North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Traceroute and random UDP ports
On Wed, Aug 13, 2008 at 07:56:53AM -0500, John Kristoff wrote: > > Also, why do we increase the UDP port number with each subsequent > > traceroute packet that is sent? > > I don't know definitively, but I have an of educated guess >From /usr/src/contrib/traceroute/traceroute.c: /* * Notes * ----- * [...] * The udp port usage may appear bizarre (well, ok, it is bizarre). * The problem is that an icmp message only contains 8 bytes of * data from the original datagram. 8 bytes is the size of a udp * header so, if we want to associate replies with the original * datagram, the necessary information must be encoded into the * udp header (the ip id could be used but there's no way to * interlock with the kernel's assignment of ip id's and, anyway, * it would have taken a lot more kernel hacking to allow this * code to set the ip id). So, to allow two or more users to * use traceroute simultaneously, we use this task's pid as the * source port (the high bit is set to move the port number out * of the "likely" range). To keep track of which probe is being * replied to (so times and/or hop counts don't get confused by a * reply that was delayed in transit), we increment the destination * port number before each probe. * [...] * -- Van Jacobson ([email protected]) * Tue Dec 20 03:50:13 PST 1988 */ --Jeff
|