Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
387
Views
0
Helpful
1
Replies

Ping & traceroute

suthomas1
Level 6
Level 6

‎04-14-2009 05:38 AM - edited ‎03-06-2019 05:09 AM

In firewalls or in routers, if we ping is blocked using icmp..which disallows ping responses.

But doesnt traceroute use icmp as well,so shouldnt blocking icmp disallow traceroute also or is it blocked by using ports above 64000 range?

In a case, trace to a particular ip drops after certain hops (due to firewalls in those hops), but if we ping to that ip , response is received.How is that possible?

Thanks.

Labels:
0 Helpful
1 Reply 1

Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎04-14-2009 05:53 AM

Sunny,

Ping and Traceroute are not State-full. Well, You may inspect Ping. But traceroute is another story. Windows uses ICMP echoes by default. Linux OS's use UDP by default. Cisco IOS use UDP.

So you may receive the traceroute packets replied by the devices as ttl-exceed ,port-unreachable or echo-reply.

That's why you always get "*" when doing tracceroute via firewall. You have to allow things.

HTH,

Toshi

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card