General discussion

Locked

Mysterious UDP Packets

By jdogg ·
I have an application running on a SUN Ultra 170E running Solaris 2.5.1. Local users have good response times but remote users suffer intermittent response times. Snooping a telnet session I came across the following UDP packets in the middle of a telnet conversation and I am certain they are the cause as indicated by the relative timestamps - but what's causing them? Interestingly they don't seem to contain any data and have a TTL of 1.

96 52.77655 wallace -> 10.200.61.92 UDP D=33435S=62644 LEN=20
97 36.07697 wallace -> 10.200.61.92 UDP D=33435 S=62649 LEN=20
98 5.02963 wallace -> 10.200.61.92 UDP D=33436 S=62649 LEN=20
99 0.00140 wallace -> 10.200.61.92 UDP D=33437 S=62649 LEN=20
100 0.00143 wallace -> 10.200.61.92 UDP D=33438 S=62649 LEN=20

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Mysterious UDP Packets

by joematus In reply to Mysterious UDP Packets

This is a UNIX traceroute.

The last four packets tell the tale. Same source port going to incrementing destination UDP destination ports (usually around port 33434). I'll bet the time between the packets are the same. The TTL is also a clue. Traceroute uses TTLs of 1 in order to get back ICMP TTL exceeded (Type 11 Code 0) messages from the routers along the way. When it gets to the final host, it expects an ICMP port unreachable message. That's why it uses such high ports -- those ports are very rarely used.

Collapse -

Mysterious UDP Packets

by jdogg In reply to Mysterious UDP Packets

It appears you are correct - I have managed to determine that they were traceroute packets, and, therefore, a red herring

Collapse -

Mysterious UDP Packets

by jdogg In reply to Mysterious UDP Packets

This question was closed by the author

Back to Linux Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums