I am using python scapy to log ICMPV6 messages coming to the server. Based on type of ICMPV6 packet I need to take different actions. How do I differentiate between a ping request and a traceroute request. Based on the packet logs it seems the only difference is in size of payload data and hop limits.
Asked
Active
Viewed 43 times
0
-
Does this answer your question? [Does traceroute use UDP or ICMP or both?](https://serverfault.com/questions/374620/does-traceroute-use-udp-or-icmp-or-both) – John Mahowald Oct 12 '21 at 22:08
-
No. For both type of packets that I receive, I get the same type = Echo Request – dev Joshi Oct 13 '21 at 12:56
1 Answers
0
No, ICMP type is not enough for destination host to distinguish if the source host is using ping or traceroute.
As you discovered, traceroute experiments with hop limit to solicit Time Exceeded responses from routers on the path. Other than that, traceroute and ping probably send very similar echo requests. Trivial data payload in both cases, just getting responses and timing them.
John Mahowald
- 30,009
- 1
- 17
- 32