RE: traceroute-like tool for UDP or TCP packet
From: Meidinger Chris (chris.meidinger_at_badenit.de)
Date: 08/22/03
- Previous message: malik malik: "System Hacked"
- Maybe in reply to: Brian Austin: "RE: traceroute-like tool for UDP or TCP packet"
- Next in thread: David Gillett: "RE: traceroute-like tool for UDP or TCP packet"
- Reply: David Gillett: "RE: traceroute-like tool for UDP or TCP packet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'gillettdavid@fhda.edu'" <gillettdavid@fhda.edu>, 'Edward Rustin' <ed@well.com>, 'some guy' <someguy_555@hotmail.com>, 'Kent James' <kent1@caspia.com>, 'Ranjeet Shetye' <ranjeet.shetye2@zultys.com> Date: Fri, 22 Aug 2003 11:36:11 +0100
To clear the last bit up:
there is no UDP echo-request packet except (and this is a stretch) against
the echo small server which is rarely running.
Linux traceroute sends UDP packets against high ports above 33000 and counts
the ICMP Host-Unreachables then pings (Echo-Request) at the end to confirm
the ICMP Port-Unreachable.
Windows tracert uses ICMP Echo-Request and counts ICMP Unreachables until it
gets an Echo-Reply
Both increment the TTL to enumerate the next host on hand of the reply
packet, whichever is being looked for.
ICMP is a seperate protocol and not part of UDP (as already mentioned)
badenIT GmbH
System Support
Chris Meidinger
Tullastrasse 70
79108 Freiburg
-----Original Message-----
From: David Gillett [mailto:gillettdavid@fhda.edu]
Sent: Friday, August 22, 2003 1:08 AM
To: 'Edward Rustin'; 'some guy'
Cc: security-basics@securityfocus.com
Subject: RE: traceroute-like tool for UDP or TCP packet
> > Linux uses UDP packets to traceroute, not ICMP packets like
> > windows does.
>
> Not really.... an ICMP packet is a type of UDP packet.
Nope. ICMP and UDP are different protocols on top of IP.
> Basicly traceroute works by sending a series of ICMP ECHO
> requests with increacing TTLs (time to live - how many hops
> the packet can travel before it dies and aPacket
> Timeout error is sent).
What kind of packet traceroute sends depends on what the
author chose to use. The two most common are UDP echo-request
and ICMP echo-request, because the target host should reply
with a UDP echo or ICMP echo (respectively) instead of the
ICMP time-exceeded which intermediate routers will send when
TTL expires.
> A ping is also just a ICMP ECHO message, just with
> a defualt TTL, rather than a series of increasing TTLs.
ICMP echo-request, actually; ICMP echo is the answer coming
back.
David Gillett
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: malik malik: "System Hacked"
- Maybe in reply to: Brian Austin: "RE: traceroute-like tool for UDP or TCP packet"
- Next in thread: David Gillett: "RE: traceroute-like tool for UDP or TCP packet"
- Reply: David Gillett: "RE: traceroute-like tool for UDP or TCP packet"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
