... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

comp.protocols.tcp-ip

TCP and IP network protocols.

14,669 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 12,678 of 14,669

Vernon Schryver to D. Stussy

Re: finding hop count between machines p

25 Jan 09 04:07:33

   From: vjs@calcite.rhyolite.com   

   In article ,   
   D. Stussy  wrote:   

   >> on a project where I need to determine the number of hops a connection   
   >> takes between 2 machines, essentially to eliminate if someone sticks a   
   >> router between the 2 machines.   
   >>   
   >> 1.  Is this pretty easy to do in a small bit of code?   

   In general and to really solve that problem, no.   

   If the goal is for one machine to try to ensure that a second machine   
   is connected to the same IP network as the first machine, then the   
   least bad tactic may be to ask the operating system for the host   
   addresses and netmasks of relevant network interfaces and then check   
   that the IP address of the second machine is on one of the connected   
   networks.   
   That tactic is vulnerable to proxy-ARP, bridges, and other complications.   

   Perhaps the quickest kludge would be to tell your operating system   
   to use a TTL of 1 (or whatever) on all of the packets you send.   
   That won't be perfect, but it will work in many cases.   

   >> 2.  Does anyone have an example of this?   
   >   
   >See "traceroute".  Its algorithm does the job.   

   Traceroute gives only an approximate number of routers between the   
   source and destination, and then only in one direction and only for   
   a sample of the available paths at the instant the measurement is   
   made.  Traceroute does not necessarily see all routers, not even   
   for the loose definition of "router" as "box that forwards packets   
   and decrements the IP TTL field."   

   Another difficulty with the notion of using the traceroute idea is that   
   it requires sending packets, waiting for responses, and doing something   
   reasonable when there are no responses.  Because of the nature of the   
   packets, the sending and waiting tend to require elevated privileges   
   on UNIX-like operating systems, which is why /usr/sbin/traceroute (or   
   wherever) is likely to be set-UID.   

   Of course, the algorithm in `traceroute` is related to setting the TTL.   

   Before doing anything, it is best to consider the problem being   
   solved.  If the real problem has anything to do with "security,"   
   then it is practically certain that the number of routers in the   
   path is irrelevant.  Real solutions to confidentiality, authentication,   
   authorization, non-repudiation, no-replay, etc. problems do not   
   care about the number of intervening routers.   

   Vernon Schryver    vjs@rhyolite.com   

   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]