I'm having trouble getting traceroutes to go out with my slick new dsl connection. The modem has a router built into it, and even with its internal firewall turned off, the only output I get from a traceroute is the router'r IP number and times, followed by 29 lines of stars. I tried shutting down the network and using my dialup account, and traceroute works fine. I know it's not the firewall on my machine, because it makes no difference if it's on or off with the dsl, and traceroute works on the dialup with the firewall running. (Yes, I did remember to change the default path in the firewall config from eth0 to ppp0) Any ideas? Is this likely to be something built into the dsl modem, or something with Verizon? Or might I have something screwed up in my network setup? I can ping my other computers and I can ping out to the internet ok. Thanks, Greg Avedissian
Hi Greg. I have a similar situation at home. When I need to do a traceroute I use the -I switch (e.g. traceroute -I www.google.com), which uses ICMP echos instead of UDP datagrams. I believe that ping uses ICMP requests by default, which may explain why you can ping outside your network. Hope this helps. -James Baldassari
I'm having trouble getting traceroutes to go out with my slick new dsl connection. The modem has a router built into it, and even with its internal firewall turned off, the only output I get from a traceroute is the router'r IP number and times, followed by 29 lines of stars.
I tried shutting down the network and using my dialup account, and traceroute works fine. I know it's not the firewall on my machine, because it makes no difference if it's on or off with the dsl, and traceroute works on the dialup with the firewall running. (Yes, I did remember to change the default path in the firewall config from eth0 to ppp0)
Any ideas? Is this likely to be something built into the dsl modem, or something with Verizon? Or might I have something screwed up in my network setup? I can ping my other computers and I can ping out to the internet ok.
Thanks, Greg Avedissian
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Thanks, but that didn't work. The google example gave me an error message (i.e. the help screen). traceroute -I requires an interface for an argumnt, the only choice I have is eth0, and that gives the same output as with no option. I messed around with some other options and had no luck (-g, -r, -t, -4, -6). Using tracroute 0.6.2, SuSE 8.2. Greg James Baldassari wrote:
Hi Greg. I have a similar situation at home. When I need to do a traceroute I use the -I switch (e.g. traceroute -I www.google.com), which uses ICMP echos instead of UDP datagrams. I believe that ping uses ICMP requests by default, which may explain why you can ping outside your network. Hope this helps.
-James Baldassari
I'm having trouble getting traceroutes to go out with my slick new dsl connection. The modem has a router built into it, and even with its internal firewall turned off, the only output I get from a traceroute is the router'r IP number and times, followed by 29 lines of stars.
I tried shutting down the network and using my dialup account, and traceroute works fine. I know it's not the firewall on my machine, because it makes no difference if it's on or off with the dsl, and traceroute works on the dialup with the firewall running. (Yes, I did remember to change the default path in the firewall config from eth0 to ppp0)
Any ideas? Is this likely to be something built into the dsl modem, or something with Verizon? Or might I have something screwed up in my network setup? I can ping my other computers and I can ping out to the internet ok.
Thanks, Greg Avedissian
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
On Wed, Apr 28, 2004 at 11:01:23AM -0400, gma2004@verizon.net wrote:
Thanks, but that didn't work. The google example gave me an error message (i.e. the help screen). traceroute -I requires an interface for an argumnt, the only choice I have is eth0, and that gives the same output as with no option. I messed around with some other options and had no luck (-g, -r, -t, -4, -6). Using tracroute 0.6.2, SuSE 8.2.
What does your manual page say for traceroute? man traceroute Mine (Red Hat 9) says -I is for ICMP, -i is for interface.
Charles, Traceroute options are copied below. Please let me know if you see anything that looks useful. Update - tracert works on the XP box, so the problem appears to be specific for linux with the dsl modem only (works on non-verizon dialup account). Greg Charles R. Anderson wrote:
On Wed, Apr 28, 2004 at 11:01:23AM -0400, gma2004@verizon.net wrote:
Thanks, but that didn't work. The google example gave me an error message (i.e. the help screen). traceroute -I requires an interface for an argumnt, the only choice I have is eth0, and that gives the same output as with no option. I messed around with some other options and had no luck (-g, -r, -t, -4, -6). Using tracroute 0.6.2, SuSE 8.2.
What does your manual page say for traceroute?
man traceroute
Mine (Red Hat 9) says -I is for ICMP, -i is for interface.
