[c-nsp] Port Traceroute utility?
bill fumerola
billf at mu.org
Tue Nov 6 14:45:17 EST 2007
On Tue, Nov 06, 2007 at 02:30:10PM -0500, Aaron Daubman wrote:
> > This is going to sound weird, but I am looking for a utility that will
> > let me tracroute on a specific port to see if and where a port is
> > being blocked on a network...
>
> Check out the man page for traceroute:
> http://developer.apple.com/documentation/Darwin/Reference/Manpages/man8/traceroute.8.html
>
> Depending on your OS/version, the flags may differ, however, in
> general, you should be able to accomplish this using traceroute by:
>
> 1) setting firewall compatibility mode / dont-increment-port-number mode
> 2) Set the protocol to TCP or UDP as necessary (usually -P)
> 3) Set the port number to use (usually -p)
setting the port number to an open port won't generate the ICMP PORT
UNREACH that traceroute is expecting to see. discerning a lack of PORT
UNREACH from a dropped packet (routing, policy, sunspots..) can be
difficult depending on how much of the path you have further visibility
into.
-- bill
More information about the cisco-nsp
mailing list