North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Extreme Slowness

  • From: Mikael Abrahamsson
  • Date: Fri Oct 27 06:27:40 2006

On Fri, 27 Oct 2006, [email protected] wrote:

For the record, TCP traceroute and similar TCP based
tools rely on the fact that if you send a TCP SYN
packet to a host it will respond with either a
TCP RST (if the port is NOT listening) or a TCP
SYN/ACK. The round trip time of this provides useful
information which is unaffected by any ICMP chicanery
on the part of routers or firewalls. A polite application
such as TCP traceroute will reply to the SYN/ACK with
an RST packet so it is reasonably safe to use this tool
with live services.
Intermediate nodes are still discovered by "ICMP TTL Exceeded in transit" just like UDP based traceroute, ie the outgoing TCP SYN packet has a low TTL.

So yes, tcptraceroute is good for getting thru firewalls in the forward direction, but intermediate routers are discovered in the same way by you getting an ICMP back because the TTL ran out.

Mikael Abrahamsson email: [email protected]