Re: traceroute-like tool for UDP or TCP packet

[Edward Rustin <ed () well com>]

On Thu, 21 Aug 2003, some guy wrote:

> Linux uses UDP packets to traceroute, not ICMP packets like windows does.
> Hope that helps,
> -Scott

Not really.... an ICMP packet is a type of UDP packet. Basicly traceroute
works by sending a series of ICMP ECHO requests with increacing TTLs (time
to live - how many hops the packet can travel before it dies and aPacket
Timeout error is sent). A ping is also just a ICMP ECHO message, just with
a defualt TTL, rather than a series of increasing TTLs.

> > From: "Kent James" <kent1 () caspia com>
> > To: <security-basics () securityfocus com>
> > Subject: traceroute-like tool for UDP or TCP packets
> > Date: Wed, 20 Aug 2003 22:30:21 +0500
> >
> > One of the local ISPs is having trouble getting DNS information from
> > Easydns. I suspect they have a misconfigured firewall or other security
> > block in their system. I can ping and traceroute the DNS servers but get no
> > response from UDP or TCP packets.
> >
> > Is there a tool that works like traceroute, only shows the route for TCP or
> > UDP packets instead of the ICMP packets that traceroute uses?

Make sure that the IS isn't blocking traffic coming back from a port 53,
or too a port 53 (make sure both UDP and TCP is open since a large DNS
relpy (over 1500 bytes I =think=) will get replied to oever TCP

Edward Rustin
Directory of Security, OnlineGuardians.org


---------------------------------------------------------------------------
----------------------------------------------------------------------------