Quote:
Originally Posted by unSpawn
*shrug* I don't know why people keep clinging on to ICMP and UDP for TCP services as there's tcptraceroute...
|
tcptraceroute still uses the TTL field to determine the identity of routers along the path, which means it still listens for and depends on ICMP "TTL Expired in Transit" messages. The main difference between
tcptraceroute and
traceroute is the use of the TCP protocol, and that by itself is not a more reliable mechanism when it comes to identifying routers, and only slightly better for identifying the target host.
According to the
tcptraceroute man page, it ultimately expects to receive an RST packet from the target host if no service is running on the port in question. In other words, it's just as unreliable as
traceroute if the port is firewalled, but admittedly somewhat more reliable if there's a service on the port being targeted, as a UDP based service may not respond unless the packet contains valid application layer protocol data while an open TCP port should respond with a SYN/ACK.