On Sun, 21 Jun 2009, in the Usenet newsgroup comp.os.linux.networking, in
article <91e301ba-7560-4c33-a79f-f9a0664d1e95 DeleteThis @u10g2000vbd.googlegroups.com>,
markryde DeleteThis @gmail.com wrote:
NOTE: Posting from groups.google.com (or some web-forums) dramatically
reduces the chance of your post being seen. Find a real news server.
>traceroute -p 999 machine B
Minor question - which version of traceroute? There are more than one,
and not all behave in the same manner. However this _shouldn't_ have
an impact on this question.
>On machine B a sniffer is listening, thus:
>tshark -R udp port 999 -i any.
>On machine there is a listening UDP server, which listens on port 999.
>
>Now, I try this with 2 scenarios:
>When machine B is on the Local Area Network; in this case I **do** see
>in sniffer
>that a packet arrive on port 999.
>
>When machine B is on the Internet, I do **not** see any packet in the
>sniffer
>(though the traceroute completes ok).
Run a sniffer on "machine" A and note what is being sent.
09:40:14.260000 192.168.1.161.58865 > 192.0.2.7.33435: udp 10 [ttl 1]
09:40:19.270000 192.168.1.161.58865 > 192.0.2.7.33436: udp 10 [ttl 1]
09:40:24.280000 192.168.1.161.58865 > 192.0.2.7.33437: udp 10 [ttl 1]
09:40:29.290000 192.168.1.161.58865 > 192.0.2.7.33438: udp 10
09:40:34.300000 192.168.1.161.58865 > 192.0.2.7.33439: udp 10
09:40:39.310000 192.168.1.161.58865 > 192.0.2.7.33440: udp 10
Notice that the destination port number is _incrementing_ every time.
Please re-read the description of the '-p' option. This is the
expected behavior. There are many other tools you can use besides
traceroute if you wish the port number to remain fixed (although this
usually has no practical effect unless a firewall is involved).
Old guy
Linux