Security Basics mailing list archives
Re: traceroute-like tool for UDP or TCP packet
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: 21 Aug 2003 16:11:06 -0700
On Thu, 2003-08-21 at 16:00, Ranjeet Shetye wrote:
On Thu, 2003-08-21 at 09:36, Edward Rustin wrote:On Thu, 21 Aug 2003, some guy wrote:Linux uses UDP packets to traceroute, not ICMP packets like windows does. Hope that helps, -ScottNot really.... an ICMP packet is a type of UDP packet. Basicly traceroute works by sending a series of ICMP ECHO requests with increacing TTLs (time to live - how many hops the packet can travel before it dies and aPacket Timeout error is sent). A ping is also just a ICMP ECHO message, just with a defualt TTL, rather than a series of increasing TTLs.From: "Kent James" <kent1 () caspia com> To: <security-basics () securityfocus com> Subject: traceroute-like tool for UDP or TCP packets Date: Wed, 20 Aug 2003 22:30:21 +0500 One of the local ISPs is having trouble getting DNS information from Easydns. I suspect they have a misconfigured firewall or other security block in their system. I can ping and traceroute the DNS servers but get no response from UDP or TCP packets. Is there a tool that works like traceroute, only shows the route for TCP or UDP packets instead of the ICMP packets that traceroute uses?Make sure that the IS isn't blocking traffic coming back from a port 53, or too a port 53 (make sure both UDP and TCP is open since a large DNS relpy (over 1500 bytes I =think=) will get replied to oever TCP Edward Rustin Directory of Security, OnlineGuardians.org --------------------------------------------------------------------------- ----------------------------------------------------------------------------Just to correct some things, there are 3 seperate utilities: * traceroute - ICMP based. (IP proto 1) * tracepath - UDP based. (IP proto 17) * tcptraceroute - TCP based. (IP proto 6) All 3 work by manipulating the IP TTL field. They simply use differnt protocols inside the IP packet. (cat /etc/protocols). Then there's geotrace and xtraceroute which try to provide a graphical interface like VisualRoute does. Also, I think you meant "an ICMP packet is a type of IP packet", rather than "an ICMP packet is a type of UDP packet". ICMP is the control part of the IP layer, while UDP & TCP lie above IP. You could use DDP or your own RDP over IP and not have any TCP or UDP at all!
Correction to my own email :) : tcptraceroute uses TCP SYN packets as probe packets. It does not use the TTL mechanism. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: traceroute-like tool for UDP or TCP packets some guy (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet Edward Rustin (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet Ranjeet Shetye (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet Ranjeet Shetye (Aug 21)
- RE: traceroute-like tool for UDP or TCP packet David Gillett (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet Ranjeet Shetye (Aug 21)
- <Possible follow-ups>
- Re: traceroute-like tool for UDP or TCP packets A.C. Speelman (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet Edward Rustin (Aug 21)