-6, -4 Explicitly force IPv4 or IPv6 traceouting. By default, the program will try to resolve the name given, and choose the appropriate protocol automatically. If resolving a host name returns both IPv4 and IPv6 addresses, traceroute will use IPv4. Invoking the program as traceroute6 is the same as using the -6 option. -F Set the "Don't Fragment" bit. This tells intermediate routers not to fragment the packet when they find it's too big for a network hop's MTU. -f first_ttl Specifies with what TTL to start. Defaults to 1. -g gateway Tells traceroute to add an IP source routing option to the outgoing packet that tells the network to route the packet through the specified gateway. Not very useful, because most routers have disabled source routing for security reasons. -I interface Specifies the interface through which to traceroute should send packets. By default, the interface is selected according to the routing table. -m max_hops Specifies the maximum number of hops traceroute will probe. The default value is 30. -N concurrent_hops Specifies the number of probe packets sent out simultaneously. Sending several probes concurrently can speed up traceroute considerably. However, when specifying a number that's too large, the destination host will start to throw away random ICMP responses (if it implements ICMP rate throttling), and traceroute will be unable to detect the final hope reliably. The default value is 6. -n Do not try to map IP addresses to host names when displaying them. -p port Specifies the UDP destination port base traceroute will use. When sending its UDP probe packets, it will send them to port + hop - 1 for each hop. If there are ports in this range in use on the destination host, traceroute will not be able to identify reliably when it has reached the destination host (probes will appear to time out). The default port is 33434; you can use -p to change this to a different value. -t tos Set the IP Type of Service (TOS) and Precedence value. Useful values are 16 (low delay) and 8 (high throughput). Note that in order to use some TOS precendence values, you have to be super user. -w sec Wait for sec seconds before sending the next probe packet. Note that unlike older traceroute versions, this implementation will transmit several probe packets in parallel, for different hop values. However, it will never send more than 1 packet per hop value at the same time. -q numqueries Sets the number of probe packets per hop. The default value is 3. -r Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly-attached network, an error is returned. This option can be used to ping a local host through an interface that has no route through it. -R Set the loose source route option on outgoing packets, asking intermediate routers to record their address as the packet passes. This can be useful if you want to find the address of an intermediate router that has been configured to not respond to traceroute packets. This feature hasn't been implemented yet. -S source_addr Chooses an alternative source address. Note that you must select the address of one of the interfaces. By default, the address of the outgoing interface is used. -V Print the version and exit.
On Wed, Apr 28, 2004 at 01:30:24PM -0400, gma2004@verizon.net wrote:
Update - tracert works on the XP box, so the problem appears to be specific for linux with the dsl modem only (works on non-verizon dialup account).
Windows tracert always uses ICMP packets. I guess you'll need to upgrade to a better traceroute :(
-p port Specifies the UDP destination port base traceroute will use. When sending its UDP probe packets, it will send them to port + hop - 1 for each hop. If there are ports in this range in use on the destination host, traceroute will not be able to identify reliably when it has reached the destination host (probes will appear to time out). The default port is 33434; you can use -p to change this to a different value.
You might be able to play with different port number options to see if those get through...
I went to tucows and got a program called mtr that does it. Easy. Thanks. Greg Charles R. Anderson wrote:
On Wed, Apr 28, 2004 at 01:30:24PM -0400, gma2004@verizon.net wrote:
Update - tracert works on the XP box, so the problem appears to be specific for linux with the dsl modem only (works on non-verizon dialup account).
Windows tracert always uses ICMP packets. I guess you'll need to upgrade to a better traceroute :(
-p port Specifies the UDP destination port base traceroute will use. When sending its UDP probe packets, it will send them to port + hop - 1 for each hop. If there are ports in this range in use on the destination host, traceroute will not be able to identify reliably when it has reached the destination host (probes will appear to time out). The default port is 33434; you can use -p to change this to a different value.
You might be able to play with different port number options to see if those get through...
_______________________________________________ Wlug mailing list Wlug@mail.wlug.org http://mail.wlug.org/mailman/listinfo/wlug
Friends, Can you tell me to sniff detail informatstion using snort in linux in order to get sent and received information through my gateway. I have a firewall with snort installed, can I get details informations sent/received by my users where they are usig MSN Messanger, Yahoo Messanger, webmail, Outlook, etc ? Things I've done, just make a background precess and write it into file with snort, but the result is not so complettely as I need. How Can I sniff it so I can get detail information sent/received ? Thanks. Aramico
participants (4)
-
aramico@duahati.com -
Charles R. Anderson -
gma2004@verizon.net -
James Baldassari