Snort mailing list archives
ICMP Echo Replies & Unknowns?
From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>
Date: Thu, 28 Jun 2001 00:59:48 -0400
Every day, I see many "ICMP Echo Replies" and "ICMP unknowns" from random machines on the Internet. Some example traces are below...these packets came back to back three seconds apart (icmp unknown then icmp echo reply right afterward). Does anyone know why I would see so many of these? Could this come from a probing tool? I see so many, I'm trying to figure out what's going on! Thanks. 06/27-20:28:39.078559 209.193.66.111 -> xx.xx.xx.xx ICMP TTL:110 TOS:0x0 ID:35584 IpLen:20 DgmLen:708 Type:211 Code:235 UNKNOWN .z:;b............................&T...S..........s?\.....2T..... @...0.........P..z:;....******S*....................X....=...... .........................z:;4....z:;4.................%@.z:;.... H*T...T.....0........pP. z:;....******S*....................X... ................................!z:;.>..!z:;..................%@ .z:;.....+T..cT.h...0.......GCP.#z:;.]..******S*.z:;............ ....X...................................&z:;D...&z:;D........... ....**S*..........S.(.S.....X................................... 'z:;....'z:;................**S*.y:;.OiV.X.I%&.z...:u..54[.U.c.O ._j"RxTv.+.2.J/U'p..3e50.ti..q.5.t:>...y.x..!L(N....C~.s._...(iF .PJhE..msd.d5qM6./...r...B.].K.\.y.X v...zE" =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ 06/27-20:28:42.507288 209.193.66.111 -> xx.xx.xx.xx ICMP TTL:110 TOS:0x0 ID:37888 IpLen:20 DgmLen:708 Type:0 Code:0 ID:0 Seq:0 ECHO REPLY .....0T.`.S.2z:;1...0.T...%@6z:;2...******S*..T................. ..............................%@..%@6z:;.f..******S*............ ....0.........%@..T.........................4z:;Iv..4z:;Iv...... .....................fT..:T.#z:;I...(.S.(.%@............1...0.T. ..%@4z:;Iv..******S*....................X...@.f................. ............4z:;....4z:;................1.....T......fT.x;T.**** I...(.S.(.%@............1...0.T...%@4z:;....******S*............ ....@...X...................................4z:;j...4z:;j....... ........1.....T......fT..<T.****.OiV.X.I%&.z...:u..54[.U.c.O._j" RxTv.+.2.J/U'p..3e50.ti..q.5.t:>...y.x..!L(N....C~.s._...(iF.PJh E..msd.d5qM6./...r...B.].K.\.y.X v...zE" _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ICMP Echo Replies & Unknowns? Sheahan, Paul (PCLN-NW) (Jun 27)
- <Possible follow-ups>
- Re: ICMP Echo Replies & Unknowns? Matthew Collins (Jun 28)
- Re: ICMP Echo Replies & Unknowns? Phil Wood (Jun 28)