4or6.con question

Alexandru Suciu asuciu at arista.com
Thu Mar 16 13:37:52 UTC 2017

If its a linux box and most likely it is....and depending on the number of
hops from 4or6.com to your target machine it is possible that the probes
reach you with higher port number the the ones you allowed.

For example this is what I get when I trace to google which is 10 hops
away. Probes that make it to are 33462 and higher:

13:31:51.822851 IP > ICMP udp port 33462
unreachable, length 68
13:31:51.822914 IP > ICMP udp port 33461
unreachable, length 68
13:31:51.825698 IP > ICMP udp port 33472
unreachable, length 68
13:31:51.828361 IP > ICMP udp port 33473
unreachable, length 68
13:31:51.828375 IP > ICMP udp port 33474
unreachable, length 68

Try and allow allow ports till 40k for the duration of the test and see if
there is any change.
Also might be worth to try a ICMP test, get the source IP and then permit
all traffic for that IP and check if tht helps.

Are you behind NAT? Maybe the probes stop at the router that is doing the
Lastly, does the traceroute make it anywhere near you, like the subnet your
public IP is in? Does it fail on the last hop(your machine) or does it fail
somewhere in the middle?

On Wed, Mar 15, 2017 at 3:25 PM, jimmy keffer <horsezip at earthlink.net>

> does anyone know what ports 4or6.com uses for udp traceroute its failing
> on my windows firewall i opened 33434-33464 udp but no help i goggled
> but can't find
> jimmy



Software Driven Cloud Networking

Alexandru Suciu
Technical Solutions Engineer - EMEA
e. asuciu at arista.com
m.  +1 866-476-0000
*www.arista.com* <http://www.arista.com/>


More information about the NANOG mailing list