jessLAND notes - icmp
ICMP - Internet Control Message Protocol
****************************************
1. Gral. Info.
2. ICMP Message Format
3. ICMP Message types explained
4. ICMP Dangers
5. Stimulus & Response
99. Acronyms used
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
^ TOP ^
1. Gral. Info.
==============
- RFC 777: Internet Control Message Protocol.
RFC 792: Internet Control Message Protocol.
RFC 816: FAULT ISOLATION AND RECOVERY.
RFC 844: Who Talks ICMP, too? Survey of 18 February 1983.
RFC 896: Source Quench
RFC 950: IP Subnet Extension.
RFC 1108: U.S. DoD Security Options for the Internet Protocol.
RFC 1122: Requirements for Internet Hosts -- Communication Layers.
RFC 1123: Requirements for Internet Hosts -- Application and Support.
RFC 1127: A Perspective on the Host. Requirements RFC 1191: Path MTU Discovery.
RFC 1256: ICMP Router Discovery Messages.
RFC 1349: Type of Service in the Internet Protocol Suite
(now being replaced by the DiffServ mechanism - RFC 2474)
RFC 1393: Traceroute Using an IP Option.
RFC 1435: IESG Advice from Experience with Path MTU Discovery.
RFC 1475: TP/IX: The Next Internet.
RFC 1788: ICMP Domain Name Messages.
RFC 1812: Requirements for IP Version 4 Routers.
RFC 1940: Source Demand Routing: Pkt Format and Forwarding Specification v.1
RFC 2002: IP Mobility Support.
RFC 2003: IP Encapsulation within IP.
RFC 2011: SNMPv2 MIB for the Internet Protocol using SMIv2.
RFC 2401: Security Architecture for the Internet Protocol.
RFC 2474: Def. of Differentiated Services (DS) Field in IPv4 and IPv6 Hdrs.
RFC 2521: ICMP Security Failures Messages.
RFC 2765: Stateless IP/ICMP Translation Algorithm (SIIT).
RFC 2780: IANA Allocation Guidelines For Values In the Internet Protocol
and Related Headers.
RFC 2893: Transition Mechanisms for IPv6 Hosts and Routers.
- ICMP is IP protocol number 1. It's actually an adjunto to IP and is an
network layer protocol, but ICMP messages get encapsulated in IP datagrams.
- ICMP gives no guarantees about the delivery of a message.
...............................................................................
^ TOP ^
2. ICMP Message Format
======================
- The IP pkt contaning an ICMP pkt must have TOS = 0 (Precedence=0; TOS=0).
Routers will set Precedence to 6 or 7.
ICMP Error Messages (E) ICMP Query Messages (Q)
0 8 16 31 0 8 16 31
+-------+-------+---------------+ +-------+-------+---------------+
| type | code | hdr checksum | | type | code | hdr checksum |
+-------+-------+---------------+ +-------+-------+---------------+
|*: contents depend on type/code| | Identifier | Seq. number |
+-------------------------------+ +---------------+---------------+
| IP hdr + 8 bytes of original | | ( depends on query msg type ) |
|data of the datagram (usually) | +-------------------------------+
+-------------------------------+
*: Usually "unused" (mbz) except Identifier: used to pair reqs/replies
for:
3/4 dest.unreach.-frag.needed (In UNIX, usually the PID)
(Unused (2b)+link MTU (2b))
5 redirect (router IP addr) Seq.#: set to 0 and incremented with
12/0 parameter problem each new request
(4 bits ptr+unused (rest))
- ICMP message types:
[ http://www.isi.edu/in-notes/iana/assignments/icmp-parameters ]
