Traceroute sends a series of packets with the same destination
address, gradually increasing the TTL, and watches for "TTL expired"
responses from routers. But it will only wait so long for a response
before sending the next probe, so it needs some way to distinguish a
response to the current probe from a delayed response to one of the
previous probes.
So port-based traceroute sends the first probe to port
~32768+666+1, the second to ~32768+666+2, the third to +3, and so on.
The ~ is because I'm not positive whether n starts at 0 or 1, and
whether the base starts at 32768 or 32767. Since there might be 90
probes in a fairly common traceroute (and you might see half or more
of those, depending on where you're sniffing the traffic), getting
the start of the range off by 1 or 2 is probably not critical.
David Gillett
On 12 Jun 2001, at 9:38, Steve Smith wrote:
> Can you please explain the 32768+666+n? I have never seen this before.
> How does it work?
>
> Thanks in advance,
> Steve
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, June 12, 2001 3:03 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Traceroute Port
>
>
> There are a couple of different ways to implement traceroute, and
> some may use IP protocols such as ICMP that do not use port numbers.
>
> However, the ones that *do* use, as I recall, 32768+666+n, where n
> gets incremented as necessary. So if you're watching a traceroute go
> by, you're likely to be seeing port numbers of about 33300 or so.
>
> David Gillett
>
>
> On 11 Jun 2001, at 22:12, Joshua Miller wrote:
>
> > Hello all,
> >
> > Does anybody know what port or ports a traceroute uses?
> >
> > Thanks.
> >
> > Josh Miller
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
