| Thomas Springer on 27 Oct 2004 08:46:02 -0000 |
|
Michael, you opened a bottle... :) looking at a tcpdump, i noticed, that the icmp-codes differ sometimes between icmp48 and icmp36 (standard seems to be icmp36): example tcpdump-output, done with tcpdump and tcpraceroute www.cnet.com: 09:38:03.656062 IP tbr1-cl1.cgcil.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.031439 IP tbr1-cl1.cgcil.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.139017 IP tbr1-cl1.cgcil.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.288830 IP tbr1-cl1.sffca.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.559572 IP tbr1-cl1.sffca.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.707395 IP tbr1-cl1.sffca.ip.att.net > xx.xx.192.133: icmp 48: time exceeded in-transit 09:38:04.854799 IP gar4-p300.sffca.ip.att.net > xx.xx.192.133: icmp 36: time exceeded in-transit 09:38:05.130433 IP gar4-p300.sffca.ip.att.net > xx.xx.192.133: icmp 36: time exceeded in-transit 09:38:05.277861 IP gar4-p300.sffca.ip.att.net > xx.xx.192.133: icmp 36: time exceeded in-transit many of my firewalled customers show the same behaviour. notice the different icmp-messages? any hints, whats hiding behind these different codes? -- Thomas Springer TUEV ICS - IT-Security -- Nach mir der Synflood. _______________________________________________ tcptraceroute-dev mailing list tcptraceroute-dev@netisland.net http://lists.netisland.net/mailman/listinfo/tcptraceroute-dev
|
|