[Cerowrt-devel] ping icmp ttl exceeded

Maciej Soltysiak maciej at soltysiak.com
Mon Feb 4 09:17:09 EST 2013


On Mon, Feb 4, 2013 at 8:41 AM, Dave Taht <dave.taht at gmail.com> wrote:

> Heh. I turned out I'd left mtr running in another window...

Yeah, exactly. Decreasing TTLs suggest traceroute tools :-)

As Ketan noted, it's best to decode what's in the ICMP TTL exceeded payload
to see what packet triggered this.

traceroute uses ICMP ECHO REQUEST
tracepath uses UDP
tcptraceroute uses TCP SYN (this tools is actually usefull to check if your
packets go different routes depending on the port they're going to, e.g.
detecting a transparent proxy which shows up for port 80, but not for
others)

There are other tools which could be used to do the same with different
types of packets, say, crafting a fake ICMP ECHO REPLY to see how good at
being stateful are the firewalls on the path.

Regards,
Maciej
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.bufferbloat.net/pipermail/cerowrt-devel/attachments/20130204/b2a3713f/attachment-0002.html>


More information about the Cerowrt-devel mailing list