Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines)

[Darren Reed <avalon () coombs anu edu au>]

In some mail from Ofir Arkin, sie said:
> Every ICMP error message includes the Internet Protocol (IP) Header and at
> least the first 8 data bytes of the datagram that triggered the error (the
> offending datagram); more than 8 bytes may be sent according to RFC 1122.
>
> Except for LINUX and Sun Solaris based machines all other operating systems
> will closely follow RFC 1122 guidelines – quoting the IP Header and the
> first 8 bytes of data of the offending packet.

Wrong, HP-UX 11 also quotes more, by default, if I recall correctly.

NetBSD has a sysctl to control how much gets quoted (curtesy of yours
truely :-).

If you read RFC1122 closely, it says that the inclusion of 64bits of data
from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX
are not in error here:
...
         Every ICMP error message includes the Internet header and at
         least the first 8 data octets of the datagram that triggered
         the error; more than 8 octets MAY be sent; this header and data
         MUST be unchanged from the received datagram.
...

Darren

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).