Traceroute and random UDP ports
Jeff Aitken
jaitken at aitken.com
Wed Aug 13 13:13:29 UTC 2008
On Wed, Aug 13, 2008 at 07:56:53AM -0500, John Kristoff wrote:
> > Also, why do we increase the UDP port number with each subsequent
> > traceroute packet that is sent?
>
> I don't know definitively, but I have an of educated guess
>From /usr/src/contrib/traceroute/traceroute.c:
/*
* Notes
* -----
* [...]
* The udp port usage may appear bizarre (well, ok, it is bizarre).
* The problem is that an icmp message only contains 8 bytes of
* data from the original datagram. 8 bytes is the size of a udp
* header so, if we want to associate replies with the original
* datagram, the necessary information must be encoded into the
* udp header (the ip id could be used but there's no way to
* interlock with the kernel's assignment of ip id's and, anyway,
* it would have taken a lot more kernel hacking to allow this
* code to set the ip id). So, to allow two or more users to
* use traceroute simultaneously, we use this task's pid as the
* source port (the high bit is set to move the port number out
* of the "likely" range). To keep track of which probe is being
* replied to (so times and/or hop counts don't get confused by a
* reply that was delayed in transit), we increment the destination
* port number before each probe.
* [...]
* -- Van Jacobson (van at ee.lbl.gov)
* Tue Dec 20 03:50:13 PST 1988
*/
--Jeff
More information about the NANOG
mailing list