Snort mailing list archives
Re: how to further diagnose 'ICMP Destination Unreachable' problem?
From: Stephen Nesman <nesman () gmail com>
Date: Tue, 30 Aug 2005 15:10:12 -0400
I've had some success using tcpdump (assuming that this is an ongoing issue and the source and destination are consistent). Tcpdump does decode the ICMP packet which should reveal what the real destination is. You may wish to watch traffic to the real destination with tcpdump after that to discover what services may be involved. On 8/30/05, Chris W. Parker <cparker () swatgear com> wrote:
Briggs, Bruce <mailto:Bruce.Briggs () suny edu> on Tuesday, August 30, 2005 6:39 AM said:You can find out a little more about ICMP Destination Unreachable here: http://www.networksorcery.com/enp/protocol/icmp/msg3.htmThanks. I will get to reading.It could be caused by a number of things. For example there could be a firewall (or router with ACLs) which is preventing a packet from being received/forwarded and if the firewall had an option enabled to notify the sender of this blocked port packet, then an ICMP type 3 code 3 packet would be sent out to the initiating IP addr from the firewall.Unfortunately that's not the case but thanks for the info anyway. Chris. ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?listsnort-users
Current thread:
- how to further diagnose 'ICMP Destination Unreachable' problem? Chris W. Parker (Aug 29)
- Re: how to further diagnose 'ICMP Destination Unreachable' problem? Alex Butcher, ISC/ISYS (Aug 31)
- <Possible follow-ups>
- RE: how to further diagnose 'ICMP Destination Unreachable' problem? Briggs, Bruce (Aug 30)
- RE: how to further diagnose 'ICMP Destination Unreachable' problem? Chris W. Parker (Aug 30)
- Re: how to further diagnose 'ICMP Destination Unreachable' problem? Stephen Nesman (Aug 30)