hop=4 hoprtt=4.7 ms
hop=5 TTL 0 during transit from ip=10.100.137.86 name=UNKNOWN
hop=5 hoprtt=4.7 ms
hop=6 TTL 0 during transit from ip=10.229.200.106 name=UNKNOWN
hop=6 hoprtt=87.8 ms
hop=7 TTL 0 during transit from ip=157.240.84.166 name=ae3.pr04.sin1.tfbnw.net
hop=7 hoprtt=83.8 ms
hop=8 TTL 0 during transit from ip=129.134.55.112 name=po204.asw04.sin6.tfbnw.net
hop=8 hoprtt=82.4 ms
hop=9 TTL 0 during transit from ip=147.75.223.149 name=po218.psw04.sin6.tfbnw.net
hop=9 hoprtt=83.8 ms
hop=10 TTL 0 during transit from ip=147.75.223.143 name=po215.psw04.sin6.tfbnw.net
hop=10 hoprtt=117.1 ms
hop=11 TTL 0 during transit from ip=147.75.222.85 name=po244.psw01.sin6.tfbnw.net
hop=11 hoprtt=382.9 ms
hop=12 TTL 0 during transit from ip=157.240.38.137 name=UNKNOWN
hop=12 hoprtt=558.8 ms
hop=13 TTL 0 during transit from ip=157.240.38.197 name=UNKNOWN
hop=13 hoprtt=479.3 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=32 win=65535 rtt=204.2 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=33 win=65535 rtt=102.2 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=34 win=65535 rtt=85.1 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=35 win=65535 rtt=82.3 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=36 win=65535 rtt=81.7 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=37 win=65535 rtt=83.3 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=38 win=65535 rtt=83.0 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=39 win=65535 rtt=85.9 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=40 win=65535 rtt=83.1 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=41 win=65535 rtt=90.1 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=42 win=65535 rtt=84.8 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=32 win=65535 rtt=1138.2 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=43 win=65535 rtt=81.9 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=33 win=65535 rtt=1120.3 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=44 win=65535 rtt=81.7 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=34 win=65535 rtt=1146.1 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=35 win=65535 rtt=1098.6 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=45 win=65535 rtt=83.7 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=46 win=65535 rtt=82.2 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=36 win=65535 rtt=1113.7 ms
len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=47 win=65535 rtt=84.9 ms
DUP! len=44 ip=157.240.7.35 ttl=85 DF id=0 sport=443 flags=SA seq=37 win=65535 rtt=1111.3 ms
^C
--- facebook.com hping statistic ---
49 packets tramitted, 35 packets received, 29% packet loss
round-trip min/avg/max = 2.0/297.1/1146.1 ms
sudo MTR -U google.com
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 0.0% 26 1.0 1.6 1.0 6.2 1.2
2. 192.168.70.1 0.0% 26 1.6 2.0 1.6 4.9 0.7
3. (waiting for reply)
4. 10.100.137.77 0.0% 26 4.4 5.2 4.3 8.1 1.1
5. 10.100.137.86 0.0% 26 4.9 5.2 4.3 7.7 0.9
6. 10.17.40.109 0.0% 25 10.5 11.1 8.0 13.5 1.5
7. 10.17.40.109 0.0% 25 11.3 9.4 7.3 12.7 1.5
8. (waiting for reply)
9. 172.253.51.205 0.0% 25 9.2 9.3 8.2 12.4 1.2
10. 142.251.50.213 0.0% 25 8.3 9.2 7.8 18.0 2.6
11. fjr04s06-in-f14.1e100.net 0.0% 25 6.4 6.8 6.0 8.9 0.7
sudo MTR -T google.com
here too usually MTR -T resolve this issue and cover hop ips that in ICMP are not responding
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 90.0% 51 8007. 3408. 7.7 8007. 3435.
2. 192.168.70.1 86.0% 51 7011. 3439. 2.9 8023. 2997.
3. (waiting for reply)
4. 10.142.57.141 84.0% 51 9013. 7765. 1002. 13027 4374.
10.100.137.77
10.100.136.34
5. 10.100.137.86 88.0% 51 10014 6347. 2003. 10023 3146.
6. (waiting for reply)
7. 10.17.40.109 84.0% 51 12015 9391. 3004. 14026 3549.
10.100.144.9
10.254.41.249
10.254.41.253
8. (waiting for reply)
9. 172.253.51.55 88.0% 51 11013 9182. 4003. 13025 3195.
172.253.51.205
10. 142.251.50.211 88.0% 51 13016 9349. 5003. 13016 3272.
