dslreports logo
site
spacer

spacer
 
    All FAQs Site FAQ DSL FAQ Cable Tech About DSL Distance DSL Hurdles »»
spc

spacer




how-to block ads



That's an excellent question. The reason is that both ping and traceroute use a special packet type called an Internet Control Message Protocol or ICMP packet. These are used primarily for network attached devices to send short messages to each other and as such are very different from transport protocols such as UDP or TCP, which is what 'real data' such as web pages or video downloads use.

As more computers moved from temporary connections such as dialup to permanent connections as we have today, it became common for virus and trojan writers to include a mechanism to search for nearby hosts via ping in an attempt to locate more systems to infect. The net sum of having to manage this additional flood of ICMP packets was that routers, firewalls and other network devices could become so busy responding to pings that they were rendered ineffective at actually sending real traffic...what is known as a denial of service attack.

This is why it is now common practice for engineers to setup their devices to treat ICMP with the lowest priority, if now downright ignore it (my Juniper firewall at home is set to ignore ICMP and thus can't be pinged) This is what is often called "de-prioritization" here and helps to ensure that 'real packets' get through before the fluff.

This is what you are seeing when you do a traceroute and one hop is showing loss or high latency while the next is just fine. You can tell it is just a case of the host in question taking its time to respond because if there was real packet loss that host would impact all the other hops because it sits between you and them.

and there it is in a nutshell, albeit a lengthy one

Explanation provided by bbeesley See Profile

Expand got feedback?

by CoxTOC1 See Profile edited by PapaSmurf See Profile
last modified: 2009-01-07 15:22:10