Traceroute and random UDP ports

Jeff Aitken jaitken at
Wed Aug 13 08:13:29 CDT 2008

On Wed, Aug 13, 2008 at 07:56:53AM -0500, John Kristoff wrote:
> > Also, why do we increase the UDP port number with each subsequent
> > traceroute packet that is sent?
> I don't know definitively, but I have an of educated guess 

>From /usr/src/contrib/traceroute/traceroute.c:

 * Notes
 * -----
 * [...]
 * The udp port usage may appear bizarre (well, ok, it is bizarre).
 * The problem is that an icmp message only contains 8 bytes of
 * data from the original datagram.  8 bytes is the size of a udp
 * header so, if we want to associate replies with the original
 * datagram, the necessary information must be encoded into the
 * udp header (the ip id could be used but there's no way to
 * interlock with the kernel's assignment of ip id's and, anyway,
 * it would have taken a lot more kernel hacking to allow this
 * code to set the ip id).  So, to allow two or more users to
 * use traceroute simultaneously, we use this task's pid as the
 * source port (the high bit is set to move the port number out
 * of the "likely" range).  To keep track of which probe is being
 * replied to (so times and/or hop counts don't get confused by a
 * reply that was delayed in transit), we increment the destination
 * port number before each probe.
 * [...]
 *  -- Van Jacobson (van at
 *     Tue Dec 20 03:50:13 PST 1988


More information about the NANOG mailing list