Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: RE Traceroute question

from [Datta Vaidya] Network Security [Permanent Link]
Subject: Re: RE Traceroute question
Date: Fri, 29 Dec 2006 11:44:23 +0530 
I have noticed it many times on Juniper routers also when we are using
subinterfaces. As the way traceroute work I guess it is due to dual response
from the destination hop which returns twice to the sender and on the basis
of ICMP ttl expired error sender shows it twice.

Also if we note it keenly the MS value in both the responses varies from
each other. The second response shows little bit more milli seconds hence I
am guessing that the returning HOP gives one response of TTL expired
immedietely at main interface and one might be coming from sub interface or
any such mechanisum which also get chance to process same packet hence there
is some dely in second packet.

Hope my assumptions are right.

Datta Vaidya

----- Original Message -----
From: "Francois Labreque" <flabreq@ca.ibm.com>
To: "Becky Nelson" <ralf.jacober@gmail.com>
Cc: <listbounce@securityfocus.com>; <pen-test@securityfocus.com>
Sent: Thursday, December 28, 2006 8:18 PM
Subject: RE Traceroute question


listbounce@securityfocus.com a écrit sur 2006-12-27 20:36:58 :


I am running a traceroute and have two hops that report the same
address.  Could someone please explain what would cause this?  I
suspect that this is some type of firewall?

Regards,

Ralf


It can be a firewall that does PAT, or it can be certain models of higher
end Cisco routers (75xx series) that will do that if they have
distributed-forwarding turned on.
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Virtual environments security, Michel Pereira
Next by Date:  Re: Virtual environments security, Michel Pereira
Previous by Thread:  RE Traceroute question, Francois Labreque
Next by Thread:  re: Traceroute question, Robert MacDonald
Indexes:  [Date] [Thread] [Top] [All Lists]