Just moozing

Before you can check your notes, you must make them…

UDP traceroute

leave a comment »

I had some odd traffic in a packet trace, and it turned out to be UDP traceroute. I had never noticed that before.

While working my way through a pcap file, there were failed UDP access to ports 33434, 33435 and 33436.

It looked like this
udptracerouteA quick search on the port numbers, yielded that is was a UNIX-style traceroute. The tracerouting I usually see, is ping requests with increasing TTLs. Using UDP instead of ICMP works also.

Reading the packages, I conclude that one of the routers did not send an ICMP TTL exceed packages, and might be silently dropping them.

Another thing I notice – blacked out in the screen shot – is that the tracerouting ends with the first public IP address. The device must be using that internally somewhere.

Advertisements

Written by moozing

August 18, 2015 at 12:00

Posted in Tech

Tagged with , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: