On Wed, 24 Sep 2003, Margaret Wilson quoted a personal reply from Don Bosman to her earlier message, which in turn was based on a suggestion of mine to use traceroute instead of ping: > [...] > ACD has fiber to campus, efectively making them a segment on 'our' network, > so they should be able to ping the gateway. You should have been able to > ping via your ACD/MSU account, but not through ACD's own network. Since > Traceroute uses pings it shouldn't be working from off campus either. > [...] Traceroute does not use pings, which are ICMP packets (ECHO_REQUEST sent, ECHO_RESPONSE returned) by default, it uses UDP packets (on many systems one can choose, however, to alter the default and send the ICMP "ECHO" family packets instead). What I forgot in my initial suggestion was that the responses traceroute listens for are ICMP TIME_EXCEEDED and/or UNREACHABLE packets (depending on which is appropriate), so even though the UDP packets it's sending out may get through an ICMP block, the ICMP packets it's listening for may not. There are network utilities available which use repeated TCP or UDP connection attempts in order to simulate pings in an environment where ICMP is not useful/useable. Many hacker toolkits make use of them (though actual hackers tend to use other features beyond the simple "can I get through to system A?" functionality). ------------------------------------------------------------------------- George J Perkins http://www.pa.msu.edu/people/perkins/ 1209B BPS Bldg, MSU Phone: 517-355-9200 ext 2567 East Lansing, MI 48824-2320 FAX: 517-353-4500