Live from the PaulDotCom Security Weekly Studio....
- Sponsored by Core Security, listen for the discount code at the end of the show
- Sponsored by Syngress, be the first to post the answer to the question at the end of the show and win a free book!
- You should register for SANS Las Vegas 2006, we will be there doing a live show!
- Please go update our frapper map!
- Want some cool PaulDotCom Gear? Do you hack naked? Check out our Cafepress Store!
- Full Show Notes
Hosts: Larry "Uncle Larry" Pesce, Paul "PaulDotCom" Asadoorian
Email: psw@pauldotcom.com
The answer to this week's question:
Traceroute typically uses UDP ports 33435-33465.
Thanks to your helpful slideshow at http://pauldotcom.com/traceroute.swf
Question of the week answer:
33434 to 33434+hops-1
The port range that is addressed by the traceroute command is 33435 thru 33465
*nix uses ports 33434 - 33524 for traceroute by default.
The answer to you show question is UDP ports 33435 to 33465.
Just wanted to say hey again, keep up the great podcast! not only is it entertaining it is also informative. And thank you for listening to Steve Gibson, so I don't have to! You are life savers! You guys are the best security podcast out there and I can give you 2600 reasons why, expecially since they suck too. Keep holding that bar so high.
Syngress QotW... According to the PDC flash file and the TCP/IP Corner discussion, the udp ports used by traceroute are 33435-33465, but according to the UNIX man page for traceroute and http://www.freesoft.org/CIE/Topics/54.htm the first udp port used by traceroute is 33434.
Hey, in Brazil we speak portuguese, not spanish :)
I listen to your show on a regular basis on my ipod when I'm driving to/from work. You guys are hilarious and very informative. On the last podcast I listened to your TCP/IP corner where you talked about traceroute. I caught a couple of inaccuracies that I wanted to correct so you could correct them for your audience. I'm assuming nobody has emailed you concerning this if that's a bad assumption please ignore this.
Contrary to what was said on PSW, the first traceroute packet that is sent out has a TTL of one not zero. (see RFC1393) If a router ever decrements the TTL field to zero it must bit bucket that packet and then send an icmp TTL expired message to the source IP address.
The other issue I had was that Paul said the traceroute was complete when the host doing the traceroute receives a packet from the IP address being tracerouted to. This is incorrect. The device being tracerouted to may have multiple interfaces so there's no guarantee that it will use the IP address tracerouted to as the source IP when replying. A router would be an example. The traceroute is complete when it receives an echo reply (for Windows) or an icmp port unreachable message (for unix/linux).
I find your podcast to be a great source of info. Keep up the great work. Thanks again.