Security Basics mailing list archives

RE: traceroute-like tool for UDP or TCP packet

From: "David Gillett" <gillettdavid () fhda edu>
Date: Mon, 25 Aug 2003 09:03:14 -0700

-----Original Message-----
From: Meidinger Chris [mailto:chris.meidinger () badenit de]

To clear the last bit up:

there is no UDP echo-request packet except (and this is a 
stretch) against the echo small server which is rarely running.


  My bad.  It exists, but UDP-based traceroute doesn't use it.

Linux traceroute sends UDP packets against high ports above 
33000 and counts the ICMP Host-Unreachables then pings 
(Echo-Request) at the end to confirm the ICMP Port-Unreachable.


  I seem to recall that the actual formula for the port number 
is something very like:

  32768 + 666 + (1, 2, 3, 4, ...)

David Gillett


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------

Current thread:

RE: traceroute-like tool for UDP or TCP packet Brian Austin (Aug 21)
- Re: traceroute-like tool for UDP or TCP packet James Fields (Aug 22)
- <Possible follow-ups>
- RE: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)
- RE: traceroute-like tool for UDP or TCP packet Meidinger Chris (Aug 22)
  - RE: traceroute-like tool for UDP or TCP packet David Gillett (Aug 25)
- Re: traceroute-like tool for UDP or TCP packet K sPecial (Aug 22)