Tags: ,

Forum Replies

  1. Hello Hussein.

    You are correct when you say that you cannot skip an OSI layer when communicating on the network. However, we can BEGIN our communication at layer 3 and go down to layer 1. In this case we are not skipping layers 4-7. Let me express this in an example:

    When you start an FTP file transfer from your computer, you are BEGINNING your communication at the Application layer, or layer 7. As you go down the OSI stack, you cannot skip layer 2 for example. MAC addresses must be placed in the L2 header and appropriate header information must be included. You can’t get to layer 1 otherwise. All 7 layers must be traversed because you’re starting from layer 7. It’s like getting in an elevator on the 7th floor and you want to go to the ground floor. You can’t skip floor 2!!

    However, if you happen to be on the third floor, you can enter the elevator and go to the ground floor. You’re not skipping floors 7-4, you just happen to be starting at floor 3 and going down. That’s what ICMP is doing.

    Similarly, ARP is a layer 3 protocol and does not know layers 4-7 exist as are all routing protocols (EIGRP, RIP, OSPF etc). CDP, VTP and LACP are examples of protocols that exist only on layer 2 and know nothing of upper layers.

    Using the elevator analogy, you can see that we are not skipping layers, we are just getting on the elevator at a different “floor” to start our journey down.

    I hope this has been helpful!


  2. Hi Andrew,

    In your reply to Durga “The reason that Cisco/Unix/Linux do not do this is in case there is an intermediate firewall that filters on ICMP. In this case, the Windows tracert will not get through, but the Cisco/Unix/Linux probably would.”

    As an administrator i wont open any port until unless its necessary , All will be explicitely denied so How a UDP packet will cross my firewall.?

  3. Hello TAIMOOR

    First of all there is no such thing as a stupid question. Secondly, yes, you are correct. R1 and R3 must have some sort of routing (either static or dynamic) to be able to find each other’s networks.

    I hope this has been helpful!


  4. Hi Rene,

    Thank you for your amazing tutorials. I have few doubts and I am sorry if I have missed it in your explanation. You have mentioned that Cisco router will try multiple probes and we are restricting to one by mentioning probe =1.

    1. Does probe means the number of attempts?
      I did a “tracert” on cmd and it showed a list of hops to google’s dns server.

    2. Why R3 replies port 33435 as unreachable? Why is the port number increased on each attempt of traceroute? Same port number can exist on all hosts.

  5. Hello again Rosna

    In traceroute, a probe is the number of ICMP echo requests sent to each individual hop. So if a traceroute has 7 hops to the destination, the Cisco device will send three probes, or three ICMP echo requests to each of the 7 hops for a total of 21 ICMP echo requests. If you select one probe, a single ICMP request will be sent to each hop. You won’t actually see a difference in the traceroute output.

    By default, Cisco begins its traceroute on port 33434. Each hop that it traverses, it increments the destination port by one. This is how the traceroute command has been designed. You can adjust the default starting destination port by using the extended traceroute commands.

    You can find out more information about the traceroute command on Cisco devices at this Cisco documentation

    I hope this has been helpful!


34 more replies! Ask a question or join the discussion by visiting our Community Forum