RE: icmp - time-exceeded vs ttl-exceeded

From: Scott Morris (swm@emanon.com)
Date: Mon Jun 20 2005 - 21:17:10 GMT-3

• Next message: Scott Morris: "RE: osfp reference bandwith"
• Previous message: John Matus: "valid logging command??"
• Maybe in reply to: ccie2be: "RE: icmp - time-exceeded vs ttl-exceeded"
• Next in thread: Brian Dennis: "RE: icmp - time-exceeded vs ttl-exceeded"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Likely not... But a google search never hurts either. :)

TTL exceeded has to do with that TTL hop count thing we all love.

Time-exceeded has to do with time to reassemble fragmented packets.

http://www.networksorcery.com/enp/protocol/icmp/msg11.htm

You do also need to ponder where to draw the line between useful and inane.
While the lab does come up with some really oddball stuff to test your
knowledge of a protocol's operation, everything is searchable on the DocCD
someplace!

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Monday, June 20, 2005 6:25 PM
To: 'Brian Dennis'; 'Group Study'
Subject: RE: icmp - time-exceeded vs ttl-exceeded

Hi Brian,

As you suggested I did look through the archives and found some interesting
things that refreshed my memory about reflexive acl's and Traceroute in
general.

But, none of the posts I could find talked about the difference between
time-exceeded vs ttl-exceeded.

I accept the fact that I need to permit time-exceeded to fulfill the tasks
in IE lab 2 and 3, but I'm still curious as to the difference between these
2 icmp options.

My hope is that if I really knew the difference, it would be easier to
remember which one to use under the pressure of the lab.

Thanks, Tim

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Brian Dennis
Sent: Monday, June 20, 2005 5:31 PM
To: ccie2be; Group Study
Subject: RE: icmp - time-exceede vs ttl-exceeded

Tim,
        You should search the archive as there was a long discussion on this
topic about a year ago. Also as far as using the traceroute option for the
ICMP type, if you understand how traceroute works you'll know why you don't
use it.

Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
 
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
ccie2be
Sent: Monday, June 20, 2005 2:02 PM
To: Group Study
Subject: icmp - time-exceede vs ttl-exceeded

Hi guys,
 
Let's assume I want to configure a reflexive acl which allows Traceroute
packets back in.
 
I'm trying to make sure I select the correct icmp type packet to allow
back-in. But, when I do the following I see lots of options.
 
R5(config)#access-list 101 perm icmp any any ?
  <0-255> ICMP message type
  administratively-prohibited Administratively prohibited
  alternate-address Alternate address
  conversion-error Datagram conversion
  dod-host-prohibited Host prohibited
  dod-net-prohibited Net prohibited
  dscp Match packets with given dscp value
  echo Echo (ping)
  echo-reply Echo reply
  fragments Check non-initial fragments
  general-parameter-problem Parameter problem
  host-isolated Host isolated
  host-precedence-unreachable Host unreachable for precedence
  host-redirect Host redirect
  host-tos-redirect Host redirect for TOS
  host-tos-unreachable Host unreachable for TOS
  host-unknown Host unknown
  host-unreachable Host unreachable
  information-reply Information replies
  information-request Information requests
  log Log matches against this entry
  log-input Log matches against this entry, including
input
                               interface
  mask-reply Mask replies
  mask-request Mask requests
  mobile-redirect Mobile host redirect
  net-redirect Network redirect
  net-tos-redirect Net redirect for TOS
  net-tos-unreachable Network unreachable for TOS
  net-unreachable Net unreachable
  network-unknown Network unknown
  no-room-for-option Parameter required but no room
  option-missing Parameter required but not present
  packet-too-big Fragmentation needed and DF set
  parameter-problem All parameter problems
  port-unreachable Port unreachable
  precedence Match packets with given precedence value
  precedence-unreachable Precedence cutoff
  protocol-unreachable Protocol unreachable
  reassembly-timeout Reassembly timeout
  redirect All redirects
  router-advertisement Router discovery advertisements
  router-solicitation Router discovery solicitations
  source-quench Source quenches
  source-route-failed Source route failed
 
 
  time-exceeded All time exceededs <-----
**************
 
 
  time-range Specify a time-range
  timestamp-reply Timestamp replies
  timestamp-request Timestamp requests
  tos Match packets with given TOS value
 
 
  traceroute Traceroute
<-----------#############
 
 
  ttl-exceeded TTL exceeded
<-------------*****************
 
 
 
  unreachable All unreachables
       <cr>
 
 
Notice how similar the 2 "starred" options look. What's the difference
between these 2 options?
 
Also, if I need to allow Traceroute back-in, why wouldn't I use the
traceroute option?
 
TIA, Tim

• Next message: Scott Morris: "RE: osfp reference bandwith"
• Previous message: John Matus: "valid logging command??"
• Maybe in reply to: ccie2be: "RE: icmp - time-exceeded vs ttl-exceeded"
• Next in thread: Brian Dennis: "RE: icmp - time-exceeded vs ttl-exceeded"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Jul 06 2005 - 14:43:42 GMT-3