Re: traceroute-like tool for UDP or TCP packet

[Ranjeet Shetye <ranjeet.shetye2 () zultys com>]

On Thu, 2003-08-21 at 09:36, Edward Rustin wrote:
> On Thu, 21 Aug 2003, some guy wrote:
>
> > Linux uses UDP packets to traceroute, not ICMP packets like windows does.
> > Hope that helps,
> > -Scott
>
> Not really.... an ICMP packet is a type of UDP packet. Basicly traceroute
> works by sending a series of ICMP ECHO requests with increacing TTLs (time
> to live - how many hops the packet can travel before it dies and aPacket
> Timeout error is sent). A ping is also just a ICMP ECHO message, just with
> a defualt TTL, rather than a series of increasing TTLs.
>
> > > From: "Kent James" <kent1 () caspia com>
> > > To: <security-basics () securityfocus com>
> > > Subject: traceroute-like tool for UDP or TCP packets
> > > Date: Wed, 20 Aug 2003 22:30:21 +0500
> > >
> > > One of the local ISPs is having trouble getting DNS information from
> > > Easydns. I suspect they have a misconfigured firewall or other security
> > > block in their system. I can ping and traceroute the DNS servers but get no
> > > response from UDP or TCP packets.
> > >
> > > Is there a tool that works like traceroute, only shows the route for TCP or
> > > UDP packets instead of the ICMP packets that traceroute uses?
>
> Make sure that the IS isn't blocking traffic coming back from a port 53,
> or too a port 53 (make sure both UDP and TCP is open since a large DNS
> relpy (over 1500 bytes I =think=) will get replied to oever TCP
>
> Edward Rustin
> Directory of Security, OnlineGuardians.org
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

Just to correct some things, there are 3 seperate utilities:

* traceroute - ICMP based. (IP proto 1)
* tracepath - UDP based. (IP proto 17)
* tcptraceroute - TCP based. (IP proto 6)

All 3 work by manipulating the IP TTL field. They simply use differnt
protocols inside the IP packet. (cat /etc/protocols).

Then there's geotrace and xtraceroute which try to provide a graphical
interface like VisualRoute does.

Also, I think you meant "an ICMP packet is a type of IP packet", rather
than "an ICMP packet is a type of UDP packet". ICMP is the control part
of the IP layer, while UDP & TCP lie above IP. You could use DDP or your
own RDP over IP and not have any TCP or UDP at all!

-- 

Ranjeet Shetye
Senior Software Engineer
Zultys Technologies
Ranjeet dot Shetye2 at Zultys dot com
http://www.zultys.com/
 
The views, opinions, and judgements expressed in this message are solely
those of the author. The message contents have not been reviewed or
approved by Zultys.



---------------------------------------------------------------------------
----------------------------------------------------------------------------