User: Password:
|
|
Subscribe / Log in / New account

Tracing behind the firewall

Tracing behind the firewall

Posted Jan 20, 2007 11:47 UTC (Sat) by jengelh (subscriber, #33263)
In reply to: Tracing behind the firewall by jannic
Parent article: Tracing behind the firewall

...and it's not uncommon for really strange things to happen on the Internet wrt. TTLs. Check this:

$ traceroute -n 82.83.11.215
traceroute to 82.83.11.215 (82.83.11.215), 30 hops max, 40 byte packets
 1  134.76.22.1
 2  134.76.23.254
 3  188.1.46.213
 4  188.1.18.62
 5  188.1.145.126
 6  188.1.56.22
 7  145.254.16.17
 8  145.254.18.62
 9  145.254.11.226
10  82.83.11.215

$ ping -c1 {all_addresses} | grep ttl
64 bytes from 134.76.22.1:    icmp_seq=1 ttl=126 time=1.31 ms
64 bytes from 134.76.23.254:  icmp_seq=1 ttl=254 time=1.58 ms
64 bytes from 188.1.46.213:   icmp_seq=1 ttl=253 time=2.12 ms
64 bytes from 188.1.18.62:    icmp_seq=1 ttl=252 time=3.70 ms
64 bytes from 188.1.145.126:  icmp_seq=1 ttl=251 time=17.4 ms
64 bytes from 188.1.56.22:    icmp_seq=1 ttl=250 time=16.4 ms
64 bytes from 145.254.16.17:  icmp_seq=1 ttl=249 time=16.6 ms
64 bytes from 145.254.18.62:  icmp_seq=1 ttl=248 time=21.4 ms
64 bytes from 145.254.11.226: icmp_seq=1 ttl=247 time=21.8 ms
64 bytes from 82.83.11.215:   icmp_seq=1 ttl=56 time=27.0 ms

So I would not be wondering if someone advertently decreased or increased the TTL, leading to either be inadvertently blocked by your iptables rule (because some router just decreased it), or inadvertently being not blocked by your rule (some router increased it), respectively. (The route from me->82.83.11.215 was stable (the same) on repeated traceroute runs.)


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds