From: Datta Vaidya (dnvaidya@rilinfo.net)
Date: Fri Dec 29 2006 - 01:14:23 EST
I have noticed it many times on Juniper routers also when we are using
subinterfaces. As the way traceroute work I guess it is due to dual response
from the destination hop which returns twice to the sender and on the basis
of ICMP ttl expired error sender shows it twice.
Also if we note it keenly the MS value in both the responses varies from
each other. The second response shows little bit more milli seconds hence I
am guessing that the returning HOP gives one response of TTL expired
immedietely at main interface and one might be coming from sub interface or
any such mechanisum which also get chance to process same packet hence there
is some dely in second packet.
Hope my assumptions are right.
Datta Vaidya
----- Original Message -----
From: "Francois Labreque" <flabreq@ca.ibm.com>
To: "Becky Nelson" <ralf.jacober@gmail.com>
Cc: <listbounce@securityfocus.com>; <pen-test@securityfocus.com>
Sent: Thursday, December 28, 2006 8:18 PM
Subject: RE Traceroute question
listbounce@securityfocus.com a écrit sur 2006-12-27 20:36:58 :
> I am running a traceroute and have two hops that report the same
> address. Could someone please explain what would cause this? I
> suspect that this is some type of firewall?
>
> Regards,
>
> Ralf
It can be a firewall that does PAT, or it can be certain models of higher
end Cisco routers (75xx series) that will do that if they have
distributed-forwarding turned on.
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:30 EDT