now here is a little piece of information helpful to all aspiring sys admins n hackers....
Difference b/w traceroute from Linux and Windows
TRACEROUTE DIFFERENCE BETWEEN UNIX AND WINDOWS
Friday, July 04, 2008
The difference is that Unix/Linux `traceroute` uses UDP (User Datagram Protocol) packets to a random high port number, while Microsoft Windows uses ICMP (Internet Control Message Protocol) packets.
This difference is critical when trying to understand why trace route sometimes fails. The firewall rule sets and the router Access Control Lists (ACL’s) between you and the destination must be examined to determine if they allow UDP high ports and/or ICMP.
I shall illustrate the above by the following example:
Note: The information given below is a part of project and the complete IP addresses have not been revealed
210.187.XXX.X30
When the above IP address was trace routed from Linux it was reaching the destination machine and showing intermediate hops.
root@Bond:~# traceroute 210.187.XXX.X30
traceroute to 210.187.XXX.X30 (210.187.XXX.X30), 30 hops max, 38 byte packets
1 192.168.1.1 (192.168.1.1) 0.638 ms 0.624 ms 0.489 ms
2 dsl-mum-static-001.126.144.59.airtelbroadband.in (59.144.126.1) 30.927 ms 29.392 ms 32.649 ms
3 dsl-mum-erx-238.127.144.59.airtelbroadband.in (59.144.127.238) 29.555 ms 29.461 ms 29.849 ms
4 125.18.13.133 (125.18.13.133) 29.490 ms 29.994 ms *
5 125.21.167.29 (125.21.167.29) 57.114 ms 125.21.167.25 (125.21.167.25) 58.839 ms 125.21.167.29 (125.21.167.29) 56.616 ms
6 p4-2-0-0.r01.sngpsi02.sg.bb.gin.ntt.net (129.250.12.225) 92.609 ms 149.369 ms 91.392 ms
7 ge-0-0-0.r00.sngpsi02.sg.bb.gin.ntt.net (129.250.4.33) 93.392 ms 94.081 ms 93.534 ms
8 p1-1-1-3.r02.newthk01.hk.bb.gin.ntt.net (129.250.4.129) 120.711 ms 125.753 ms 119.221 ms
9 ae-4.r21.newthk01.hk.bb.gin.ntt.net (129.250.5.65) 118.480 ms 117.141 ms 117.743 ms
10 po-2.a04.newthk01.hk.ra.gin.ntt.net (203.131.240.126) 125.649 ms 125.500 ms 128.086 ms <--COMPARE BEYOND THIS LINE BELOW
11 203.131.241.110 (203.131.241.110) 125.863 ms 125.350 ms 126.397 ms
12 219.94.9.189 (219.94.9.189) 246.589 ms 246.512 ms 246.623 ms
13 vlan500-brf-sw03.tm.net.my (202.188.0.3) 244.385 ms 244.057 ms 240.930 ms
14 202.188.224.117 (202.188.224.117) 242.909 ms 202.188.224.113 (202.188.224.113) 240.095 ms 202.188.224.117 (202.188.224.117) 244.158 ms
15 210.187.143.11 (210.187.143.11) 242.584 ms 210.187.142.11 (210.187.142.11) 252.249 ms 210.187.143.11 (210.187.143.11) 244.859 ms
16 58.27.101.58 (58.27.101.58) 247.385 ms 245.794 ms 245.858 ms
17 203.106.129.100 (203.106.129.100) 248.199 ms 248.292 ms 248.089 ms
18 219.94.4.182 (219.94.4.182) 253.748 ms 257.349 ms 268.784 ms
19 sms4.XXXXX.net (210.187.XXX.X30) 252.540 ms 252.484 ms 252.253 ms
When the above IP was tracrouted from WINDOWS it gave the following result:
C:\Documents and Settings\Bond>tracert 210.187.XXX.X30
Tracing route to sms4.maaklmutual.com.my [210.187.XXX.X30]
over a maximum of 30 hops:
1 4 ms <1 ms <1 ms 192.168.7.2
2 <1 ms <1 ms <1 ms 192.168.1.1
3 38 ms 28 ms 76 ms dsl-mum-static-001.126.144.59.airtelbroadband.in [59.144.126.1]
4 32 ms 33 ms 29 ms dsl-mum-erx-238.127.144.59.airtelbroadband.in [59.144.127.238]
5 * 32 ms 30 ms 125.18.13.133
6 57 ms 59 ms 54 ms 125.21.167.29
7 92 ms 90 ms 88 ms p4-2-0-0.r01.sngpsi02.sg.bb.gin.ntt.net [129.250.12.225]
8 92 ms 105 ms 93 ms ge-0-0-0.r00.sngpsi02.sg.bb.gin.ntt.net [129.250.4.33]
9 118 ms 122 ms 157 ms p1-1-1-3.r02.newthk01.hk.bb.gin.ntt.net [129.250.4.129]
10 116 ms 116 ms 117 ms ae-4.r21.newthk01.hk.bb.gin.ntt.net [129.250.5.65]
11 123 ms 146 ms 165 ms po-2.a04.newthk01.hk.ra.gin.ntt.net [203.131.240.126] <--NOTE THE DIFFERENCE FROM HERE
12 122 ms 122 ms 125 ms 203.131.241.110
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
By comparing the difference in above two results we do note that UNIX implements UDP packets for traceroute while Windows uses ICMP packets for traceroute.
Similar result was obtained when the traceroute was being performed to a different IP address where we found that the ICMP(Windows) packets were passing through and the UDP(Linux) packets were getting dropped. This means that the firewall was allowing ICMP packets to go through and had a policy set against UDP.
NOTE: When using windows as a guest machine with Linux as host machine, when tracert was performed from windows it sent out ICMP packets as Linux had not encapsulated the packets as UDP.
So it is suggested to not rely only on Windows but also the same should be tested from *nix running machines.
note
With major help from Mr Bond)
Favoured: 0
