[63192] in North American Network Operators' Group
Re: ICMP Blocking Woes
daemon@ATHENA.MIT.EDU (Paul Timmins)
Mon Sep 29 16:32:04 2003
From: Paul Timmins <paul@timmins.net>
To: "Steven M. Bellovin" <smb@research.att.com>
Cc: ekgermann@cctec.com,
"Stephen J. Wilcox" <steve@telecomplete.co.uk>,
CA Windon <lnxguru@yahoo.com>, nanog@merit.edu
In-Reply-To: <20030929201059.2C25A7B43@berkshire.research.att.com>
Date: Mon, 29 Sep 2003 16:30:56 -0400
Errors-To: owner-nanog-outgoing@merit.edu
On Mon, 2003-09-29 at 16:10, Steven M. Bellovin wrote:
> In message <NDBBJJPLIGJGLBKILFIHMEPLMIAA.ekgermann@cctec.com>, "Eric Germann" w
> rites:
> >
> >winders does use udp instead of icmp in their tracert program, IIRC (or at
> >least they used to). At the risk of getting my head blown off, could we say
> >that was foresight :)
> >
> No, they use icmp. Or at least that's what the XP box sitting next to
> me does...
So far I've seen is it uses UDP with a TTL that increments by one for
each hop. The ICMP time exceeded message is returned from the interface
of the router closest to you, and then windows tries to ping the hop. If
it can't do this, it displays * * *.
Why it needs do this rather than simply use only UDP like the rest of
the world, I don't know. But leave it to microsoft to be different...
-Paul
--
Paul Timmins <paul@timmins.net>