T Codes Data RT RR HT HR
- ----- ---- -- -- -- --
0 Echo Reply Q 0 Var M M M M
1 [Unassigned] - - - - - -
2 [Unassigned] - - - - - -
3 Destination Unreachable E 0-15 8b M M M M
4 Source Quench E 4 8b O O O O
5 Redirect E 0124 8b M M ? ?
6 Alternate Host Address 0
7 [Unassigned] - - - - - - -
8 Echo Request Q 0 Var M M M M
9 Router Advertisement 0 Var M O P O
10 Router Solicitation 0 0b M M O O
11 Time Exceeded E 0-1 8b M M O O
12 Parameter Problem E 0-2 8b M M M M
13 Timestamp Request Q 0 12b O O O O
14 Timestamp Reply Q 0 12b O O O O
15 Information Request Q 0 0b Ob Ob Ob Ob
16 Information Reply Q 0 0b Ob Ob Ob Ob
17 Address Mask Request Q 0 4b M M O O
18 Address Mask Reply Q 0 4b M M O O
19 [Reserved-security] - - - - - - -
20-29 [Rsvd-Robustness Experiment] - - - - - - -
30 Traceroute 0-1 ? ? M M
31 Datagram Conversion Error 0-11 Var
32 Mobile Host Redirect
33 IPv6 Where-Are-You
34 IPv6 I-Am-Here
35 Mobile Registration Request
36 Mobile Registration Reply
37 Domain Name Request Q 0 0b M M M M
38 Domain Name Reply Q 0 0b M M M M
39 SKIP
40 Photuris, Security failures 0-3 Var E E E E
41-255 Reserved
[ T(ype): E(rror) / Q(uery) ]
[ RT / RR (Router Implementation in Transmission / Reception)
HI / HR (Host Implementation in Transmission / Reception):
M(andatory) / O(ptional) / P(rohibited) / Ob(solete) / E(xperimental) ]
...............................................................................
^ TOP ^
3. ICMP Message types explained
===============================
- Refs: + http://www.isi.edu/in-notes/iana/assignments/icmp-parameters
0. echo reply (Q)
-----------------
- A host receiving an echo request should form the reply by just reversing the
IP addreses of source and destination, changing the type to 0 and recomputing
the checksum.
3. destination unreachable (E)
------------------------------
- Codes:
0 network-unreachable
1 host-unreachable - Host does not respond to ARP
2 protocol-unreachable - Protocol not supported on dst
3 port-unreachable - dst port closed & cannot not inform src
4 fragmentation-needed - fragmentation-needed & DF flag set.
The ICMP msg contains the MTU of the netwrk
that requires fragmentation. Sometimes
intentional (See Path MTU discovery mechanism)
Format: *: Unused (2b) + link MTU (2b)
5 source-route-failed - Router cannot send pkt to next hop in list
6 dst-network-unknown - Should not be used - 0 instead
7 dst-host-unknown -
8 src-host-isolated - Router configured to not forward pkts from src
9 network-prohibited - Access to network prohibited
10 host-prohibited - Access to host prohibited
11 TOS-network-unreachable - Route to dst net with TOS is not available
12 TOS-host-unreachable - Route to dst host with TOS is not available
13 communication-prohibited - (admin prohibited filter)
14 host-precedence-violation - Sent by 1st router to a host when a precedence
combination is not permitted for a combination
of src/dst host or net, upper layer protocol,
or src/dst port
15 precedence-cutoff - Dg with precedence less than minimum required
4. Source quench (E)
--------------------
- ICMP SQ is intented for use with the UDP protocol, which do not implement flow control.
- A S.Q. msg should be sent whenever a packet is dropped, and additionally
may be sent when a gateway finds itself becoming short of resources.
An ICMP source quench is the way a host/router informs the source that it's
sending too much data, and to throttle back the rate of transmission. There
is also a redirect associated with S.Q. that allows a router to tell a host to
redirect transmission of pkts to a different router.
- Routers should not generate S.Q. msgs RFC 1812); if they do, they must be
able to limit the rate at which they are generated. If a router receives S.Q.
msgs it may ignore them.
5. redirect (E)
---------------
- Used by routers to tell the sending host/router that there is a more optimum
router for sending the traffic to the destination, so it can update its
routing table for the next time. The non-optimum router will, nevertheless,
deliver the traffic to the destination host.
- Format: *: Router IP address
- The router generating the redirect, the more optimum router and the sending
host must be in the same subnet.
- Codes: 0 - network-redirect ; 1 - host-redirect
2 - TOS-network-redirect ; 4 - TOS-host-redirect
6. Alternate Host Address
-------------------------
- Reply that indicates another host address should be used for the desired
service. Should redirect application to another host.
8. echo request - Same structure as "echo reply"
---------------
- Facts:
+ Some of the later vers. of Windows do not respond to broadcast ICMP pings.
- Identifier & Sequence Number:
+ Identifier:
· UNIX: usully the PID of the application.
Linux: Identifier is incremented by 1 in sequential instances of an
application call.
+ Seq. Number: incremented by 1 in every pkt sent
+ Ex. # ping myhost (identifier & seq. number are byte-swapped)
src > dst: icmp: echo request-id 0x1d75-sq 0x0000 [0800 5ccd 1d75 0000]
src > dst: icmp: echo reply -id 0x1d75-sq 0x0000 [0000 64cd 1d75 0000]
src > dst: icmp: echo request-id 0x1d75-sq 0x0100 [0800 26cf 1d75 0100]
src > dst: icmp: echo reply -id 0x1d75-sq 0x0100 [0000 2ecf 1d75 0100]
src > dst: icmp: echo request-id 0x1d75-sq 0x0200 [0800 0bcf 1d75 0200]
src > dst: icmp: echo reply -id 0x1d75-sq 0x0200 [0000 13cf 1d75 0200]
[C-c]
# ping myhost
src > dst: icmp: echo request-id 0x1e75-sq 0x0000 [0800 5ccd 1d75 0000]
src > dst: icmp: echo reply -id 0x1e75-sq 0x0000 [0000 64cd 1d75 0000]
src > dst: icmp: echo request-id 0x1e75-sq 0x0100 [0800 26cf 1d75 0100]
src > dst: icmp: echo reply -id 0x1e75-sq 0x0100 [0000 2ecf 1d75 0100]
src > dst: icmp: echo request-id 0x1e75-sq 0x0200 [0800 0bcf 1d75 0200]
src > dst: icmp: echo reply -id 0x1e75-sq 0x0200 [0000 13cf 1d75 0200]
- Payload:
+ UNIX: 56b ; Windows: 32b
+ The payload often consists of a 8b time-stamp an a fill pattern.
+ Sample payloads:
56b: 8 byte tstamp + 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 ...
32b: 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d ... -> a b c d ...
32b: 41 42 43 44 45 46 47 48 49 4a 4b 4c 4d ... -> A B C D ...
5b: 44 48 43 50 43 -> DHCPC
0b (No Payload)
9 & 10 - Router Advertisement & Router Solicitation
---------------------------------------------------
- RFC 1256 - IRDP - ICMP Router Discovery Protocol
- Each router periodically multicasts a Router Advertisement from each of its
multicast interfaces, announcing the IP addr(s) of that interface.
Hosts discover the addresses of their neighboring routers and its priority
relative to the priorities of the other routers on the same segment simply by
listening for advertisements.
When a host attached to a multicast link starts up, it may multicast a Router
Solicitation to ask for immediate router advertisements, rather than waiting
for the next periodic ones to arrive.
End systems which implement IRDP also conform to the Host Requirements
standards, which require them to look for alternate routes if TCP connections
become stalled.
- Mobile IP makes use of the existing Router Advertisement and Router
Solicitation msgs defined for ICMP Router Discovery.
- There is no way to authenticate that the sender router is who it says it is,
so spoofed IRDP Router Advertisements can be used in malicious ways.
- 9. Router Advertisement
Multicasted msg. Each router address/preference level pair is considered an
entry in the list.
0 8 16 31
+-------+-------+---------------+
| type | code | checksum |
+-------+-------+---------------+
| Ad Cnt|Addr sz| Lifetime |
+-------------------------------+
~ Router addr structs: 0-> n ~
+-------------------------------+
Ad Cnt: Advertisement count. Number of router advertisements in this message.
Each advertisement contains one router address/preference level pair.
