I know, that traceroute uses UDP, and for destination port it starts with 33434. Then, with each next hop it increments the destination port number by 1. The questions is: why does traceroute need to increment the destination port? Wouldn't it be sufficient to just increment the TTL value, while keeping the port number unchanged, say, 33434, or any other from the allowed range?
Traceroute UDP port question
tracerouteudp
Best Answer
To understand the mechanism, let's see it with an example:
tracerouteto44.12.44.1from my PC44.12.44.1with TLL=1 and port=3343444.12.44.1with TTL=2 and port=3343544.12.44.1with TTL=3 and port=33436It will keep doing that until TTL=32 and port=33465
When each one of those UDP datagrams goes through a router the TTL value is decremented and if it reaches zero, then the router returns an ICMP Time Exceeded Message, also known as ICMP Type 11.
My PC receives a lot of ICMP Time Exceeded Messages.
Checking the source IP adddresses of the ICMP message, my PC learns the IP's of the devices that are between itself and
44.12.44.1.But it doesn't know the order. To know it, checks inside the ICMP message because it contains the header of the original UDP datagram. The
UDP port minus 33434gives the position of that device in the route to44.12.44.1.Keep in mind that Windows imnplementation of
tracerouteuses ICMP instead of UDP, that is used by Unix, Linux, BSD, etc.