Hi Milan,

Its not clear to me!!! Please back with details.

As per my knowledge "traceroute" is also use ICMP request, which is blocked by ISP.

Thanks

Goutam

hi milan, he is right, traceroute will not work since icmp is blocked, so is there any other way ??

Hello,

When I saw your question I considered writing some code about a TCP-based traceroute. Then I thought this would probably have already been done and it seems so. You could try the Layer4 LFT traceroute. It is supposed to manage to get through some firewalls. Cannot try it now. I will try it later. Please tell us if this works for you.

http://www.askapache.com/tools/lft-traceroute-tool.html

http://pwhois.org/lft/

Kind Regards,

M.

Hi,

I don't know the exact solution. But I can suggest you to put an officially request to your ISP to allow the ICMP traffic for your Network IP range to maintain Network Infrastructures and also monitoring purpose. If it is P2P then ISP is not in picture, either if MPLS, FR then some time some ISP put ICMP traffic to lower priority.

Hope I am informative and best of luck.

Thanks

Goutam

***Use rating sys***

Hi Goutam,

what's blocked exactly?

a)A Ping to the router WAN interface?

b)Any ICMP traffic from the router WAN interface?

If only a), trace from a Cisco router might help (using UDP by Cisco implementation).

If b), you are in a real trouble.

One stupid question: Wouldn't be possible to use LAN interface as the tunnel end?

BR,

Milan

Hi Milan,

Let me share you something.

We are using some VSAT connection for our enterprise network. But at the beginning of the time of installation the ISP was not allowed any ICMP traffic to there network. As a result from our router we were not able to ping to our remote end. After putting a request to them, they allow that traffic with a very poor response to know the aliveness to the remote site.

Now if “a”, how can I trace the remote site weather it is alive or not? And “b” no idea.

Marikakis has suggested that link, which is useful, but is that possible if my ISP stop passing ICMP request through their network, how can I know that my remote site is alive by the help of CISCO IOS?

Any suggestion?

Thanks

Goutam

Hi Goutam,

as Kevin said, The ISP can hide his infrastructure for you by blocking TTL expired messages.

What devices do you have available if "the help of CISCO IOS" required?

Your routers behind the ISP ones?

The original question mentioned some GRE tunnels, is it your problem, too?

BR,

Milan

Traceroute behaves differently depending on the system you are tracing from. If you trace from a router, it is in fact a UDP packet, and you can even choose which port it uses. Here is some research I did on the subject:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Network%20Infrastructure&topic=WAN%2C%20Routing%20and%20Switching&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe961e

What you can find, however, is that the ISP may not send you "TTL expired" messages. That makes the trace less useful.

Kevin Dorrell

Luxembourg