On Sun, May 19, 2024 at 5:43 PM Shlomo Solomon <shlomo.solo...@gmail.com> wrote:
> I teach computer networking and the latest assignment I gave my > students was to use Python and Scapy to emmulate traceroute. The code > is simple: > - send an ICMP packet with TTL = 1 which will fail but return the > first hop address > - continue sending ICMP packets - each time increasing the TTL to get > the next hop > - if the ICMP reply is NOT an error, we have arrived. > > That's not what traceroute does, at least not the one that ships with my Linux: # traceroute --version Modern traceroute for Linux, version 2.1.5 Copyright (c) 2016 Dmitry Butskoy, License: GPL v2 or any later My Traceroute sends _UDP_ packets to the target to random ports (unless -p is used), not ICMP. That can easily be seen by running 'tcpdump -ni any host <target IP>' before running Traceroute. Or by reading 'man traceroute'. My Traceroute also supports sending ICMP packets (with -I or --icmp) which, to my understanding, is what your Python script does (based on your own words). And it also supports sending TCP probes, (with -T or --tcp) Do not confuse the probing packets (the packet with the ever-increasing TTL value) with the ICMP Echo (a.k.a. "ping") done later to measure roundtrip - they serve two different purposes - one to find the route (by causing the targets on the path to return an ICMP error that the TTL has expired), and the other to find the latency to each router on the path (as returned in the ICMP error). Any router/firewall on the path may choose to behave differently to packets with expiring TTLs based on protocol, port number, etc. Hope this helps, -- Shimi
_______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-le...@cs.huji.ac.il