Anders,
Your close - the TTL decreases. Traceroute sends
out a packet with an increasing TTL starting with 1.
When a router can no longer decrement the TTL, it
will send back an ICMP time-exceeded message.
IOW, when you traceroute, the system will figure
out the first hop by sending out a packet that
will have a TTL of 1 to the destination system.
The first router along the way will see that it can
no longer forward this packet becuase the TTL
will have expired(cannot decrement to 0). The
router will send back an ICMP time-exceeded
message, which your system records.
Then it proceeds to send another packet with a
TTL of 2. The first router will forward it and the next
hop will send back the ICMP time-exceeded.
This continues until it has reached the destination
system.
Robert
- -
Robert P. MacDonald, Network Engineer
Team Lead, e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Reed Mohn, Anders" <[EMAIL PROTECTED]> 11/29/00 2:09:40 PM >>>
>
>I've just upgraded to CP2000, and I since I was at it, I used the
>opportunity to
>clean up my rulebase a little.
>I threw out all the implied rules and set what was needed back up
>"manually".
>
>I thought I'd seen the answer to this on the list once, but I haven't been
>able to find it in the archives.
>Here's the question:
>
>In adding rules to allow ping / traceroute, I added a rule to allow incoming
>
>ICMP dest-unreachable, echo-reply and time-exceeded.
>
>Now why a time-exceeded message? This goes to how traceroute
>works, I suppose.
>I'm guessing that traceroute sends out packets with an increasing TTL,
>until an echo-reply from the destination comes back. Is this correct?
>
>Cheers,
>Anders RM :)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
