HPE Community
Operating System - HP-UX
1820227 Members
3494 Online
109620 Solutions
New Discussion юеВ

Re: Traceroute Problem

 
Ramu Bodathula
Occasional Advisor

тАО03-04-2002 09:39 PM

тАО03-04-2002 09:39 PM

Traceroute Problem

Hi!,

traceroute a.b.c.d fails but ping a.b.c.d works fine. why is that ?

Regards
Ramu
0 Kudos
Reply
12 REPLIES 12
Steven Sim Kok Leong
Honored Contributor

тАО03-04-2002 09:57 PM

тАО03-04-2002 09:57 PM

Re: Traceroute Problem

Hi,

Alike most Unixes, HP-UX uses UDP packets (to connect to high UDP ports in the range of 33000+ so as to acquire port-unreachable return messages) to perform the traceroute. It does not use ICMP echo requests which is what is used by Windows. The underlying formula is the same, that is using TTLs to identify routes.

This explains why your ping (which uses ICMP echo requests and returning replies) works but traceroute (which uses UDP in Unix) didn't work. It can be caused by an intermediate filter, either a network-based firewall or host-based firewall which is filtering off connection attempts to UDP high-ports on the destination server.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
S.K. Chan
Honored Contributor

тАО03-04-2002 10:06 PM

тАО03-04-2002 10:06 PM

Re: Traceroute Problem

They are not quite the same. Traceroute uses UDP and ping uses ICMP.
0 Kudos
Reply
Mark van Hassel
Respected Contributor

тАО03-05-2002 02:43 AM

тАО03-05-2002 02:43 AM

Re: Traceroute Problem

Hi,

You could use ping -o.
This inserts an IP record route option in the outgoing packets and provides info about the route taken.

HtH,

Mark
The surest sign that life exists elsewhere in the universe is that none of it has tried to contact us
0 Kudos
Reply
Ramu Bodathula
Occasional Advisor

тАО03-06-2002 10:24 AM

тАО03-06-2002 10:24 AM

Re: Traceroute Problem

traceroute works for other machines. So, there should not be any problem with the filter. It fails for one particular machine on the same net as the other machines ( for which the traceroute succeeds. )
The ping -o works fine.

Any Idea.

Regards
Ramu
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО03-06-2002 10:44 AM

тАО03-06-2002 10:44 AM

Re: Traceroute Problem

What happens when you traceroute from a.b.c.d BACK to this system?

Also be advised that firewalls can be configured to filter all the way down to single IPs.

Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО03-06-2002 10:51 AM

тАО03-06-2002 10:51 AM

Re: Traceroute Problem

Further questions:

Does it make ANY hops at all?

If so what is the last good hop?

Do an nslookup of the last good hop IP - if it's a firewall then UDP is being blocked I would suspect.

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Ramu Bodathula
Occasional Advisor

тАО03-06-2002 11:02 AM

тАО03-06-2002 11:02 AM

Re: Traceroute Problem

I cannot do a "traceroute" from the target machine (a.b.c.d ) because, it doesnot have that utility. But it does have a tcp/ip stack. So ping from the a.b.c.d to the u.v.w.x ( u.v.w.x is the machine from where i issue traceroute a.b.c.d ) works fine.

The last hop on the traceroute is a router. But when i do a traceroute to a machine a1.b1.c1.d1, which is on the same subnet as a.b.c.d, the traceroute works fine.
Why is that ?
0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО03-06-2002 03:25 PM

тАО03-06-2002 03:25 PM

Re: Traceroute Problem

It's pretty easy to tell a router not to send back ttl expired messages. It's also easy to filter out all icmp but echo and echo reply. Done a lot of times for security reasons.

What kind of router is it?

Ron

0 Kudos
Reply
Eric Ladner
Trusted Contributor

тАО03-06-2002 06:23 PM

тАО03-06-2002 06:23 PM

Re: Traceroute Problem

It may be that the system is configured to not respond to those type of ICMP requests.

See the ndd command.
0 Kudos
Reply
Ramu Bodathula
Occasional Advisor

тАО03-07-2002 09:54 AM

тАО03-07-2002 09:54 AM

Re: Traceroute Problem

Hi,

The router is Cisco 4000 series.

Does traceroute use UPD or ICMP ?

Regards
Ramu

0 Kudos
Reply
Ron Kinner
Honored Contributor

тАО03-07-2002 01:06 PM

тАО03-07-2002 01:06 PM

Re: Traceroute Problem

If you can log onto the router you can:

sh ip int b

which will tell you which interface is connected to a.b.c.d as well as which interface replied to your traceroute.

now do
sh run
and look for the a.b.c.x interface. See if you see something like

ip access-group x in (or out).

If you do, go down in the sh run until you see:

access-list x ...

see if any of these block UDP or ICMP.

If you want to copy them and post them here or send them too me at rkinner@att.net I'll be glad to look at them.

While you are on the router, try:

trace a.b.c.d

and see if it works from there. Cisco uses a UDP packet to port 33434.

Of course if the device we are trying to trace is actually listening on port 33434 then the trace will fail since it won't send back the message that trace expects.

If a.b.c.d supports netstat try netstat -a and see what ports it is listening on.

Ron
0 Kudos
Reply
Steven Sim Kok Leong
Honored Contributor

тАО03-08-2002 05:53 PM

тАО03-08-2002 05:53 PM

Re: Traceroute Problem

Hi,

Traceroute on Unixes use UDP requests and TTL expiration to receive ICMP time-exceeded messages. Simplistic representation:

Src - UDP -> Destn
Src <- ICMP time-exceeded - Intermediate hop

Traceroute on Windows use ICMP echo requests and TTL expiration to receive ICMP time-exceeded messages. Simplistic representation:

Src - ICMP echo -> Destn
Src <- ICMP time-exceeded - Intermediate hop

Both utilises the TTL field in IP packets to work, incrementing the TTL count each time until the destination is reached.

Hope this helps. Regards.

Steven Sim Kok Leong
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.