[tcptra-dev] tcpdump showing more than tcptraceroute

Thomas Springer on 26 Oct 2004 15:38:04 -0000

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[tcptra-dev] tcpdump showing more than tcptraceroute

From: Thomas Springer <tuevsec@gmx.net>

To: tcptraceroute-dev@netisland.net

Subject: [tcptra-dev] tcpdump showing more than tcptraceroute

Date: Tue, 26 Oct 2004 17:37:31 +0200

List-archive: <http://lists.netisland.net/archives/tcptraceroute-dev/>

Organization: TÜV Süddeutschland

Reply-to: tcptraceroute-dev@netisland.net

Sender: tcptraceroute-dev-admin@netisland.net

User-agent: Mozilla Thunderbird 0.7.3 (Windows/20040803)

Hi,

to have a look at tcptraceroute working i did a parallel tethereal -i eth1 proto ICMP tcptraceroute pages.ebay.de

tcptraceroute says: [first 2 steps deleted] 3 m-ea1.m.de.net.dtag.de (62.154.10.157) 1.946 ms 1.422 ms 1.736 ms 4 paix-gw12.sfo.us.net.dtag.de (62.154.5.245) 175.966 ms 174.662 ms 174.818 ms 5 62.159.124.58 (62.159.124.58) 176.242 ms 176.144 ms 176.439 ms 6 66.135.207.54 (66.135.207.54) 176.203 ms 176.401 ms 177.054 ms 7 10.6.1.30 (10.6.1.30) 175.112 ms 174.409 ms 174.028 ms 8 10.8.1.106 (10.8.1.106) 174.279 ms 174.141 ms 174.261 ms 9 * * * 10 pages.ebay.de (66.135.208.85) [open] 173.811 ms 174.205 ms 174.729 ms

tethereal (like tcpdump!) says (IP xxx'ed for privacy):

19.958728 62.154.10.157 -> xxx.xx.192.133 ICMP Time-to-live exceeded 19.961284 62.154.10.157 -> xxx.xx.192.133 ICMP Time-to-live exceeded 19.962923 62.154.10.157 -> xxx.xx.192.133 ICMP Time-to-live exceeded 20.139114 62.154.5.245 -> xxx.xx.192.133 ICMP Time-to-live exceeded 20.315708 62.154.5.245 -> xxx.xx.192.133 ICMP Time-to-live exceeded 20.490535 62.154.5.245 -> xxx.xx.192.133 ICMP Time-to-live exceeded 20.666936 62.159.124.58 -> xxx.xx.192.133 ICMP Time-to-live exceeded 20.873865 62.159.124.58 -> xxx.xx.192.133 ICMP Time-to-live exceeded 21.050478 62.159.124.58 -> xxx.xx.192.133 ICMP Time-to-live exceeded 21.226928 66.135.207.54 -> xxx.xx.192.133 ICMP Time-to-live exceeded 21.583604 66.135.207.54 -> xxx.xx.192.133 ICMP Time-to-live exceeded 21.760709 66.135.207.54 -> xxx.xx.192.133 ICMP Time-to-live exceeded 21.936015 10.6.1.30 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.110658 10.6.1.30 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.284814 10.6.1.30 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.459307 10.8.1.106 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.633670 10.8.1.106 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.808153 10.8.1.106 -> xxx.xx.192.133 ICMP Time-to-live exceeded 22.983260 10.8.105.14 -> xxx.xx.192.133 ICMP Time-to-live exceeded 25.987368 10.8.105.14 -> xxx.xx.192.133 ICMP Time-to-live exceeded 28.996546 10.8.105.14 -> xxx.xx.192.133 ICMP Time-to-live exceeded

Why won't tcptrace display the last ip-adress (10.8.105.14), when it shows up in the icmp-packets?

Im using the debian-package, "tcptraceroute 1.4 (2002-07-30)".

any hints?

--

Thomas Springer TUEV ICS - IT-Security

-- Nach mir der Synflood. _______________________________________________ tcptraceroute-dev mailing list tcptraceroute-dev@netisland.net http://lists.netisland.net/mailman/listinfo/tcptraceroute-dev

Follow-Ups:

Re: [tcptra-dev] tcpdump showing more than tcptraceroute
From: "Michael C. Toren" <mct@toren.net>

Prev by Date: [tcptra-dev] MingW port, binary information

Next by Date: Re: [tcptra-dev] tcpdump showing more than tcptraceroute

Previous by thread: Re: [tcptra-dev] MingW port, binary information

Next by thread: Re: [tcptra-dev] tcpdump showing more than tcptraceroute

Index(es):

Date

Thread