Re: Strange traceroute response - TCP-IP

This is a discussion on Re: Strange traceroute response - TCP-IP ; >So the most reliable way to tell that you've reached the final >destination is to look for a response other than ICMP TTL Exceeded. What if we get a response from the actual target ip address? Should we care what ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: Re: Strange traceroute response

  1. Re: Strange traceroute response

    >So the most reliable way to tell that you've reached the final
    >destination is to look for a response other than ICMP TTL Exceeded.


    What if we get a response from the actual target ip address?
    Should we care what the ICMP code is ?


  2. Re: Strange traceroute response

    In article <1146547907.150747.123160@v46g2000cwv.googlegroups. com>,
    "VivekRajan" wrote:

    > >So the most reliable way to tell that you've reached the final
    > >destination is to look for a response other than ICMP TTL Exceeded.

    >
    > What if we get a response from the actual target ip address?
    > Should we care what the ICMP code is ?


    Yes. If the response is TTL Exceeded, then it's apparently a router
    with port forwarding enabled, so you should keep going. Which seems to
    be preciely what was happening in the original post.

    --
    Barry Margolin, barmar@alum.mit.edu
    Arlington, MA
    *** PLEASE post questions in newsgroups, not directly to me ***
    *** PLEASE don't copy me on replies, I'll read them in the group ***

  3. Re: Strange traceroute response

    Barry Margolin wrote:
    > Yes. If the response is TTL Exceeded, then it's apparently a router
    > with port forwarding enabled, so you should keep going.


    Yes, and it doesn't necessarily need to have port forwarding enabled
    either. It could simply (for reasons unknown) have been configured to
    forward all traffic for itself to another box, or could for instance
    distinguish between the different protocols.


    > Which seems to be preciely what was happening in the original post.


    Obviously! And I've found that the same thing happens with several other
    destination addresses too. However, I start to think that maybe this
    could be a poor or erroneous configuration in the specific case, because
    once packets have "escaped" past the destination they seem to be lost
    forever (or dropped). Anyway it makes diagnozing connections a tad
    harder, which is bad for the good guys and good for the bad guys ...

    --
    -+-Ben-+-

+ Reply to Thread