RE: ICMP Well-Known Port

[Matt Carothers <matt () telepath com>]

On Thu, 30 Sep 1999 GibsonB () gruntal com wrote:

> Paul,
>
> Actually echo does not use ICMP.  It uses UDP(normally).  Traceroute(under
> Unix) uses echo to determine route paths while Ping uses Icmp to determine
> verious status information.

By default, unix traceroute works by hurling UDP packets with successively 
higher TTLs at high-numbered ports and waiting for time exceeded and port 
unreachable ICMPs.  It can also work by sending ICMP echo requests instead
of UDP packets.

Check out http://www.packetfactory.net/firewalk/firewalk-final.html for a
good description of traceroute and some interesting ways to abuse it.

- Matt