[plug] Re: Willing to sell your Wizard box?

Luke Dudney ldlist at westnet.com.au
Tue Aug 24 17:16:16 WST 2004 

Craig Ringer wrote:

>On Tue, 2004-08-24 at 16:33, Ben Jensz wrote:
>  
>
>>A trace stops at "p-nya.swiftel.com.au [202.154.95.2]", everything after 
>>that times out.
>>    
>>
>
>Me too. I'm working on the assumption that something is blocking ICMP.
>  
>

Quick plug (pun intended) for a very useful tool I use almost every day, 
hping2. This tool lets you craft arbitrary TCP/IP packets and has a 
number of different modes of operation. One I use frequently is similar 
to classic ICMP / UDP traceroute but with any protocol on any port with 
any flags set.

So for example, to do a traceroute with TCP port 80 and SYN set (first 
packet of a normal web request):
[16:59:03]luke at usajii:~$ sudo /usr/local/sbin/hping --traceroute -I tun0 
-S -p 80 www.e3.com.au
HPING www.e3.com.au (tun0 218.214.15.167): S set, 40 headers + 0 data bytes
hop=1 TTL 0 during transit from ip=202.72.191.98 
name=lns2.perth.westnet.com.au
hop=1 hoprtt=33.2 ms
hop=2 TTL 0 during transit from ip=202.72.191.102 
name=gi0-1-9.perth.westnet.com.au
hop=2 hoprtt=20.5 ms
hop=3 TTL 0 during transit from ip=198.32.212.44 name=swiftel.ix.waia.asn.au
hop=3 hoprtt=26.7 ms
hop=4 TTL 0 during transit from ip=202.154.95.2 name=p-nya.swiftel.com.au
hop=4 hoprtt=21.7 ms
len=44 ip=218.214.15.167 flags=SA seq=4 ttl=60 id=0 win=5840 rtt=30.8 ms
len=44 ip=218.214.15.167 flags=SA seq=5 ttl=60 id=0 win=5840 rtt=33.9 ms
len=44 ip=218.214.15.167 flags=SA seq=6 ttl=60 id=0 win=5840 rtt=37.1 ms
len=44 ip=218.214.15.167 flags=SA seq=7 ttl=60 id=0 win=5840 rtt=32.8 ms
len=44 ip=218.214.15.167 flags=SA seq=8 ttl=60 id=0 win=5840 rtt=29.7 ms

Shows the packet get to their destination.

Doing the same thing but with ICMP type 8 code 0 (echo request, or 'doze 
traceroute):
[17:05:23]luke at usajii:~$ sudo /usr/local/sbin/hping --traceroute --icmp 
--icmptype 8 -I tun0 www.e3.com.au
HPING www.e3.com.au (tun0 218.214.15.167): icmp mode set, 28 headers + 0 
data bytes
hop=1 TTL 0 during transit from ip=202.72.191.98 
name=lns2.perth.westnet.com.au
hop=1 hoprtt=34.9 ms
hop=2 TTL 0 during transit from ip=202.72.191.102 
name=gi0-1-9.perth.westnet.com.au
hop=2 hoprtt=34.8 ms
hop=3 TTL 0 during transit from ip=198.32.212.44 name=swiftel.ix.waia.asn.au
hop=3 hoprtt=21.6 ms
hop=4 TTL 0 during transit from ip=202.154.95.2 name=p-nya.swiftel.com.au
hop=4 hoprtt=23.0 ms

Shows these packets being blocked apparently by the destination host. 
This tool is very useful in weird situations like this to help 
illustrate what's going on.

Cheers
Luke

More information about the plug mailing list