From: Mark Olson (molson@xxxxxxxxxx)
Date: Fri Nov 05 1999 - 12:14:49 GMT-3
The trace command uses UDP ports greater than 30,000 as both the
source and destination. Usually you see the destination port start at
33,434 and increment . But, I thought I remember seeing something on Cisco's
web
a long, long time ago saying that ports > 30,000 are used. The easiest way
to see what is happening is to turn on 'debug ip packet detail' on one of your
routers and 'trace' or 'traceroute' to it from one of your other routers.
Basically,
your access-list on R2 will need to be concerned about UDP ports greater than
30,000.
Hope that helps!
Mark
Muralidhar Devarasetty wrote:
> Hi all,
> Any one is playing around with extended access lists?
> I just found some exercises from www.fatkid.com, and playing around with
> them.I have tried to creat an access list for controlling traceroute.
> I wanted to know the prot use by it.I remember some one in the group sending
> all the port details.WhenI go thr' it I found traceroute uses port no
> "33434"
> Is that so? How can I control non standard portno?
> WhenI tried to find other possibiliteis I found traceroute option in ICMP.
> But when I tried it it doesn't seam to work.
> --R1---R2---R3---
> My aim is r2 should not permit traceroute from r1 to r3.
> I written an extended access list at r2 applied to so i/f (connected to
> r1)to deny trace route from any to any.
> WhenI do trace route from r1 to r3 it is passing the traffic.And I am
> getting the complete path.
> I thought problem could be any to any and tried to change from any to
> specific routes of r1 and r3.Still I am facing the same problem.
> Any ideas?????
> MK
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:55 GMT-3