traceroute/ping !H vs * (destination host unreachable)

raceroute -n 192.168.33.8
traceroute to 192.168.33.8 (194.134.33.8), 30 hops max, 60 byte packets
 1  192.168.199.1  0.128 ms  0.076 ms  0.086 ms
 2  192.168.161.122  0.391 ms  0.390 ms  0.280 ms
 3  192.168.161.114  0.283 ms  0.417 ms  0.407 ms
 4  192.168.161.191  0.571 ms  0.665 ms  0.757 ms
 5  192.168.100.4  0.747 ms  0.707 ms  0.381 ms
 6  192.168.96.4  0.848 ms  0.834 ms  0.563 ms
 7  192.168.96.4  3011.733 ms !H  3011.689 ms !H  3011.574 ms !H 
The simple difference is that for an unreachable host, the last hop router is returning an ICMP destination unreachable response.

• * means that your machine received no response.
• !H means that your machine received ICMP message "destination host unreachable" from the host indicated in the traceroute output.
• Rarely traceroute can indicate also other unreachable messages like !N or !P (network or protocol) etc.

A machine normally sends "destination host unreachable" when it cannot send the IP packet to the network. This could happen when:

• There is no route to the destination.
• The next-hop IP address or the final IP address cannot be resolved to an L2 address (there is no ARP reply for the IP address).

Routers can be configured to not to send the ICMP message but you can also get * instead of !H when your request was silently dropped by an ACL or firewall policy. In security policies silent drop is a normal practice.
The drop caused by a security policy depends on the type of message sent by traceroute. Traditional Unix traceroute by default sends UDP packets to "unusual" ports like 33434 but it can use other methods too. Windows tracert sends ICMP echo requests.

ASDM "this app can't run on your PC" - Windows 10

C:\Users\ivan.popov>ver
Microsoft Windows [Version 10.0.19041.329]
After installing the latest java and trying to start Cisco ASDM:







Solution: change target in shortcut (right-click - Properties - Target) to :
C:\Windows\System32\wscript.exe invisible.vbs run.bat