traceroute works by sending *UDP* packets with short TTLs. The packets are sent
to a random high-numbered port on the target host.
ICMP is used for the reply messages, of which there are two:
- Time exceeded (sent by a router when the packet's TTL expires)
- Unreachable port (sent by the target host, because there is no service
listening on random high-numbered port, well at least you hope there isn't :)
Christopher Zarcone - Data Communications Design Analyst
Lockheed Martin Enterprise Information Systems
com * Chris .
com * czarcone @
My opinions do not necessarily reflect those of my employer.
>Maybe I'm just stupid today, but isn't traceroute just a series of ICMP packets
>with a specific Time-To-Live set in stages? And if ICMP packets are allowed,
>how do you block the "traceroute" program?