Security Basics mailing list archives
RE: traceroute-like tool for UDP or TCP packet
From: "Brian Austin" <baustin () ableinc com>
Date: Thu, 21 Aug 2003 15:23:26 -0700
-----Original Message----- From: Edward Rustin [mailto:ed () well com] On Thu, 21 Aug 2003, some guy wrote:Linux uses UDP packets to traceroute, not ICMP packets like windows does. Hope that helps, -ScottNot really.... an ICMP packet is a type of UDP packet. Basicly traceroute works by sending a series of ICMP ECHO requests with increacing TTLs (time to live - how many hops the packet can travel before it dies and aPacket Timeout error is sent). A ping is also just a ICMP ECHO message, just with a defualt TTL, rather than a series of increasing TTLs.
Traceroute implementations vary across OS platforms. ICMP is used for Windows but not *nix OS's, usually. UDP is commonly used across Unix/Linux platforms. More here: http://www.freesoft.org/CIE/Topics/54.htm
Make sure that the IS isn't blocking traffic coming back from a port 53, or too a port 53 (make sure both UDP and TCP is open since a large DNS relpy (over 1500 bytes I =think=) will get replied to oever TCP Edward Rustin Directory of Security, OnlineGuardians.org
All DNS client requests/replies are UDP, regardless of size (they're rarely, if ever, big). DNS zone transfers, however, are TCP communications. BA --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: traceroute-like tool for UDP or TCP packet Brian Austin (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet James Fields (Aug 22)
- <Possible follow-ups>
- RE: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)
- RE: traceroute-like tool for UDP or TCP packet Meidinger Chris (Aug 22)
- RE: traceroute-like tool for UDP or TCP packet David Gillett (Aug 25)
- Re: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)