142.251.50.213
11. fjr04s06-in-f14.1e100.net 79.6% 50 14037 16131 1007. 28
sudo hping -S -T -p 443 --fast facebook.com
here i got very weird result which being looped back which could be an MITM . he output in hop 3 being looped back could be a sign of a man-in-the-middle attack. A man-in-the-middle attack is a type of cyberattack where an attacker secretly relays and alters data between two parties who believe they are directly communicating with each other. In this case, the attacker would be able to see all of the traffic between your computer and Facebook, and they could potentially modify that traffic.
There are a few reasons why hop 3 being looped back could be a sign of a man-in-the-middle attack. First, it is unusual for traffic to be looped back to the same device. Second, the attacker could be using hop 3 to monitor your traffic and potentially modify it. Third, the attacker could be using hop 3 to inject malicious code into your computer.
HPING facebook.com (en0 157.240.7.35): S set, 40 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=192.168.1.1 name=UNKNOWN
hop=1 hoprtt=4.5 ms
hop=2 TTL 0 during transit from ip=192.168.70.1 name=UNKNOWN
hop=2 hoprtt=1.6 ms
hop=3 TTL 0 during transit from ip=192.168.1.1 name=UNKNOWN
hop=3 hoprtt=0.0 ms
hop=4 TTL 0 during transit from ip=192.168.70.1 name=UNKNOWN
hop=4 hoprtt=0.0 ms
hop=5 TTL 0 during transit from ip=10.100.137.86 name=UNKNOWN
hop=5 hoprtt=4.9 ms
hop=6 TTL 0 during transit from ip=10.44.24.222 name=UNKNOWN
hop=6 hoprtt=88.9 ms
hop=7 TTL 0 during transit from ip=157.240.84.166 name=ae3.pr04.sin1.tfbnw.net
hop=7 hoprtt=86.3 ms
hop=8 TTL 0 during transit from ip=129.134.55.112 name=po204.asw04.sin6.tfbnw.net
hop=8 hoprtt=82.8 ms
hop=9 TTL 0 during transit from ip=129.134.32.68 name=po204.asw01.sin6.tfbnw.net
hop=9 hoprtt=371.4 ms
hop=10 TTL 0 during transit from ip=129.134.55.112 name=po204.asw04.sin6.tfbnw.net
hop=10 hoprtt=751.9 ms
hop=11 TTL 0 during transit from ip=129.134.32.68 name=po204.asw01.sin6.tfbnw.net
hop=11 hoprtt=648.9 ms
hop=12 TTL 0 during transit from ip=129.134.64.3 name=po249.psw03.sin6.tfbnw.net
hop=12 hoprtt=420.4 ms
hop=13 TTL 0 during transit from ip=147.75.222.121 name=po232.psw02.sin6.tfbnw.net
hop=13 hoprtt=821.3 ms
hop=14 TTL 0 during transit from ip=147.75.222.87 name=po245.psw01.sin6.tfbnw.net
hop=14 hoprtt=1509.3 ms
hop=15 TTL 0 during transit from ip=147.75.223.43 name=po213.psw02.sin6.tfbnw.net
hop=15 hoprtt=1790.2 ms
hop=16 TTL 0 during transit from ip=147.75.223.133 name=po204.psw04.sin6.tfbnw.net
hop=16 hoprtt=2539.3 ms
traceroute facebook.com
traceroute to facebook.com (157.240.7.35), 64 hops max, 52 byte packets
1 192.168.1.1 (192.168.1.1) 2.805 ms 0.979 ms 0.934 ms
2 192.168.70.1 (192.168.70.1) 2.248 ms 1.468 ms 1.346 ms
3 * * *
4 10.100.137.77 (10.100.137.77) 6.416 ms 5.391 ms
10.100.136.34 (10.100.136.34) 7.631 ms
5 10.100.137.86 (10.100.137.86) 12.224 ms 5.062 ms 5.500 ms
6 10.229.200.106 (10.229.200.106) 84.257 ms 84.369 ms
10.44.24.222 (10.44.24.222) 90.128 ms
7 ae3.pr04.sin1.tfbnw.net (157.240.84.166) 83.489 ms 83.532 ms 96.837 ms
8 po204.asw02.sin6.tfbnw.net (129.134.34.240) 85.552 ms
po204.asw03.sin6.tfbnw.net (129.134.55.108) 83.548 ms
po204.asw01.sin6.tfbnw.net (129.134.32.68) 84.732 ms
9 po244.psw02.sin6.tfbnw.net (147.75.222.133) 82.941 ms
po290.psw02.sin6.tfbnw.net (129.134.64.1) 82.726 ms
po273.psw03.sin6.tfbnw.net (129.134.64.27) 85.824 ms
10 157.240.38.253 (157.240.38.253) 83.075 ms
157.240.38.225 (157.240.38.225) 83.698 ms
173.252.67.3 (173.252.67.3) 86.283 ms
11 edge-star-mini-shv-01-sin6.facebook.com (157.240.7.35) 83.576 ms 83.417 ms 83.534 ms