[15578] in North American Network Operators' Group
Re: simple question as always..
daemon@ATHENA.MIT.EDU (Toshio Shigematsu)
Tue Mar 10 22:10:14 1998
To: danny@genuity.net, tatsuya@giganet.net
Cc: nanog@merit.edu
In-Reply-To: Your message of "Mon, 09 Mar 1998 18:33:56 -0700"
<199803100133.BAA06340@ice.genuity.net>
X-From: =?ISO-2022-JP?B?GyRCPUU+PhsoSiAgGyRCSVJDSxsoSg==?=
Date: Wed, 11 Mar 1998 11:59:52 +0900
From: Toshio Shigematsu <toshio@ioc.dnp.co.jp>
From: Danny McPherson <danny@genuity.net>
Subject: Re: simple question as always..
Date: Mon, 09 Mar 1998 18:33:56 -0700
Message-ID: <199803100133.BAA06340@ice.genuity.net>
Hi,
tatsuya> could someone explain to me why I can ping but traceroute
tatsuya> seems to have problem reaching it.
> The combination of a firewall (permitting ICMP echo replies/requests, but
> filtering your UDP traceroute probes) .. and a traceroute client that
> doesn't correctly handle (IMO) the response (ICMP Type 3, Code 13:
> Communication Administratively Prohibited).
tracert with WindowsNT4.0 uses ICMP ECHO messages for probing packets.
Hence one might go through the filtering router boxes. :)
tatsuya> I was told once that traceroute required each router on the
tatsuya> way to KNOW something whereas ping does not.
tatsuya> I just can not recall what this something is and I am
tatsuya> intend to find out.
traceroute ends its probing when it receives a ICMP port unreachable
message. Filtered by an IP gateway like cisco boxes, it receives
Communication Administratively Prohibited messages and continues
probing by incrementing IP TTL.
-------
Toshio Shigematsu
