Penetration Testing mailing list archives
Re: Traceroutes to Cisco Routers
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: Tue, 8 Jun 2004 12:49:32 -0700
* Dieter Sarrazyn (dsr () ascure com) wrote:
Hi all, While performing pentests, I noticed some (strange) behaviour with tracerouting to cisco routers. Performing the trace with udp packets (default on linux), the router answers with it's ip address of the interface closest to you (external interface of the router). Performing traces with icmp (-I flag in linux, default in windows), the router answers with it's ip address that you are tracing to (mostlikely the internal interface of the router). Anybody noticed this behaviour as well? Has somebody an explanation for this? Regards, Dieter
never tried it or noticed it but it sounds like the udp ping is being routed in a standard manner, while the icmp response code path is short-circuited and "switched" rather than routed, if you get my meaning. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys.
Current thread:
- Traceroutes to Cisco Routers Dieter Sarrazyn (Jun 07)
- Re: Traceroutes to Cisco Routers Ranjeet Shetye (Jun 09)
- Re: Traceroutes to Cisco Routers James Fields (Jun 10)
- Re: Traceroutes to Cisco Routers Frank Knobbe (Jun 10)
- <Possible follow-ups>
- Re: Traceroutes to Cisco Routers juan . losada (Jun 10)