On May 7, 2005, at 11:18 AM, Peter wrote:

> the specific part of icmp that allows traceroute to work is ping/echo

No.  By default traceroute uses a UDP datagram.  It's sent with a 
time-to-live
of one hop, and the router that discards it because of TTL expired 
sends back
an ICMP "time exceeded" message.  Then it sends another datagram with 
the TTL
set to 2, and the packet should get one hop further on before a router 
discards
it.  When you've finally set the TTL high enough to reach the final 
destination,
the host will probably respond with a "port unknown" ICMP unreachable 
message.
The actual contents of the UDP part of the packet are irrelevant; 
they're
discarded at the IP level.  You CAN use a ping packet, but it's not 
necessary.

For this to work correctly, you need:

1) routers along the path must be configured to generate the time 
exceed message.
2) routers along the path much be configured to pass time exceeded 
message back
    to the original source.
3) the final host should generate the port unreachable message.
4) the routers on the path must pass back the port unreachable message.

A router, by definition, is something that decrements and obeys the TTL 
field
in the IP header.  Switches should not appear in a traceroute, unless 
they're
behaving like routers (the line gets blurry.)

When traceroute was first invented, it worked almost all the time.  
With increased
concerns about security and performance (generating a time expired 
message is
very expensive for a core router handling millions of pps), it's pretty 
uncommon
to get a complete route these days...

BillW
-- 
http://www.piclist.com PIC/SX FAQ & list archive
View/change your membership options at
http://mailman.mit.edu/mailman/listinfo/piclist