Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

https://wiki.geant.org/display/public/EK/TCP+Trace+Route


Image RemovedTCP-traceroute send an SYN ( port may vary )  and any response will be good enough






Code Block
titleallow tcp traceroute
term accept-traceroute-tcp {
    from {
        destination-prefix-list {
            router-ipv4;
            router-ipv4-logical-systems;
        }
        protocol tcp;
        ttl 1;
    }
    then {
        policer management-1m;
        count accept-traceroute-tcp;
        accept;
    }
}


tcp-flags

tcp-initial

set firewall filter testtcptraceroute term 20 from tcp-flags syn

set firewall filter testtcptraceroute term 22 from tcp-initial


tcp-establishedset firewall filter testtcptraceroute term 25 from tcp-established