[93129] in North American Network Operators' Group
Re: Extreme Slowness
daemon@ATHENA.MIT.EDU (Mikael Abrahamsson)
Fri Oct 27 06:26:43 2006
Date: Fri, 27 Oct 2006 12:25:52 +0200 (CEST)
From: Mikael Abrahamsson <swmike@swm.pp.se>
To: nanog@merit.edu
In-Reply-To: <OF7257267D.C7411DDC-ON80257214.003780E8-80257214.00383521@btradianz.com>
Errors-To: owner-nanog@merit.edu
On Fri, 27 Oct 2006, Michael.Dillon@btradianz.com wrote:
> For the record, TCP traceroute and similar TCP based
> tools rely on the fact that if you send a TCP SYN
> packet to a host it will respond with either a
> TCP RST (if the port is NOT listening) or a TCP
> SYN/ACK. The round trip time of this provides useful
> information which is unaffected by any ICMP chicanery
> on the part of routers or firewalls. A polite application
> such as TCP traceroute will reply to the SYN/ACK with
> an RST packet so it is reasonably safe to use this tool
> with live services.
Intermediate nodes are still discovered by "ICMP TTL Exceeded in transit"
just like UDP based traceroute, ie the outgoing TCP SYN packet has a low
TTL.
So yes, tcptraceroute is good for getting thru firewalls in the forward
direction, but intermediate routers are discovered in the same way by you
getting an ICMP back because the TTL ran out.
--
Mikael Abrahamsson email: swmike@swm.pp.se
