On Fri, Feb 24, 2012 at 3:07 PM, ed ziots <[email protected]> wrote: > Sometimes I use tcptraceroute, or tracetcp to look at routes using tcp > rather than ICMP which as ASB said below are usually blocked at the ISP. ( > Usually going through a router interface or firewall)
It's worth noting that if ICMP is completely blocked traceroute won't work at all, as traceroute depends intermediate routers sending ICMP "Time Expired" messages back. But completely blocking ICMP is less common than some other scenarios. Some routers don't generate "Time Expired" messages in response to ICMP packets with an expired TTL, but will report TCP or UDP packets. This makes Microsoft's decision to use ICMP "Echo Request" in their traceroute implementation especially perplexing. Almost all other traceroute implementations will work for these routers. Some routers don't generate "Time Expired" messages at all. However, if other routers on the path do, traceroute will still find them, and only show that one hop with asterisks. As an aside: If *all* ICMP traffic is blocked, then path MTU discovery will be broken; this will cause the path to perform sub-optimally. An ISP which is blocking all ICMP traffic should be considered broken. Alas, there are many broken ISPs. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
