private address in traceroute results

All we need is an easy explanation of the problem, so here it is.

I SSH into a remote host and then use traceroute to check paths to , and I notice that there are some private IPs, like

    bash-4.0# traceroute -T
    traceroute to (, 30 hops max, 60 byte packets 
     1 (  1.103 ms  1.107 ms  1.097 ms
     2 (  1.535 ms  1.625 ms  2.172 ms
     3 (  6.891 ms  6.937 ms  6.927 ms
     4 (  1.544 ms  1.517 ms  1.518 ms
     5 (  2.993 ms  2.985 ms  2.976 ms

why there are private addresses near the host?

what are the purposes that these private addresses are used? I mean why they want to put the public IP behind private IPs?


How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

it seems like you are having a bit of a hard time getting what Frank Thomas is saying.

Simple Network

Assuming you are at host A. If you want to get to host D you need to go through both routers B and C. B and C, both have interfaces on the public network ( and respectively). However, their internal routing network is allocated by private space. That is, to route from B to C you have to go over a private network.
If you were to traceroute from A to D you would see something like this:

traceroute to (, 30 hops max, 60 byte packets 
 1 1.103 ms  1.107 ms  1.097 ms
 2  1.535 ms  1.625 ms  2.172 ms
 3  6.891 ms  6.937 ms  6.927 ms

Please note the times are irrelevant for this example.

So even though both sides of the network are public, router B has a route to D via C. Now, please understand – in the real world B probably also has a route which goes to the Internet. However, in this case D’s network had a better route (or in the technical parlance – a lower metric) on B via C. Therefore, you see the private network.

Why this happens depends on the specific network. I will hazard a guess. You seem to be on a University network. I say this based on the fact that your internal IP addresses had a DNS entry. Which have a univ in them. If this is indeed the case, you are now routing within a University – or intra-University. As a result, the best route from one University to another may in fact be an internal route instead of going out over the Internet. They may have a circuit that they ran themselves, or they might be using MPLS or Frame Relay to create a private circuit.

Hope that helps.

Method 2

Tracert works by sending packets addressed to the target host, but with a TTL set to the next expected hop count (eg its first packest are TTL=0, then TTL=1, etc). when TTL=0, the first router will return a ICMP TTL Exceeded message to the host using its own IP as sender, and drop the packet. That TTL Exceeded message is what tracert pays attention to when listing results.

So, if around hop 9, (the initial TTL=10), and the next hop toward the destination is through an internal network ( the router for that network notices that time to live is expired, and responds once again by sending an ICMP TTL Exceeded message to the host, using the sender IP Remember, both sides of a NAT router have a hop between them, so NAT networks do appear. Without knowing more about your specific circumstance, I cant tell you more, but ISPs and large organizations like universities use many many private networks internally.

By using this method, you can observe a path moving through private networks without actually being able to send to or receive directly from them.

More info here.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from or, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply