RE: Traceroute question

From: Huan Pham (huan.pham@valuenet.com.au)
Date: Wed Jan 23 2008 - 05:16:14 ARST

• Next message: shiran guez: "Re: Traffic shaping : Peak rate versus shape average"
• Previous message: Nigel.Johnson@barclayscapital.com: "RE: Traceroute question"
• Maybe in reply to: BALAKRISHNAN Balaji: "Traceroute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Balaji,

Host that initiate traceroute send UDP packets with unique increasing
source/destination ports.

The ICMP message sent from intermediate router has a field that contains 64
bits of original UDP packets (sent by the host/router originating
traceroute). That should include UDP source/destination port numbers, that
can be used to differentiate among different traceroute sessions, and UDP
packets among each trace session.

Please see the RFC for more clarification:

ftp://ftp.rfc-editor.org/in-notes/rfc792.txt

Destination Unreachable ICMP Message

    0 1 2 3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Type | Code | Checksum |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | unused |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   | Internet Header + 64 bits of Original Data Datagram |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

The internet header plus the first 64 bits of the original
datagram's data. This data is used by the host to match the
message to the appropriate process. If a higher level protocol
uses port numbers, they are assumed to be in the first 64 data
bits of the original datagram's data.

Cheers,
 
Huan

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
BALAKRISHNAN Balaji
Sent: Wednesday, 23 January 2008 10:02 AM
To: ccielab@groupstudy.com
Subject: Traceroute question

Group,

I have a question on the traceroute. When doing the traceroute,
intermediate routers sends back the ICMP "time exceeded" reply with its
own source-ip. How the router could correlate this reply to the
original trace route request ?? I could be sending multiple
simultaneous traceroutes ! What is the mechanism used here that makes
router to correlate the icmp exceeded reply coming from an intermediate
router to a specific trace-route request ??

- Bala.

• Next message: shiran guez: "Re: Traffic shaping : Peak rate versus shape average"
• Previous message: Nigel.Johnson@barclayscapital.com: "RE: Traceroute question"
• Maybe in reply to: BALAKRISHNAN Balaji: "Traceroute question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Feb 01 2008 - 10:38:01 ARST