On Thu, 5 Jul 2001, Philip S Tellis wrote:
I always thought that traceroute uses a time-exceeded icmp packet to find routes, but my ipchains logs shows that it is actually trying to connect on various udp ports around 33440 (above and below)
traceroute does uses time-excedded icmp packets. ttl (time to live which is actually number of hops) field in IP header is increased each time you receive an icmp time-exceeded error. traceroute uses udp which is transport layer protocol. so you need to specify the port number also. now consider a situation where your packet has reached the destination and there is a proceess which has bind to this port number. then no icmp error will be generated. and our program wont be intimated by a port unreachable icmp packet which actually means that we found the intended machine. to avoid this situation traceroute always sends more than one packets for each ttl with different port numbers. these port numbers are chosen such that it is assumed that no proccess will accept packets send to these port numbers.
linux starts at 33438 solaris starts at 33435
so these port numbers are implementation specific.
hope i am clear enough
bye aseem