Addr sz: number of 32-bit words of info for each router addr entry in the
list. The value is normally set to 2 (router addr+preference level).
Lifetime: Max. number of secs that the router addrs in this list are valid.
Router addr structs: One or more router addrs and the associated preference
level.
[ Router addr: 4b ; Preference level: 4b ]
Preference level: Preferability of the router addr as a
default router addr, relative to other router addrs on
the same subnet.
Signed, 2-complement: higher values -> more preferable.
- 10. Router Solicitation (Router Selection)
0 8 16 31
+-------+-------+---------------+
| type |code(0)| checksum |
+-------+-------+---------------+
| Reserved |
+-------------------------------+
11. Time Exceeded (E)
---------------------
- If received from an intermediate router, it means that the TTL of an IP dg
has expired.
If received from the destination host, it means that the IP fragment
reassembly time-to-live timer has expired while the host is waiting for a
fragment of the dg.
- Codes: 0: ttl exceeded in transit
1: ttl exceeded during fragment reassembly
12. Parameter Problem (E)
-------------------------
- Sent when a router (must generate this message) or a host (should generate
this message) process a dg and finds a problem with the IP hdr parameters,
which is not specially covered by another ICMP error message. The ICMP PP
error message is only sent if the error caused the dg to be discarded.
- Codes: 0 Pointer to the octet of the sending msg that caused the problem
1 Required option missing RFC 1108)
2 Bad length
- Format: *: for code 0: Pointer (4 bits) + Unused (4 bits + 3b)
rest: Unused (4b)
13 & 14. Time Stamp Request & Reply
-----------------------------------
- One host requests another for the current time (e.g. to keep clocks synced)
- Allows a sender to determine the amount of latency that a particular network
is experiencing (not very accurately, though, due to unpredictable network
latency).
0 8 16 32 timestamp: ms since midnight UT
+-------+-------+---------------+
| type |code(0)| checksum |
+-------+-------+---------------+
| identifier | seq. number |
+---------------+---------------+
| originate timestamp | <- Set by src in query
+-------------------------------+
| receive timestamp | <- Set by dst in reply on reception
+-------------------------------+
| transmittimestamp | <- Set by dst in reply on delivery
+-------------------------------+
- Notes:
+ If implemented, the receiving host must answer to queries.
+ Requests to broadcast or multicast can be silently discarded.
+ If source-route option is set in request it must be copied to the reply.
+ If Record Route or Timestamp options are set in the request, these should
be updated to include the current host and included in the reply.
- Solaris, Linux and HP-UX answer to broadcast TS requests.
15 & 16. ICMP Information Request & Reply
-----------------------------------------
- Intended to support self-configuring systems such as diskless workstations
at boot time, to allow them to discover their network address.
- It's now OBSOLETE. RARP, BOOTP & DHCP provide better mechanisms for
hosts to discover its own IP address.
- Destination IP address should be set to zero: only hosts that reside on the
same network can send these querys. Some OSs will answer the querys even when
they do not come from the same network.
- HP-UX answers to a broadcast Information Request.
17 & 18. ICMP Address Mask Request and Reply
--------------------------------------------
- RFC 950
- The ICMP address mask request (and reply) is intended for diskless systems
to obtain its subnet mask in use on the local network at bootstrap time.
AM request is also used when a node wants to know the address mask of an
interface. The reply (if any) contains the mask of that interface.
0 8 16 32
+-------+-------+---------------+
| type |code(0)| checksum |
+-------+-------+---------------+
| identifier | seq. number |
+---------------+---------------+
| subnet address mask |
+-------------------------------+
- Routers should respond to AM requests. Solaris and some modem servers usually
respond too. Linux & NT SP6a don't.
30. Traceroute
--------------
- RFC 1393
- IP option packet format:
0 8 16 31
+-----------------+---------------+
|F|C|Num | Length | ID Number |
+--------+- ------+---------------+
|Outbound Hop Cnt | Return Hop Cnt|
+-----------------+---------------+
~ DATA ~
+---------------------------------+
F (Fragment) - 1 bit: 0: Don't copy to fragments ; 1: Copy to fragments
C (Class) - 2 bits: 2 Debugging & Measurement.
