[Snort-users] how to further diagnose 'ICMP Destination Unreachable' problem?

Stephen Nesman nesman at ...11827...
Tue Aug 30 12:11:03 EDT 2005


I've had some success using tcpdump (assuming that this is an ongoing issue 
and the source and destination are consistent). Tcpdump does decode the ICMP 
packet which should reveal what the real destination is. You may wish to 
watch traffic to the real destination with tcpdump after that to discover 
what services may be involved.

On 8/30/05, Chris W. Parker <cparker at ...13453...> wrote:
> 
> Briggs, Bruce <mailto:Bruce.Briggs at ...13183...>
> on Tuesday, August 30, 2005 6:39 AM said:
> 
> > You can find out a little more about ICMP Destination Unreachable
> > here: http://www.networksorcery.com/enp/protocol/icmp/msg3.htm
> 
> Thanks. I will get to reading.
> 
> > It could be caused by a number of things. For example there could be a
> > firewall (or router with ACLs) which is preventing a packet from being
> > received/forwarded and if the firewall had an option enabled to notify
> > the sender of this blocked port packet, then an ICMP type 3 code 3
> > packet would be sent out to the initiating IP addr from the firewall.
> 
> Unfortunately that's not the case but thanks for the info anyway.
> 
> 
> Chris.
> 
> 
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle 
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?listsnort-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050830/7d357063/attachment.html>


More information about the Snort-users mailing list