[Snort-users] Can we interpret the ICMP unreachable messages?

ronell at ...815... ronell at ...815...
Sun Nov 19 21:15:51 EST 2000

I just started using snort and have concerns about ICMP unreachable messages
that are a constant trickle to one of my machines. I found this excerpt from
an old thread that seems to propose one answer. Not sure it applies in my
I would be very interested in a definitive way to trace this phenomenon back
to its source.
Ron Elliott

-----Original Message-----
From: Jason Haar [mailto:Jason.Haar at ...294...]
Sent: Sunday, November 19, 2000 16:42
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Can we interpret the ICMP unreachable messages?

I'm seeing ICMP messages like "port unreachable" with Snort and I was
wondering if I could actually work out what is going on there. I'm seeing
these harmless (I'm sure) packets between two machines and it (obviously)
looks like some service is down. Is there anyway I can work out WHAT port is
unreachable (or what host is unreachable WRT "host unreachable" ICMP



Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
Snort-users mailing list
Snort-users at lists.sourceforge.net

More information about the Snort-users mailing list