From: Muhammad Nasim (muhammad.nasim@gmail.com)
Date: Sat Aug 30 2008 - 03:45:33 ART
Cisco router and swithces worked on UDP STYLE (UNIX style) for TRACE ROUTE.
so if UDP is blocked on ports 33434
http://www.cisco.com/en/US/tech/tk364/technologies_tech_note09186a00801ae32a.shtml
HTH
2008/8/30 Shahid Ansari <shahid1357@gmail.com>
> and dont forget
> "ICMP Unreachble" and "ICMP Source-quench" too
> for inbound to work traceroute command
>
> Thanks
> Shahid
>
> On Sat, Aug 30, 2008 at 2:00 AM, Felix Nkansah <felixnkansah@gmail.com
> >wrote:
>
> > Hi Raghav,
> >
> > Maybe the packets traverse a firewall that allows ICMP 'echo reply'
> return
> > packets back and not the other types of ICMP.
> >
> > I would suggest you configure the firewall to manually allow ICMP 'port
> > unreachable' and ICMP 'time-exceeded' to traverse it inbounds from the
> > outside.
> >
> > If you read more on the operation of the commonest type of traceroute,
> you
> > would appreciate why even your stateful firewalls are unable to
> > automatically permit return traffic for these ICMP types by default.
> >
> > Regards,
> >
> > Felix
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
> >
>
>
> --
> Regards,
>
> Shahid
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
-- Muhammad Nasim Network Engineer Saudi ArabiaBlogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART