Your team is troubleshooting why HTTPS sessions to the internal server 10.2.0.20 sometimes fail. A security engineer notes that several middleboxes on the path drop UDP and ICMP packets but allow outbound TCP connections to port 443. While logged in to a Linux workstation as root, you want traceroute to follow the same path that an actual TLS handshake would take so you can identify the hop where packets disappear. Which command will provide the most accurate trace of that TCP 443 path?
The TCP probing method is enabled with the -T option. It sends a TCP SYN toward the destination and therefore looks like the first packet of a real three-way handshake. Adding -p 443 sets the constant destination port to 443, matching HTTPS traffic. This causes intermediate firewalls to treat the probes the same way they treat normal HTTPS packets.
-I switches to ICMP echo probes; these would still be filtered by devices that block ICMP.
-U -p 443 keeps the probes on UDP, merely fixing the destination port; middleboxes that block UDP will still drop them.
--mtu performs path-MTU discovery and does not change the underlying probe protocol (which remains UDP by default), so it also fails to emulate HTTPS.
Therefore, the command using -T -p 443 is the only option that traces the same path a real HTTPS connection would use.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the role of the -T switch in the traceroute command?
Open an interactive chat with Bash
Why is it important to use -p 443 for this traceroute?
Open an interactive chat with Bash
How do ICMP and UDP probes differ from TCP probes in traceroute?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
System Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access