Mh... The original IP Header + 64 bits of data is included in the ICMP Time Exceeded Message... If we assume that our address is a.a.a.a and target is t.t.t.t then the IP header in all ICMP Time Exceeded Message should read: from a.a.a.a to t.t.t.t, but... if there is some proxy inside whose internal address is b.b.b.b the IP header would change and any device between b.b.b.b and t.t.t.t where the packet expires would include and IP header inside the ICMP Time Exceeded Message reading: from b.b.b.b to t.t.t.t, wouldn't it? Now, assuming this proxy has an external IP address of e.e.e.e (which a.a.a.a can see) and somehow, this proxy just redirects traffic for a certain port to t.t.t.t on the internal network, in theory, you would receive ICMP Type 11 : [IP from e.e.e.e to a.a.a.a]....[ IP inside ICMP protocol: from a.a.a.a to e.e.e.e?] if expiring before and on the proxy... and you might receive: [IP from e.e.e.e to a.a.a.a]....[ IP inside ICMP protocol: from b.b.b.b to t.t.t.t?] if expiring after the proxy (on the internal network.) I haven't actually tried this but looks like it would work for mapping an internal network behind a proxy under some circumstances (using a sniffer at least). But regarding the question being posted, I would have another question... Do any traceroute implementation favours IP header inside the ICMP type 11 protocol over the IP header of the packet itself under some circumstances? Omar Herrera > Hi all, > > While trying to do traceroute on one of the server i get > the following reply: > > $traceroute a.b.c.d > 1 192.168.0.254 (192.168.0.254) 0.442 ms 0.397 ms > 0.358 ms > 2 62.150.42.1 (62.150.42.1) 1.951 ms 1.315 ms 1.249 > ms > 3 172.17.8.149 (172.17.8.149) 43.577 ms 23.481 ms > 17.653 ms > 4 border.qualitynet.net (195.226.227.1) 19.935 ms > 20.902 ms 21.896 ms > 5 isp.qualitynet.net (195.226.227.10) 19.928 ms 23.302 > ms 21.839 ms > 6 192.168.226.38 (192.168.226.38) 71.321 ms 282.457 ms > * > My Question is why I am getting 192.168.226.38 non-route > able address output in traceroute reply? As far as i think > these private address space is not route able on the > internet. > Any sugestions? > > Vineet > > > [Attachment: signature.asc] <b> -------------------------------------------------------------- Costs are climbing and complaints are rising as SPAM overloads your e-mail servers and Inboxes SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. http://www.securityfocus.com/SurfControl-pen-test2 Download a free trial and see just what's going in and out of your organization. -------------------------------------------------------------- </b>
This archive was generated by hypermail 2b30 : Tue Apr 08 2003 - 08:38:03 PDT