0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 38 Identification: 0xebf0 (60400) Flags: 0x00 Fragment offset: 0 Time to live: 1 Protocol: UDP (17) <- Header checksum: 0x2019 Source: 10.22.9.54 Destination: 77.75.77.39 User Datagram Protocol, Src Port: 32784, Dst Port: 33435 Data (10 bytes) The question remains: If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be? All path routers decrement these TTL values, and when an arriving packet has a TTL=1, the router sends an ICMP error packet back to the source. For both operating systems, the program sends the first packet with a time-to-live field TTL=1, the second packet with TTL=2, and so on.
#WIRESHARK USES ICMP SERIES#
Meanwhile in Windows the source sends a series of ICMP packets to the target destination. Namely, in Unix/Linux, the source sends a series of UDP packets to the target destination using an unlikely destination port number. Carefully note that Traceroute is implemented in different ways in the Unix/Linux, MacOS, and Windows operating systems. I am working on a school Wire Shark project and this questions comes out of the blue, here is more background: The next part focuses on using the Traceroute program to resolve the path a packet takes from source to destination. Thanks Cristian_R I am not sure that I gave you enough back ground information to understand what I am asking.