Tech Info on Ping and Traceroute
Traceroute is historically, and in accordance with internet standards,
correctly implemented by sending UDP packets to unused, high number port
numbers (typically starting at port 33434 with the port number incrementing once per hop usually),
and changing the packet Time To Live value (TTL). The
result is a series of ICMP TTL Exceeded packets being sent back from the
intermediate nodes (routers and what have you). When the TTL is set
high enough, the ICMP TTL Exceeded responses change to ICMP Port Unreachable
the expected reply once the distant node is reached,
meaning that there is no process listening to that port. It is the
change in reply as a result of the decrementing TTL that traceroute uses to determine the number of hops
in the path.
The really neat thing about traceroute is that it reveals the IP addresses
of the intermediate hops taken by a packet. It is able to do this because the
ICMP TTL Exceeded responses come from the router that decremented the TTL to
zero, using the IP address of the router, not the destination IP.
Microsoft chose to implement ping and traceroute differently, i.e. in a
way that does not conform to Internet Standards (surprise, surprise!).
M$ decided (without consulting any standards body) to write their network
utilities to use ICMP Echo Request (ping) type packets.
We block ICMP Echo Request packets at our border routers to protect our
customers who should have turned Directed Broadcast off at all their
router interfaces, but for one reason or another, have not done so.
Currently it is 
on 
in Austin Texas.
Since August 30, 2000 there have been
hits to this page.
Last update: 2000-August 28