Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
0
Helpful
3
Replies

traceroute,tracert,icmp,

Go to solution
sarahr202
Level 5
Level 5

‎08-09-2009 10:01 AM - edited ‎03-06-2019 07:10 AM

Hi every body.

My book says traceroute on cisco router use udp while the equivalent on windows host is tracert which use icmp.

keeping the above facts in mind, please consider the following case.

h1--sw----R1----sw---- f0/1(R2)

R2:

int f0/1

ip access-group 111 in

access-list 111 deny icmp any any

===================================

R2 will drop any icmp packet that also means ping packets or tracert packet from h1, will be dropped as well. However the packets generated as a result of using tracroute on R1, will not be dropped as traceroute on cisco router use udp. In order to filter these packets, we must configue:

access-list 111 deny udp any any,

Is my understanding correct?

Thanks a lot.

Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Hitesh Vinzoda
Level 4
Level 4

‎08-09-2009 10:18 AM

Cisco IOS traceroute, like unix traceroute is a UDP-based system. It sends out packets destined to a high UDP port (33434 by default).

Microsoft tracert functions just like a ping. It sends out ICMP echo packets incrementing the TTL in the same fashion.

So depending on access-lists on routers between you and your destination, you may get very different results (and perhaps different paths) depending on which box you run the trace from.

Regards

Hitesh Vinzoda

View solution in original post

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-09-2009 12:14 PM

Sarah

"R2 will drop any icmp packet that also means ping packets or tracert packet from h1, will be dropped as well. However the packets generated as a result of using tracroute on R1, will not be dropped as traceroute on cisco router use udp. In order to filter these packets, we must configue:

access-list 111 deny udp any any,

Is my understanding correct?"

Correct although obviously "deny udp any any" will drop a lot of other things as well.

Jon

View solution in original post

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎08-09-2009 01:12 PM

Your understanding is correct. If you are looking for a deeper understanding on ping and traceroute from a Cisco IOS perspective other than your books, I found this URL very useful;

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Hitesh Vinzoda
Level 4
Level 4

‎08-09-2009 10:18 AM

Cisco IOS traceroute, like unix traceroute is a UDP-based system. It sends out packets destined to a high UDP port (33434 by default).

Microsoft tracert functions just like a ping. It sends out ICMP echo packets incrementing the TTL in the same fashion.

So depending on access-lists on routers between you and your destination, you may get very different results (and perhaps different paths) depending on which box you run the trace from.

Regards

Hitesh Vinzoda

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎08-09-2009 12:14 PM

Sarah

"R2 will drop any icmp packet that also means ping packets or tracert packet from h1, will be dropped as well. However the packets generated as a result of using tracroute on R1, will not be dropped as traceroute on cisco router use udp. In order to filter these packets, we must configue:

access-list 111 deny udp any any,

Is my understanding correct?"

Correct although obviously "deny udp any any" will drop a lot of other things as well.

Jon

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎08-09-2009 01:12 PM

Your understanding is correct. If you are looking for a deeper understanding on ping and traceroute from a Cisco IOS perspective other than your books, I found this URL very useful;

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card