On Sun, 15 Sep 2002, Tim Haynes wrote: > Cristian Ionescu-Idbohrn <[EMAIL PROTECTED]> writes: > > > On Sun, 15 Sep 2002, Tim Haynes wrote: > > > >> Could you include a complete `tcpdump -X' on one or two of the packets, > >> maybe make a series of them available for download in libpcap form so I > >> can oogle them in ethereal? > > > > Catched and oogled in ethereal: > > > [snip] > > | Flags: 0x00 > > | .0.. = Don't fragment: Not set > > | ..0. = More fragments: Not set > > | Fragment offset: 0 > > | Time to live: 111 > > | Protocol: ICMP (0x01) > > | Header checksum: 0x6ffb (correct) > > | Source: 62.211.198.163 (62.211.198.163) > > How many hops away is the supposed source if you traceroute to it and how > does that compare to the 17 the above would imply?
How did you work the 17 out? Here's the traceroute: 1 x.y.z.1 ([EMAIL PROTECTED] ISP) 25.604 ms 23.43 ms 24.26 ms 2 ... 19.383 ms 20.427 ms 20.911 ms 3 ... 23.029 ms 20.62 ms 20.651 ms 4 195.54.123.77 (195.54.123.77) 23.799 ms 20.086 ms 21.203 ms 5 195.54.125.190 (195.54.125.190) 22.821 ms 20.919 ms 21.557 ms 6 195.54.118.238 (195.54.118.238) 23.023 ms 20.752 ms 23.011 ms 7 62.12.33.37 (62.12.33.37) 26.31 ms 26.469 ms 26.723 ms 8 62.12.32.77 (62.12.32.77) 26.72 ms 26.15 ms 26.681 ms 9 64.214.65.162 (64.214.65.162) 134.182 ms 133.932 ms 141.306 ms 10 64.214.65.214 (64.214.65.214) 135.111 ms 133.889 ms 133.732 ms 11 208.48.185.134 (208.48.185.134) 535.305 ms 525.531 ms 523.54 ms 12 207.45.221.109 (207.45.221.109) 537.98 ms 549.608 ms * 13 207.45.198.82 (207.45.198.82) 966.739 ms 995.451 ms 1038.36 ms 14 195.22.205.118 (195.22.205.118) 268.446 ms 268.89 ms 276.694 ms 15 195.22.197.142 (195.22.197.142) 280.419 ms 281.839 ms 282.549 ms 16 151.99.29.222 (151.99.29.222) 284.126 ms 280.547 ms 287.283 ms 17 80.17.211.142 (80.17.211.142) 405.897 ms 287.745 ms 284.2 ms 18 151.99.29.100 (151.99.29.100) 284.638 ms 282.311 ms 299.727 ms 19 62.211.198.163 (62.211.198.163) 603.76 ms 649.345 ms 653.241 ms Cheers, Cristian
