<< | Thread Index | >> ]    [ << | Date Index | >> ]

Subject: Re: Traceroute in only one direction.
From: James Knott <james.knott,AT,rogers,DOT,com>
Date: Mon, 04 Aug 2003 17:18:01 -0400
Cc: CIPE <cipe-l,AT,inka,DOT,de>
In-reply-to: <20030804210215.GA2302@hacking.cmeerw.net>
References: <3F2C682D.7020303@rogers.com> <3F2D2F8F.7010500@rogers.com> <3F2EBCD9.7010706@rogers.com> <20030804210215.GA2302@hacking.cmeerw.net>

Christof Meerwald wrote:
On Mon, 04 Aug 2003 16:06:49 -0400, James Knott wrote:

I have CIPE set up between my firewall and notebook computer. Both are running Red Hat 7.3. I have noticed that while I can traceroute from my notebook to firewall, I can't in the opposite direction.


This is getting curiouser and curiouser. When examining the outgoing packets that contain the traceroute packets, from my firewall to notebook, I can see the time to live count starting at 1 for 3 packets, then 2 for 3 etc. It appears as though the TTL values from traceroute are making their way into the UDP headers. Going the other way, from the notebook to firewall, shows a steady TTL of 40 on all encrypted packets containing traceroute packets.

Have a look at the "cttl" setting for cipe:

  "Carrier TTL value. If not specified or 0, use the payload packet's TTL.
  Default recommendation is 64."

Maybe you have set it on one end and not on the other.

That was the case.

Now to figure out why the lan browsing is so slow in one direction.


<< | Thread Index | >> ]    [ << | Date Index | >> ]