RE: traceroute-like tool for UDP or TCP packet

From: Brian Austin (baustin_at_ableinc.com)
Date: 08/22/03

  • Next message: David Gillett: "RE: traceroute-like tool for UDP or TCP packet" 
    Date: Thu, 21 Aug 2003 15:23:26 -0700
To: <security-basics@securityfocus.com>

    > -----Original Message-----
    > From: Edward Rustin [mailto:ed@well.com]
    > On Thu, 21 Aug 2003, some guy wrote:
    >
    > > Linux uses UDP packets to traceroute, not ICMP packets like windows
    > > does. Hope that helps, -Scott
    > >
    >
    > Not really.... an ICMP packet is a type of UDP packet.
    > Basicly traceroute
    > works by sending a series of ICMP ECHO requests with
    > increacing TTLs (time
    > to live - how many hops the packet can travel before it dies
    > and aPacket
    > Timeout error is sent). A ping is also just a ICMP ECHO
    > message, just with
    > a defualt TTL, rather than a series of increasing TTLs.

    Traceroute implementations vary across OS platforms. ICMP is used for
    Windows but not *nix OS's, usually. UDP is commonly used across
    Unix/Linux platforms. More here:
    http://www.freesoft.org/CIE/Topics/54.htm

    >
    > Make sure that the IS isn't blocking traffic coming back from
    > a port 53,
    > or too a port 53 (make sure both UDP and TCP is open since a large DNS
    > relpy (over 1500 bytes I =think=) will get replied to oever TCP
    >
    > Edward Rustin
    > Directory of Security, OnlineGuardians.org

    All DNS client requests/replies are UDP, regardless of size (they're
    rarely, if ever, big). DNS zone transfers, however, are TCP
    communications.

    BA

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: David Gillett: "RE: traceroute-like tool for UDP or TCP packet"

    Relevant Pages

    • Re: Traceroute anomaly
      ... Hm - checking back on previous exchanges I have had over traceroute I ... I'm sorry I "muddied the water" with RFC 1393 and the IP "route ... Do remember that I said I used to teach ICMP and what seems to have ... generated when the packet which might give rise to the ICMP packet is ...
      (comp.dcom.sys.cisco)
    • Re: allowing icmp still doesnt allow traceroute
      ... >> 00600 allow icmp from any to any ... >> for ipfw, and i still get sendto Permission denied when ... >> I try to traceroute. ... You want to allow UDP packets in that above range ...
      (FreeBSD-Security)
    • Re: Traceroutes to Cisco Routers
      ... then it will response with a ICMP "udp port unreacheable" ... answer for the previous udp packet, the source IP address of this packet will be ... so the router will use the destination IP adress in the ... Performing the trace with udp packets, ...
      (Pen-Test)
    • RE: traceroute-like tool for UDP or TCP packet
      ... an ICMP packet is a type of UDP packet. ... What kind of packet traceroute sends depends on what the ...
      (Security-Basics)
    • Re: Blocked incoming ICMP, getting outgoing ICMP [3] Destination Unreachable
      ... It sends UDP packets with a very small TTL and waits until the ICMP ... would argue that ICMP echo is the proper protocol for a traceroute ...
      (comp.security.firewalls)