Re: Regarding Ping and Traceroute

From: Felix Nkansah (felixnkansah@gmail.com)
Date: Fri Aug 29 2008 - 20:00:44 ART

• Next message: Paul Alexander: "Re: ccie payment information"
• Previous message: NSN - CO/Santa Fe de Bogota: "RE: ccie payment information"
• Maybe in reply to: Raghav Bhargava: "Regarding Ping and Traceroute"
• Next in thread: Shahid Ansari: "Re: Regarding Ping and Traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Raghav,

Maybe the packets traverse a firewall that allows ICMP 'echo reply' return
packets back and not the other types of ICMP.

I would suggest you configure the firewall to manually allow ICMP 'port
unreachable' and ICMP 'time-exceeded' to traverse it inbounds from the
outside.

If you read more on the operation of the commonest type of traceroute, you
would appreciate why even your stateful firewalls are unable to
automatically permit return traffic for these ICMP types by default.

Regards,

Felix

Blogs and organic groups at http://www.ccie.net

• Next message: Paul Alexander: "Re: ccie payment information"
• Previous message: NSN - CO/Santa Fe de Bogota: "RE: ccie payment information"
• Maybe in reply to: Raghav Bhargava: "Regarding Ping and Traceroute"
• Next in thread: Shahid Ansari: "Re: Regarding Ping and Traceroute"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Sep 01 2008 - 08:15:33 ART