Suppose I want to determine if an IP is located in my country, without a third-party servvice. Could I estimate that to a certain degree by measuring ping times? Or is it better to look at the number of hops in the trace route? Or something else?
Ping Times and Location/Distance – Are They Related?
pingtcptraceroutewan
Related Solutions
The first version of traceroute was written by Van Jacobson and it used ICMP but it didn't work very well. The vendor interpretation of ICMP in RFC792 was that routers should not send an ICMP error message in response to an ICMP packet (see edit notes below). Therefore most routers would not send a "time exceeded" message in response to an echo request with a TTL of 1 or 0. So he changed it to use UDP and lo and behold it worked great and there was much rejoicing (and adoption). The traceroute tool on Linux and FreeBSD (and I assume Cisco) is based on Van Jacobson's work.
The spec was later changed to "in response to an ICMP error packet." The world progressed, vendors made changes to their stacks allowing ICMP error messages in response to echo requests, and with the rise of firewalls and ACLs, stray UDP packets sometimes get blocked, but ICMP echo request could get through. Of course, your success on that today varies wildly. I would expect the tracert and other tools were written at a time when using ICMP echo responses wasn't so problematic.
These days you can't really say UDP is better than ICMP. Or that either of those is better than TCP. It completely depends on the path you are traversing and the security policies in place. You may need to try one, both, or all three implementations.
Sources:
http://ftp.arl.army.mil/~mike/ping.html http://www.inetdaemon.com/tutorials/troubleshooting/tools/traceroute/definition.shtml
Edit:
Changed RFC from IP (RFC791) to ICMP (RFC792) that says in the intro:
To avoid the infinite regress of messages about messages etc., no ICMP messages are sent about ICMP messages.
That's the bit that caused vendors to not send "Time Exceeded" errors for echo requests.
RFC1122, Requirements for Internet Hosts, in section 3.2.2. is the update that says hosts shouldn't respond to ICMP error messages.
first of all your topology seams to be as following
following your description
pc2 could reach PC1 cause the pc2 GW (which is R2) can reach PC1 (cause it is directly connected to the both network).
so same way let us ask a very importent question . what is the PC1 GW and do PC1 GW know about subnet 192.168.2.X or not ?????????
if PC1 GW is the modem so you must add static route on the modem tell it if you want to reach 192.168.2.X you should go to 192.168.1.2 . otherwise you need to set the GW of PC1 to be 192.168.1.2
Best Answer
Not really.
Yes there is certainly a correlation between ping time and distance. However there are many factors other than distance that can lead to a high ping. Congestion, crappy routing, Satellite links etc.
So attempting to use ping time as a geoblocking measure is likely to have an unacceptably high false positive rate.