Re: Regarding Ping and Traceroute

From: Shahid Ansari (shahid1357@gmail.com)
Date: Sat Aug 30 2008 - 03:17:51 ART

• Next message: Marc La Porte: "Monday is the day"
• Previous message: Joseph Brunner: "RE: BOREDOM....finished 1 lab in 10 days !!!!!!"
• Maybe in reply to: Raghav Bhargava: "Regarding Ping and Traceroute"
• Next in thread: Muhammad Nasim: "Re: Regarding Ping and Traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 and dont forget
"ICMP Unreachble" and "ICMP Source-quench" too
for inbound to work traceroute command

Thanks
Shahid

On Sat, Aug 30, 2008 at 2:00 AM, Felix Nkansah <felixnkansah@gmail.com>wrote:

> Hi Raghav,
>
> Maybe the packets traverse a firewall that allows ICMP 'echo reply' return
> packets back and not the other types of ICMP.
>
> I would suggest you configure the firewall to manually allow ICMP 'port
> unreachable' and ICMP 'time-exceeded' to traverse it inbounds from the
> outside.
>
> If you read more on the operation of the commonest type of traceroute, you
> would appreciate why even your stateful firewalls are unable to
> automatically permit return traffic for these ICMP types by default.
>
> Regards,
>
> Felix
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
Regards,
Shahid
Blogs and organic groups at http://www.ccie.net

• Next message: Marc La Porte: "Monday is the day"
• Previous message: Joseph Brunner: "RE: BOREDOM....finished 1 lab in 10 days !!!!!!"
• Maybe in reply to: Raghav Bhargava: "Regarding Ping and Traceroute"
• Next in thread: Muhammad Nasim: "Re: Regarding Ping and Traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART