[106786] in North American Network Operators' Group
Re: Traceroute and random UDP ports
daemon@ATHENA.MIT.EDU (Jeff Aitken)
Wed Aug 13 09:13:39 2008
Date: Wed, 13 Aug 2008 13:13:29 +0000
From: Jeff Aitken <jaitken@aitken.com>
To: John Kristoff <jtk@centergate.net>
In-Reply-To: <20080813075653.2d319ba0@t41-0>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Wed, Aug 13, 2008 at 07:56:53AM -0500, John Kristoff wrote:
> > Also, why do we increase the UDP port number with each subsequent
> > traceroute packet that is sent?
>
> I don't know definitively, but I have an of educated guess
>From /usr/src/contrib/traceroute/traceroute.c:
/*
* Notes
* -----
* [...]
* The udp port usage may appear bizarre (well, ok, it is bizarre).
* The problem is that an icmp message only contains 8 bytes of
* data from the original datagram. 8 bytes is the size of a udp
* header so, if we want to associate replies with the original
* datagram, the necessary information must be encoded into the
* udp header (the ip id could be used but there's no way to
* interlock with the kernel's assignment of ip id's and, anyway,
* it would have taken a lot more kernel hacking to allow this
* code to set the ip id). So, to allow two or more users to
* use traceroute simultaneously, we use this task's pid as the
* source port (the high bit is set to move the port number out
* of the "likely" range). To keep track of which probe is being
* replied to (so times and/or hop counts don't get confused by a
* reply that was delayed in transit), we increment the destination
* port number before each probe.
* [...]
* -- Van Jacobson (van@ee.lbl.gov)
* Tue Dec 20 03:50:13 PST 1988
*/
--Jeff
