[Snort-users] Can we interpret the ICMP unreachable messages?

ronell at ...815... ronell at ...815...
Sun Nov 19 21:15:51 EST 2000


I just started using snort and have concerns about ICMP unreachable messages
that are a constant trickle to one of my machines. I found this excerpt from
an old thread that seems to propose one answer. Not sure it applies in my
case.
http://www.iihe.ac.be/mice-nsc/mbone/mbone-list/1992/0206.html
I would be very interested in a definitive way to trace this phenomenon back
to its source.
-----------
Ron Elliott
 

-----Original Message-----
From: Jason Haar [mailto:Jason.Haar at ...294...]
Sent: Sunday, November 19, 2000 16:42
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Can we interpret the ICMP unreachable messages?


I'm seeing ICMP messages like "port unreachable" with Snort and I was
wondering if I could actually work out what is going on there. I'm seeing
these harmless (I'm sure) packets between two machines and it (obviously)
looks like some service is down. Is there anyway I can work out WHAT port is
unreachable (or what host is unreachable WRT "host unreachable" ICMP
packets)?

Thanks

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users



More information about the Snort-users mailing list