Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Ping & traceroute

In firewalls or in routers, if we ping is blocked using icmp..which disallows ping responses.

But doesnt traceroute use icmp as well,so shouldnt blocking icmp disallow traceroute also or is it blocked by using ports above 64000 range?

In a case, trace to a particular ip drops after certain hops (due to firewalls in those hops), but if we ping to that ip , response is received.How is that possible?

Thanks.

1 REPLY

Re: Ping & traceroute

Sunny,

Ping and Traceroute are not State-full. Well, You may inspect Ping. But traceroute is another story. Windows uses ICMP echoes by default. Linux OS's use UDP by default. Cisco IOS use UDP.

So you may receive the traceroute packets replied by the devices as ttl-exceed ,port-unreachable or echo-reply.

That's why you always get "*" when doing tracceroute via firewall. You have to allow things.

HTH,

Toshi

248
Views
0
Helpful
1
Replies
CreatePlease login to create content