Extreme Slowness

Michael.Dillon at btradianz.com Michael.Dillon at btradianz.com
Fri Oct 27 10:13:57 UTC 2006

> Which begs the same question I've asked in the recent past: then
> what *is* a good diagnostic tool?  If ICMP "is not the best way to
> test", then what is?  What other globally-implemented layer 3 or
> below protocols do we have available for troubleshooting?
> Sure, UDP-based traceroute still relies on ICMP TTL exceeded
> responses to work.  I've no idea what TCP traceroute relies on,
> as I haven't looked at it.

I love it when people answer their own questions
and tell us that they are lazy, to boot.

For the record, TCP traceroute and similar TCP based
tools rely on the fact that if you send a TCP SYN 
packet to a host it will respond with either a
TCP RST (if the port is NOT listening) or a TCP
SYN/ACK. The round trip time of this provides useful
information which is unaffected by any ICMP chicanery
on the part of routers or firewalls. A polite application
such as TCP traceroute will reply to the SYN/ACK with
an RST packet so it is reasonably safe to use this tool
with live services.

Of course, even TCP packets can be blocked or dropped
for various reasons so this is not a 100% solution.
However, if you want to avoid ICMP filtering or low
precedence, then TCP traceroute will help.

--Michael Dillon

More information about the NANOG mailing list