[Snort-users] ICMP: Destination Unreachable

Tom Sevy tsevy at ...1701...
Thu Apr 5 13:28:28 EDT 2001

No.  nt2118wk (111.222.333.444) is running What's Up Gold to simply monitor
& alert on up/down status of hosts (including

-----Original Message-----
From: shawn . moyer [mailto:shawn at ...1184...]
Sent: Thursday, April 05, 2001 12:57 PM
To: Tom Sevy
Cc: Snort Users (E-mail)
Subject: Re: [Snort-users] ICMP: Destination Unreachable

Tom Sevy wrote:
> I don't wish to stop the logging of this message, but rather would like to
> find out why I am seeing this:
> Apr  4 23:59:45 snort[3164]: ICMP Destination Unreachable: 111.222.333.444
> (nt2118wk)  ->
> Yet I can go to nt2118wk and ping NT401PRD and it will work.
> Any thoughts on what could be causing this kind of false positive?  Or a
> to determine what exactly on my network is giving the message back to
> nt2118wk about destination unreachable?

Is the 111.222.333.444 box's gateway? Possibly it has a bad
route and is trying to send to a host that the other box can't route to.
If you run tcpdump for a bit on the box you should see the whole
message, which should look like:

icmp dest unreachable for <blah>

You should then be able to investigate why is trying to send
traffic to <blah>.



s h a w n   m o y e r
shawn at ...1184...

"Nuclear war would really set back cable."
	                     -- Ted Turner

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list