nanog mailing list archives
Re: Extreme Slowness
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Fri, 27 Oct 2006 12:25:52 +0200 (CEST)
On Fri, 27 Oct 2006, Michael.Dillon () btradianz com wrote:
For the record, TCP traceroute and similar TCP based tools rely on the fact that if you send a TCP SYN packet to a host it will respond with either a TCP RST (if the port is NOT listening) or a TCP SYN/ACK. The round trip time of this provides useful information which is unaffected by any ICMP chicanery on the part of routers or firewalls. A polite application such as TCP traceroute will reply to the SYN/ACK with an RST packet so it is reasonably safe to use this tool with live services.
Intermediate nodes are still discovered by "ICMP TTL Exceeded in transit" just like UDP based traceroute, ie the outgoing TCP SYN packet has a low TTL.
So yes, tcptraceroute is good for getting thru firewalls in the forward direction, but intermediate routers are discovered in the same way by you getting an ICMP back because the TTL ran out.
-- Mikael Abrahamsson email: swmike () swm pp se
Current thread:
- Re: Extreme Slowness, (continued)
- Re: Extreme Slowness Elijah Savage (Oct 27)
- Re: Extreme Slowness W. Kevin Hunt (Oct 27)
- Re: Extreme Slowness Adam Rothschild (Oct 27)
- Re: Extreme Slowness Elijah Savage (Oct 26)
- Re: Extreme Slowness Aaron Glenn (Oct 26)
- Re: Extreme Slowness Elijah Savage (Oct 26)
- Re: Extreme Slowness Elijah Savage (Oct 26)
- Re: Extreme Slowness Elijah Savage (Oct 26)
- Re: Extreme Slowness Jeremy Chadwick (Oct 26)
- Re: Extreme Slowness Michael . Dillon (Oct 27)
- Re: Extreme Slowness Mikael Abrahamsson (Oct 27)
- ICMP & PathMTU (was: Re: Extreme Slowness) Jim Popovitch (Oct 26)
- Re: ICMP & PathMTU (was: Re: Extreme Slowness) Randy Bush (Oct 26)
- Re: ICMP & PathMTU Florian Weimer (Oct 27)