Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
21492
Views
18
Helpful
15
Replies

how to hide the TRACE HOPS in the traceroute command

sivakondalarao
Level 1
Level 1

‎08-05-2007 01:16 AM - edited ‎03-03-2019 06:11 PM

while doing trace we are not able to see few hops in the middle ; ( ie hops inside the cloud ) ; we want to know what command used for this ?

3 people had this problem
Labels:
0 Helpful
15 Replies 15

Pavel Bykov
Level 5
Level 5

‎08-05-2007 03:24 AM

The way trace route works is by sending UDP packets with progressively larger TTL. TTL is decremented by (at least) one at every hop, and when TTL reaches 0 device sends back to the sender error message "Time Exceeded in transit". Originator of this message is then displayed in your output.

First ping has TTL=0, so first router (or default gateway if done from PC) sends this message. Next has TTL=1, so it expires at the next router.

You might have known this, but this is important if you want to hide your router. That means you should pass all ICMP (it's not wise to block ICMP altogether), and block only ICMP code 11 (ttl exceeded) originating from the router you want to hide.

Paolo suggested using ACL. But the problem is that packets originated by the router are not subject to the ACLs. And router originates ttl-exceeded error message that is sent back to the receiver, so simply blocking "icmp ttl-exceeded" with source IP address of all router's interfaces will not work.

0 Helpful
Customers Also Viewed These Support Documents