Internet gurus - help. Timeout in traceroute


Colonel Panic
I've got a Mac Mini server providing a web site and VPN via the internet. I've got all the needed ports forwarded on my cable modem and most of the time it all works beautifully.

Then every once in a while nobody can connect, even though the server seems to be running fine - and it (the server) can access the web with ease.

Invariably when this happens, I do a trace route from outside and see something like this:

Hop	(ms)	(ms)	(ms)	 IP Address	Host name
1        0       0       0 
2        0       0       0 
3        0       1       0 
4        25     31      31 
5        29     31      31 
6        35     35      36 
7        36     35      42 
8        39     39      39 
9        42    104      41 
10       42     42      42 
11       43     43      43 
12    Timed out Timed out  Timed out - 
13       62     52      51       my.home.IP.censored 

Trace Complete
Note that hop 12 says "Timed out".

I'm assuming this means that some router that is a necessary part of the access path to my server is not doing it's job. Am I right??

Is the problem node the one before the timeout? After? Or is the address of the problem node not shown?

Is there anything I could do differently on my end to prevent this?
Are there any magic words I might use with my ISP (TimeWarner/Roadrunner naturally) that will convince them that power-cycling my blasted cable modem isn't the way to fix this??!?!

Please help. :(
Last edited:


In Geostationary Orbit
The timeout could be a firewall. You will have to trace down the IP to see what it is. Time to play network detective (you now know what I have to do at work from time to time).

PS- The offending device also could have ICMP turned off.


Colonel Panic
Thanks for the input.

I don't really know what I can do as far as sleuthing out the offending device - they're all Time Warner's routers, and it's practically impossible even to get someone on the phone who knows what the hell they're talking about.


In Geostationary Orbit
Well the device is AFTER the server:
So it most likely after a firewall that only allows Port 80 (internet) plus SSL port (port 443) and blocks name lookup (ICMP requests).