Re: traceroute

[Bill_Royds () pch gc ca]

Here is an explanation by Van Jacobson of why he  used UDP for Unix
traceroutemrather than ICMP:

(from http://www.informatik.uni-trier.de/~smith/networks/ref/jacobson.html)

I sent mail to Mr. Jacobson with the simple query: Why did he implement
traceroute using UDP packets for probes? During my exploratory implementation
phase, I was at the point of creating a UDP packet to send out but realized
there was a far simplier way to accomplish the same ends as sending a packet to
a unlikely port on a host. Rather send an ICMP_ECHO message to the host, and
terminate when an echo response is returned from the target machine. Here is Van
Jacobson's reply. Mr. Jacobson was, at the time of his implementation, under
different constraints than I am now.
To: Craig Smith
Subject: Re: Traceroute
Date: Thu, 25 May 95 12:50:47 PDT
From: Van Jacobson <van () ee lbl gov>

The original ip spec (rfc791) said that you should never send an
icmp error in reponse to an icmp packet.  Several years later
this was amended to "... in response to an icmp *error* packet" but,
at the time that traceroute was written, most router vendors had
implemented according to the original spec & wouldn't send an
icmp time exceeded in response to an icmp echo or echo reply.  I
then tried using an unassigned ip protocol instead of udp but it
turned out that crashed HPUX systems (remember this was ten
years ago, IP was new & there were lots of flakey implementations).
The only thing that worked & didn't appear to do damage was
udp to a port range that wasn't (& still isn't) used very often.

 - Van


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards