Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, June 13, 2019 3:55 PM
Hello everyone,
I am trying to find the path travelled by the traffic from Azure VM to my on premise newtork. BUt i realized i cant tracert or traceroute from Azure Windows and Linux VMs respectively.
Is there any way i can do that?
All replies (9)
Monday, June 17, 2019 4:56 AM ✅Answered
Hi Madan,
When packet enters Azure Network, it gets blocked at few hops.
As mentioned in the blog: "it blocks some part of the route, maybe when it hits the datacenter."
With the hops which you have till DC, you should be able to optimize the network. There is nothing much that we can do to get the hops within Data Center as of today.
Regards,
Msrini
Thursday, June 13, 2019 7:18 PM
Hi,
ICMP is not the recommended way to test your connectivity in Azure. It gets blocked in Azure network and you can see packets outside of Azure networks.
I would recommended to test your connectivity / tracert path by using tracetcp which is a tool which works on layer 4.
Link: https://github.com/0xcafed00d/tracetcp/releases
Regards,
Msrini
Friday, June 14, 2019 7:17 AM
Hi Msrini,
I tried tracetcp but while trying this form my Azure VM to outside i get something like this:
C:\tracetcp_v1.0.3>tracetcp apple.com
Tracing route to 17.172.224.47 [carbontest.com] on port 80
Over a maximum of 30 hops.
1 * * * Request timed out.
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 *
Friday, June 14, 2019 8:00 AM
Hi,
Here is an interesting blog which explains why Tracert won't work in Azure VM and also provided an work around.
https://blogs.msdn.microsoft.com/gsamant/2015/02/16/ping-and-tracert-commands-on-azure-vm/
Can you try this and let me know the results ?
Regards,
Msrini
Friday, June 14, 2019 8:49 AM
I get this using nmap.
My target is to find the hops ip travelled by the traffic form azure Vms to my dataceter.
C:\Users\madan>nmap -sS -p 443 -Pn --traceroute microsoft.com
Starting Nmap 7.70 ( https://nmap.org ) at 2019-06-14 08:40 Coordinated Universal Time
Nmap scan report for microsoft.com (13.77.161.179)
Host is up (0.18s latency).
Other addresses for microsoft.com (not scanned): 40.76.4.15 40.112.72.205 40.113.200.201 104.215.148.63
PORT STATE SERVICE
443/tcp open https
TRACEROUTE (using port 443/tcp)
HOP RTT ADDRESS
1 ... 25
26 151.00 ms 13.77.161.179
Nmap done: 1 IP address (1 host up) scanned in 9.69 seconds
Friday, June 14, 2019 11:41 AM
Hi,
This is the expected output when you use NMAP.
Can you let me know what exactly you are looking for so that I can help you ?
Regards,
Msrini
Monday, June 17, 2019 4:44 AM
Hi Msrini,
For network optimization, i wanted to know the ips of the hops traveled by the traffic from azure to my on premise network.
This request has been made my the ISP of our customer. They do have the route from on premise to azure but they dont have the vice versa route.
Monday, June 17, 2019 6:44 AM
Thanks fo the reply.
Wednesday, June 19, 2019 9:10 AM
Hi,
Just checking in if you have had a chance to see the previous response. If this answers your query, do click “Mark as Answer” ,so that others in the community who are looking for similar question, can benefit from it.
Regards,
Msrini