Why some hosts in Internet not prefer to be traceroute-d ?
- From: Ashish Shukla <wahjava@xxxxxxxxx>
- Date: Mon, 24 Sep 2007 20:00:52 -0000
Hi,
I'm not sure if this post comes under topic for this list, or right
place to clear my networking doubts, so tagging this post "[OT]".
I've traceroute-d hundreds of hosts and noticed some of the routers in
the routes or endpoint hosts prefer not to respond to traceroute's
i.e. not to send a TTL exceeded ICMP packet back to the host. As I
don't have any experience of working in a large network, so if someone
could tell me sysadmins used to creates such rules in their firewall,
like dropping TTL exceeded ICMP packets (dropping such packets in
their OUTPUT chain of their *iptables*, if they're running some Linux
router) .
I used to traceroute in unprivileged user mode, which is using UDP
probes. So do these sysadmins prefer blocking ICMP "TTL exceeded"
replies for UDP packets, than ICMP "TTL exceeded" for ICMP ECHO
packets, hmm... ? Or there is no such thing like blocking ICMP "TTL
exceeded" reply associated with a UDP packet, hmm... ?
What's the difference between a router and a endpoint host from
point-of-view of traceroute ?
Why some endpoint host, which has been blocking ICMP "TTL exceeded"
for
UDP packet, is allowing "traceroute" associated with a UDP packet
for a listening port. This I encountered while trying to "traceroute
66.179.175.2". I've posted the whole experience at following URL:
http://wahjava.wordpress.com/2007/09/22/why-some-servers-dont-respond-to-default-traceroute/
BtW, above host can be tracerouted using ICMP but not UDP:
-- begin dump --
[wahjava@chatteau ~]$ sudo traceroute -n -I 66.179.175.2
Password:
traceroute to 66.179.175.2 (66.179.175.2), 30 hops max, 40 byte
packets
1 * * *
2 202.56.215.230 38.221 ms 41.175 ms 43.159 ms
3 122.160.220.154 45.114 ms 47.115 ms 49.081 ms
4 203.101.83.197 51.073 ms * 53.020 ms
5 125.21.167.25 111.045 ms 112.970 ms 115.947 ms
6 208.192.179.97 350.955 ms 321.876 ms 320.912 ms
7 152.63.22.74 331.900 ms 331.915 ms 331.925 ms
8 152.63.96.10 380.930 ms 380.894 ms 380.924 ms
9 152.63.97.21 373.886 ms 375.914 ms 374.944 ms
10 157.130.155.154 375.842 ms 376.888 ms 384.888 ms
11 66.179.168.11 366.902 ms 366.932 ms 366.901 ms
12 66.179.80.100 362.945 ms 362.918 ms 363.908 ms
13 66.179.175.2 376.909 ms 381.914 ms 380.902 ms
14 66.179.175.2 375.000 ms 374.957 ms 373.920 ms
-- end dump --
Thanks in advance.
Ashish Shukla
--
http://wahjava.wordpress.com/
.
- Follow-Ups:
- Prev by Date: Re: Network packet loss possible inside the linux kernel?
- Next by Date: Cannot send mail to the root account
- Previous by thread: TCP client machine (Linux) sent the unexpected RST right after the SYN was sent - libnet_write(l) was used
- Next by thread: Re: Why some hosts in Internet not prefer to be traceroute-d ?
- Index(es):
Relevant Pages
|
