From owner-freebsd-questions Wed May 31 15: 8: 2 2000 Delivered-To: freebsd-questions@freebsd.org Received: from hydrant.intranova.net (hydrant.intranova.net [209.201.95.10]) by hub.freebsd.org (Postfix) with ESMTP id CEAEE37B930 for ; Wed, 31 May 2000 15:07:57 -0700 (PDT) (envelope-from oogali@intranova.net) Received: from localhost (localhost [127.0.0.1]) by hydrant.intranova.net (Postfix) with ESMTP id F3BAAE1252; Wed, 31 May 2000 18:09:19 -0400 (EDT) Date: Wed, 31 May 2000 18:09:19 -0400 (EDT) From: Omachonu Ogali To: Roelof Osinga Cc: The Hermit Hacker , freebsd-questions@FreeBSD.ORG Subject: Re: tracerouting switches, routers and hosts ... In-Reply-To: <39358740.AF0FEB9B@nisser.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Not necessarily ICMP requests, but these devices aren't decrementing the TTL on the IP datagram, hence they will not show up. Unless they are doing filtering, or making decisions based on the source and/or destinations of the datagram, they should not need to decrement the TTL. Unless you can physically do a wire trace from the machine to router to switch (what a tedious task), I think I would be safe in stating this is impossible if this devices do not decrement the TTL. TTL: Time-To-Live. Simply, this is the maximum number of hops the datagram can be forwarded through. Traceroute works by sending out an inital packet with a TTL of 1, and the first hop (if it's not the destination) replies back with an ICMP TTL-exceeded message, and traceroute(8) prints out the host from which it received the ICMP message for the previously sent datagram. In conclusion, unless the devices decrement the TTL and respond to exceeded TTL counters with ICMP TTL-exceeded messages, they are invisible under a traceroute. On Wed, 31 May 2000, Roelof Osinga wrote: > The Hermit Hacker wrote: > > > > ... > > myhost->switcha->porta-router->portb-router->switchb->remote host > > > > I only see the IPs for porta-router and remote host, but it misses > > everything in between ... > > They're probably ignoring ICMP requests. Operating in stealth mode > so to speak. > > Roelof > > -- +-----------------------------------------------------------------------+ | Omachonu Ogali oogali@intranova.net | | Intranova Networking Group http://www.intranova.net | | PGP Key ID: 0xBFE60839 | | PGP Fingerprint: 8 51 14 FD 2A 87 53 D1 E3 AA 12 12 01 93 BD 34 | +-----------------------------------------------------------------------+ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message