Gerhard,
i just wanted to say that you should keep in mind that there are different implementations for ping/traceroute. windows clients are using icmp packets while linux is using
Keep in mind that ICMP packets other than the request types aren't ever to be answered by an ICMP packet. A router sending ICMP_TIME_EXCEEDED for such an ICMP packet violates the standards (loops are the result).
udp packets on port 33434+ (afair). just by traceroute. ping uses under Linux also icmp.
AFAIK ping always uses ICMP. traceroute uses UDP (Ports cited above) by default but can be told to use ICMP, too. See "man 8 traceroute", Options "-p" and "-I", for more info.
And to make it security relevant, again (that's what we're here for after all): ping can act as a tunnel transporting data from and to the outside *if* you have a relay station inside your LAN. That's why admins sometimes decide to block pings and traceroutes and no user should feel any real loss about it.
This is right, but it's also a good advice _not_ to filter ICMP packets coming through the firewall into the internal network or at least to the hosts that can take advantage of ICMPs (notably mailservers or such). Without these control messages long timeouts or inefficient bandwidth usage is the result. Example: your MTA connects to a host that is filtered behind a firewall. If the filter doesn't send ICMPs, your MTA must wait until the first timeout occurs, until it will connect to the next MX. This slows down the whole process. Thanks, Roman. -- _ _ | Roman Drahtmüller "The best way to pay for a | CC University of Freiburg lovely moment is to enjoy it." | email: draht@uni-freiburg.de - Richard Bach | - -