Does traceroute use UDP

he type of packet that is sent differs depending on the implementation. By default Windows tracert uses ICMP and both Mac OS X and Linux traceroute use UDP. I don’t have BSD or Solaris machines or any other OS on hand to check but the man page for the Mac OS X version mentions its provenance is BSD 4.3.

The Mac and Linux versions I have offer the ability to choose a variety of different protocols including ICMP, TCP, UDP and GRE packets. Other protocols can be specified by their name or number but traceroute doesn’t know anything about how other protocols work. It just blindly sends them.

They can also both change the payload and the source and destination ports in order to avoid firewalls or discover which router along the path is dropping packets of a certain size.

All versions of traceroute rely on ICMP type 11 (Time exceeded) responses from each hop along the route. If ICMP type 11 responses are being blocked by your firewall, traceroute will not work. These packets are inbound, not outbound.

ICMP type 30 is specifically designated for traceroute and is labeled as an “Information Request”. I haven’t been able to find anywhere where this is actually used. The man page for the Mac OS X and Linux versions says that -I will send ICMP type 8 (echo request). Wikipedia says that Windows tracert also uses ICMP echo requests. ICMP type 30 or type 8 are outbound packets, not inbound.

ICMP type 0 (echo response) may come back as the very last packet when the TTL exactly equals the number of hops. Traceroute will know it has finished when it receives one of these. This is an inbound packet.

TCP SYN packets will cause either a RST packet or a SYN ACK packet in response when they reach their destination. If you receive a SYN ACK packet, it’s polite to follow up with a RST packet so as not to leave a half-open connection on the server.

It is possible to get ICMP type 3 code 4 responses back instead of ICMP type 11 responses if you send a large packet with the “Do not fragment” flag set, however this is likely only to allow you to find the hop with the smallest MTU. You will normally only get this sort of response from one hop along the route. Not all of them.

source: