Skip to content

How to troubleshoot network traffic block?

In any network, if you want to start to troubleshoot, get the source/destination/port details from the requester/user/client/customer those are the base to start your troubleshooting.

Once you have those details ask them to share the tracert (windows) from the cmd prompt, traceroute/tracepath (Unix/Linux). So you have a fair idea of the network.

This is how the traceroute looks in windows  & Unix/Linux respectively.

C:\Users\netcybrsecurity> tracert www.google.com

Tracing route to www.google.com [142.250.183.132]
over a maximum of 30 hops:

1 1 ms 1 ms 1 ms 192.168.29.1
2 5 ms 2 ms 3 ms 10.4.240.1
3 9 ms 7 ms 8 ms 172.16.25.9
4 13 ms 12 ms 9 ms 192.168.103.52
5 22 ms 18 ms 18 ms 172.26.108.133
6 9 ms 7 ms 8 ms 172.26.108.146
7 7 ms 7 ms 12 ms 192.168.38.92
8 18 ms 17 ms 17 ms 192.168.38.93
9 28 ms 26 ms 28 ms 172.16.4.152
10 26 ms 28 ms 24 ms 172.16.4.152
11 18 ms 17 ms 18 ms 142.250.165.42
12 25 ms 23 ms 22 ms 216.239.47.175
13 18 ms 17 ms 17 ms 142.250.214.111
14 22 ms 21 ms 21 ms bom07s31-in-f4.1e100.net [142.250.183.132]

Trace complete.
netcybrsecurity@User-linux:~$ traceroute www.google.com
traceroute to www.google.com (142.250.183.132), 64 hops max
1 172.25.192.1 0.002ms 0.164ms 0.211ms
2 192.168.29.1 1.270ms 1.006ms 0.999ms
3 10.4.240.1 6.748ms 4.919ms 4.552ms
4 172.16.25.113 10.136ms 9.578ms 9.068ms
5 192.168.103.54 19.718ms 192.168.103.52 15.237ms 18.872ms
6 172.26.108.133 15.307ms 13.959ms 14.170ms
7 172.26.108.146 14.653ms 14.170ms 192.168.38.92 18.276ms
8 192.168.38.96 11.645ms 9.066ms 192.168.38.97 10.303ms
9 192.168.38.95 12.271ms 14.133ms 172.16.92.145 21.541ms
10 172.16.4.152 30.471ms 32.881ms 142.250.165.42 26.592ms
11 172.16.4.154 26.011ms 23.452ms 142.250.165.42 21.647ms
12 * * 209.85.248.60 23.928ms
13 * * 108.170.248.177 27.712ms
14 142.250.228.48 22.895ms 24.184ms 142.250.214.111 20.947ms
15 142.250.214.111 21.122ms 18.925ms 142.250.183.132 20.588ms

Then try to understand the network and see if there is only one firewall or multiple firewalls in the path base on that you will have to allow the source/destination/port details.

Once you understand the network traceroute/tracert, login to each hop and identify if there is any ACL(Access Control List) / Any Prefix (in routing protocol) which might be blocking any specific IP or subnet in the network.

If there is a firewall in the path check for logging on the firewall, when it comes to firewall there are multiple reasons why the traffic is blocking.
1. If the firewall is handling multiple blades/features it could be IPS.
2. Due to Asymmetric Routing in the network.
3. Most common, due to lack of firewall ACL/policy.

There is one more important factor which is proxy. Make sure the specific traffic is not traversing through any proxy (This scenario depends based on the company’s infrastructure)

Feel free to ask any question in the comments I can try to answer of my best knowledge.

Leave a Reply

Your email address will not be published.