Re: Traceroute Block

From: But Nicky (lyredhair@gmail.com)
Date: Mon Nov 24 2008 - 22:01:19 ARST

• Next message: Jian Gu: "Re: CCIE True Interview Story"
• Previous message: Brian Dennis: "Re: How do I advertise the true subnet mask of loopbacks?"
• Maybe in reply to: GAURAV MADAN: "Traceroute Block"
• Next in thread: Scott M Vermillion: "RE: Traceroute Block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi all,
Traceroute uses three ICMP messages: echo (type: 8), time-exceeded (type:
11), port-unreachable (Type: 3, code:3).
pls correct me, if I am wrong.

Regards,
But Nguyen.

On Mon, Nov 24, 2008 at 11:25 PM, Scott M Vermillion <
scott_ccie_list@it-ag.com> wrote:

> Hey Gaurav,
>
> I believe that the 'traceroute' keyword has to do with ICMP Type Code 30
> (http://www.iana.org/assignments/icmp-parameters). This never got any
> traction and thus is pretty much a historical footnote in IOS.
> (http://www.faqs.org/rfcs/rfc1393.html)
>
> Just to prove this to yourself, do the following:
>
> R1(config-ext-nacl)#deny icmp any any 30
> R1(config-ext-nacl)#do sh ip access
> Extended IP access list test
> 10 deny icmp any any traceroute
>
> Regards,
>
> Scott
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> GAURAV MADAN
> Sent: Monday, November 24, 2008 6:58 AM
> To: ccie forum
> Subject: Traceroute Block
>
> HI Group
>
> Can someone please confirm if following do the same purpose or are diff :
>
> R1(config-if)#do sh ip access-li
> Extended IP access list TEST
> 10 deny icmp any any traceroute
> 20 permit ip any any
>
> Extended IP access list TEST1
> 10 deny udp any any range 33400 34400 log
> 20 permit ip any any
> I found 2nd one working for me ..
> I actually configured 1st ACL thinking it will work . but it didnt ..
> finally googled it to find UDP ports ..
> Can someone plzz lemme know where am i missing and how to test this one
>
> Gaurav Madan
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jian Gu: "Re: CCIE True Interview Story"
• Previous message: Brian Dennis: "Re: How do I advertise the true subnet mask of loopbacks?"
• Maybe in reply to: GAURAV MADAN: "Traceroute Block"
• Next in thread: Scott M Vermillion: "RE: Traceroute Block"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Dec 01 2008 - 08:18:32 ARST