[H-GEN] traceroute results query

Martin Pool mbp at linuxcare.com.au
Tue Oct 24 07:10:38 EDT 2000 

On 24 Oct 2000, Martin Pool <mbp at linuxcare.com.au> wrote:
> On 24 Oct 2000, Darrin Mison <staeci at yahoo.com> wrote:
> > what do the !X 's mean?  I have no idea
> > 
> > 9  Fddi0-0.civ-core1.Canberra.telstra.net (139.130.235.226)  39.353 ms  27.636 ms  52.583 ms
> > 10  * Fddi0-0.civ-core1.Canberra.telstra.net (139.130.235.226)  96.773 ms !X *
> > 11  * Fddi0-0.civ-core1.Canberra.telstra.net (139.130.235.226)  125.702 ms !X *
> > 12  Fddi0-0.civ-core1.Canberra.telstra.net (139.130.235.226)  170.261 ms !X *  48.286 ms !X

Muses: ``What does X mean?'' can always be interpreted at so many
different levels.

I think the reason *why* traceroute is saying

>        !X  (communication administratively prohibited)

is that when it sent a packet towards the destination with a
hops-to-live of 10 (or whatever), it got in result an ICMP ERROR
packet, with ICMP TYPE

  #define	ICMP_UNREACH		3		/* dest unreachable, codes: */

and ICMP CODE

  #define	ICMP_UNREACH_FILTER_PROHIB      13	/* admin prohib */

which means the router mentioned is configured not to allow the packet
through.  As you can see in the fine manual, traceroute was expecting
an ICMP TIME_EXCEEDED to tell it that the packet got partway there.

Van Jacobson traceroute (the manpage will also tell you :-) traces the
route by sending UDP packets destined to a high-numbered port.  So,
the router's probably saying "you have no business sending UDP there",
and thus sending this rejection.

You could alternatively try -I to send ICMP ECHO rather than UDP,
though the routers might well block this too.

For more fun & education, you could try running a tcpdump at the same
time as the traceroute and see them for yourself.

-- 
Martin Pool, Linuxcare, Inc.
+61 2 6262 8990
mbp at linuxcare.com, http://www.linuxcare.com/
Linuxcare. Support for the revolution.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://lists.humbug.org.au/pipermail/general/attachments/20001024/2a91ba43/attachment.sig>

More information about the General mailing list