Security Basics mailing list archives

RE: traceroute-like tool for UDP or TCP packet

From: Meidinger Chris <chris.meidinger () badenit de>
Date: Fri, 22 Aug 2003 11:36:11 +0100

To clear the last bit up:

there is no UDP echo-request packet except (and this is a stretch) against
the echo small server which is rarely running.

Linux traceroute sends UDP packets against high ports above 33000 and counts
the ICMP Host-Unreachables then pings (Echo-Request) at the end to confirm
the ICMP Port-Unreachable.

Windows tracert uses ICMP Echo-Request and counts ICMP Unreachables until it
gets an Echo-Reply

Both increment the TTL to enumerate the next host on hand of the reply
packet, whichever is being looked for.

ICMP is a seperate protocol and not part of UDP (as already mentioned)

badenIT GmbH
System Support
 
Chris Meidinger
Tullastrasse 70
79108 Freiburg


-----Original Message-----
From: David Gillett [mailto:gillettdavid () fhda edu]
Sent: Friday, August 22, 2003 1:08 AM
To: 'Edward Rustin'; 'some guy'
Cc: security-basics () securityfocus com
Subject: RE: traceroute-like tool for UDP or TCP packet

Linux uses UDP packets to traceroute, not ICMP packets like 
windows does.


Not really.... an ICMP packet is a type of UDP packet.


  Nope.  ICMP and UDP are different protocols on top of IP.

Basicly traceroute works by sending a series of ICMP ECHO 
requests with increacing TTLs (time to live - how many hops 
the packet can travel before it dies and aPacket
Timeout error is sent).


  What kind of packet traceroute sends depends on what the
author chose to use.  The two most common are UDP echo-request
and ICMP echo-request, because the target host should reply
with a UDP echo or ICMP echo (respectively) instead of the 
ICMP time-exceeded which intermediate routers will send when
TTL expires.

A ping is also just a ICMP ECHO message, just with
a defualt TTL, rather than a series of increasing TTLs.


  ICMP echo-request, actually; ICMP echo is the answer coming
back.

David Gillett



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

RE: traceroute-like tool for UDP or TCP packet Brian Austin (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet James Fields (Aug 22)
- <Possible follow-ups>
- RE: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)
- RE: traceroute-like tool for UDP or TCP packet Meidinger Chris (Aug 22)
  - RE: traceroute-like tool for UDP or TCP packet David Gillett (Aug 25)
- Re: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)