Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

traceroute - udp v icmp

I've noticed that traceroute(using udp) will often times trace out so far then die....

However tossing the -I option(under most unicies) will almost always give both quicker traces and ones that actually terminate at the desired host, instead of trailing off with '*' indicating that router does not support icmp time extends or is blocking the udp ports for traceroute.

I'm not understanding the pros and cons of each traceroute method. Also why do two methods exist? What can a udp traceroute do(or can't do) that gave rise to icmp based traces..

  • Other Network Infrastructure Subjects

Re: traceroute - udp v icmp

The Microsoft traceroute command uses ICMP and the Cisco/UNIX traceroute command uses UDP (icmp unreachable will be returned though).

Here is a good link explaining:

Here is a good link on how to allow it through your firewall:

I don't think one method is necessarily better than another, just different implementaions. You have to know both for your firewalling.

Although if I had to argue one against the other I would say UDP is better:

1) ICMP will be filtered more often than UDP by acls and firewalls and rate-limiting

2) due to the security risks ICMP pose.

Hope it helps.