Re: Traceroutes to Cisco Routers

[Frank Knobbe <frank () knobbe us>]

On Sat, 2004-06-05 at 05:55, Dieter Sarrazyn wrote:
> Performing the trace with udp packets (default on linux), the router
> answers with it's ip address of the interface closest to you (external
> interface of the router).
> Performing traces with icmp (-I flag in linux, default in windows), the
> router answers with it's ip address that you are tracing to (mostlikely
> the internal interface of the router).

Easily explained: The UDP traceroute works by collecting ICMP
unreachables. In essence, it is working of the lack of UDP responses.
(well, it doesn't expect one, it expects error codes). The ICMP
traceroute does receive a final Echo Reply packet back when the ICMP
Echo Request got delivered.

Multi-homed systems report error conditions from the closest interface
(i.e. WAN i/f says "sorry, can't route from WAN to LAN"). The ICMP Echo
Request is being sent to the LAN i/f, which will then reply with the
ICMP echo.

So, ICMP unreachables in UDP traceroutes come back from the WAN i/f
while the ICMP Echo Reply in the ICMP traceroute comes back from the LAN
i/f.

If the devices filters ICMP, you only get the last hop before the WAN
i/f while you don't get anything from either WAN or LAN i/f of the
device your tracerouting.

Regards,
Frank

PS: (Using WAN and LAN in lieu of external and internal).

Attachment: signature.asc
Description: This is a digitally signed message part