[TCLUG] Can ping but not traceroute to a Cisco router?

[Austad, Jay]

you can also try the -I flag with traceroute and see if that works.  If it
does, it's most certainly some sort of access-list somewhere along the line
that is dropping the UDP packets that traceroute normally uses.

Jay

-----Original Message-----
From: Mike Hicks [mailto:hick0088 at tc.umn.edu]
Sent: Monday, September 24, 2001 8:58 PM
To: tclug-list at mn-linux.org
Subject: Re: [TCLUG] Can ping but not traceroute to a Cisco router?


Bob Tanner <tanner at real-time.com> wrote:
> 
> I can ping an ethernet interface on a remote Cisco router, but I cannot
> traceroute to it.
> 
> I have seen this behaviour before when a firewall is involved, and when
> some whacky access-list is applied to the interface.
> 
> I was told the interface has no access list applied to it, so what other
> things can I troubleshoot when you can ping but not traceroute to an
> interface?

Traceroute usually uses mangled UDP packets, since responding with an ICMP
error message to an ICMP packet that has a zero TTL would probably be a
really silly thing to do.  Is something not passing UDP?

You can try using hping2, which will let you do all sorts of nasty things
to packets to see what can pass through..

-- 
 _  _  _  _ _  ___    _ _  _  ___ _ _  __   God speed, fair wizard. 
/ \/ \(_)| ' // ._\  / - \(_)/ ./| ' /(__                              
\_||_/|_||_|_\\___/  \_-_/|_|\__\|_|_\ __)                             
[ Mike Hicks | http://umn.edu/~hick0088/ | mailto:hick0088 at tc.umn.edu ]