What does this info tell you about this network?

ivrytwr3 · 9 Jul 2014 at 19:22

Can anyone tell me what the following info tells you about information gathered from an IP address? (176.249.221.14)

The results of the trace 100% packet loss.

‘whois’ - IP was blocked and the owner of IP block 176.249.221.0 could not be located.

Dig shows NXDOMAIN

But i could use the address to access a site and grab stuff with a ftp!

Ryan-3 · 9 Jul 2014 at 19:40

"BSkyB Broadband"

I'm guessing it's an IP owned by them, for generic customer use?

Caged · 9 Jul 2014 at 21:08

Dig shows NXDOMAIN

Code:

; <<>> DiG 9.8.3-P1 <<>> -x 176.249.221.14
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49968
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;14.221.249.176.in-addr.arpa.	IN	PTR

;; ANSWER SECTION:
14.221.249.176.in-addr.arpa. 600 IN	PTR	b0f9dd0e.bb.sky.com.

;; Query time: 37 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: Wed Jul  9 21:06:58 2014
;; MSG SIZE  rcvd: 78

ivrytwr3 · 9 Jul 2014 at 22:07

lol, the ip should not be alive now, it was generated purely for this exercise. But yes, i got that dig output too and have no idea what it means lol!!

Caged · 9 Jul 2014 at 22:55

I've no idea what you are asking, sorry.

asim18 · 10 Jul 2014 at 01:04

I think what he's asking is why is there 100% ICMP packet loss but can still access ftp hosted there at the same time?

ivrytwr3 said:
But i could use the address to access a site and grab stuff with a ftp!

The answer to that is, not all systems answer pings. Pings are a separate type of traffic known as ICMP, its not related to FTP traffic. Most home broadband routers will not answer ping requests by default. You can enable it in your router settings.

If you cant ping/traceroute somewhere it doesn't necessarily mean it's not alive. It could also mean it's just configured to ignore ICMP requests. For example you cant ping overclockers.co.uk but you can still connect to it by http http://overclockers.co.uk.

Caged · 10 Jul 2014 at 01:21

asim18 said:
I think what he's asking is why is there 100% ICMP packet loss but can still access ftp hosted there at the same time?

Right. It got lost somewhere in the steam-of-consciousness and the lols.

ivrytwr3 · 10 Jul 2014 at 05:34

ty Asim, i see now how i can access FTP, but not get a response from the ping.

What about the NXDOMAIN response? I read this means there is not a doman, but again, when the exercise was live i was able to enter the ip into the address bar and it took me to a web page.

PS Sorry for the lols.

Caged · 10 Jul 2014 at 07:59

The NXDOMAIN is because it looks like you tried to dig the IP, instead of doing a reverse lookup. The IP isn't a domain, hence NXDOMAIN.