ok, its my mistake when i said first step, but we have 2 confrontations here. in traceroute ttl=1 is only for the first packet (thats what i said about the first step) icmp info throws code 11 , thats why i assumed this was an traceroute. but like you said, traceroutes uses icmp or icmp and udp like unix does. ICMP src and dst addresses are the ones that change at each hop, but the addresses (at ip) involved in the udp packets are always the same. (apparently this not happen here) Ive been reading about magic number, but its not related at all. so , i dont know what it is. On Fri, 2004-02-27 at 15:22, Cedric Blancher wrote: > Le ven 27/02/2004 Ã 19:10, Alexis a Ãcrit : > > at first sight its the first step of a traceroute > > I don't think so. > When you traceroute, your first step is your default gateway that sends > you ICMP TTL exceeded back with an IP within your network. We can see : > > > SRC=216.200.115.66 > > DST=80.5.144.39 > > As they do not belong to the same network, it's not the first step, but > can be a further one. > > Moreover, usual traceroute tools uses ICMP echo (Windows) or UDP (Unix) > probes. We have TCP here. BTW, TCP is damn cool to traceroute when you > target a host with a known opened port (e.g. www.microsoft.com) :))) -- Tus problemas no se pueden resolver en el mismo nivel mental que tenÃas cuando los creaste. Albert Einstein
