Firewall Wizards mailing list archives
Re: traceroute
From: Bill_Royds () pch gc ca
Date: Sun, 1 Jul 2001 19:22:04 -0400
Here is an explanation by Van Jacobson of why he used UDP for Unix traceroutemrather than ICMP: (from http://www.informatik.uni-trier.de/~smith/networks/ref/jacobson.html) I sent mail to Mr. Jacobson with the simple query: Why did he implement traceroute using UDP packets for probes? During my exploratory implementation phase, I was at the point of creating a UDP packet to send out but realized there was a far simplier way to accomplish the same ends as sending a packet to a unlikely port on a host. Rather send an ICMP_ECHO message to the host, and terminate when an echo response is returned from the target machine. Here is Van Jacobson's reply. Mr. Jacobson was, at the time of his implementation, under different constraints than I am now. To: Craig Smith Subject: Re: Traceroute Date: Thu, 25 May 95 12:50:47 PDT From: Van Jacobson <van () ee lbl gov> The original ip spec (rfc791) said that you should never send an icmp error in reponse to an icmp packet. Several years later this was amended to "... in response to an icmp *error* packet" but, at the time that traceroute was written, most router vendors had implemented according to the original spec & wouldn't send an icmp time exceeded in response to an icmp echo or echo reply. I then tried using an unassigned ip protocol instead of udp but it turned out that crashed HPUX systems (remember this was ten years ago, IP was new & there were lots of flakey implementations). The only thing that worked & didn't appear to do damage was udp to a port range that wasn't (& still isn't) used very often. - Van _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: traceroute Bill_Royds (Jul 02)
- <Possible follow-ups>
- Re: traceroute Kevin Steves (Jul 02)