Number - 5 bits: 18 (F+C+Number = 82).
ID Number: Arbitrary number used by the originator of the Outbound pkt to
(16 bits) identify the ICMP Traceroute messages.
NOT related to the ID number in the IP header.
Outbound Hop Count: Number of routers through which the Outbound pkt has
(16 bits) passed. Not incremented by Outbound pkt's destination.
Return Hop Count: Number of routers through which the Return pkt has passed.
(16 bits) Not incremented by the Return pkt's destination.
Originator IP Address: IP addr of the originator of the Outbound pkt.
(32 bits) Needed so the routers know where to send the ICMP
Traceroute msg for Return pkts. Also needed for
Outbound pkts which have a Source Route option.
- ICMP pkt format:
0 8 16 32
+--------+--------+-----------------+
| type | code | checksum |
+--------+--------+-----------------+
| identifier | (Unused) |
+-----------------+-----------------+
| Outbound Hop Cnt| Return Hop Cnt |
+-----------------------------------+
| Output Link Speed |
+-----------------------------------+
| Output Link MTU |
+-----------------------------------+
- Codes: 0 Outbound Packet successfully forwarded.
1 No route for Outbound Packet. The packet was discarded.
Outbound Hop Count: The Outbound Hop Count as copied from the IP Traceroute
(16 bits) option of the pkt which caused this Traceroute msg to be
sent.
Return Hop Count: The Return Hop Count as copied from the IP Traceroute
(16 bits) option of the pkt which caused this Traceroute msg to be
sent.
Output Link Speed: Speed, in bytes per second, of the link over which the
(32 bits) Outbound/Return Packet will be sent. If this value cannot
be determined, the field should be set to zero.
Output Link MTU: MTU, in bytes, of the link over which the Outbound/Return
(32 bits) pkt will be sent. MTU refers to the data portion
(includes IP header; excludes datalink header/trailer)
of the pkt. If this value cannot be determined, this
field should be set to zero.
31. Datagram Conversion Error
-----------------------------
- RFC 1475
- The introduction of network layer conversion requires a new message type, to
report conversion errors. Note that an invalid datagram should result in the
sending of some other ICMP message (e.g., parameter problem) or the silent
discarding of the datagram. This message is only sent when a valid datagram
cannot be converted.
0 8 16 31
+-------+-------+---------------+
| type | code | checksum |
+-------+-------+---------------+
| Offset |
+-------------------------------+
~ DATA ~
+-------------------------------+
- Codes:
0 Unknown or unspecified error.
1 Don't convert option present.
2 Unknown mandatory option present.
3 Known unsupported option present.
4 Unsupported transport protocol.
5 Overall length exceeded.
6 IP header length exceeded.
7 Transport protocol > 255.
8 Port conversion out of range.
9 Transport header length exceeded.
10 32-bit rollover missing and ACK set.
11 Unknown mandatory transport option present.
The use of code 0 should be avoided, any other condition found by
implementors should be assigned a new code requested from IANA. When code 0
is used, it is particularily important that the pointer be setproperly.
37. Domain Name Request (Q)
---------------------------
- A separate Domain Name Request is used for each IP Destination queried.
- An ICMP Domain Name Request received with a broadcast or multicast
Destination MUST be silently discarded.
- The IP Source in a Reply MUST be the same as the IP Destination of the
corresponding Request msg.
38. Domain Name Reply (Q)
-------------------------
- Generated in response to the Domain Name request message (37)
- The IP Source in a Reply MUST be the same as the IP Destination of the
corresponding Request msg.
39. SKIP - Simple Key Management for Internet Protocols
-------------------------------------------------------
- If a node (or communications end point) receives a SKIP pkt that specifies
algorithms it does not support (or prefer), it should send an authenticated
ICMP msg indicating this failure and specifying which algorithms it supports.
The ICMP pkt must be encapsulated using SKIP and AH with keyed MD5 used as
the authentication algorithm. Any received ADP ICMP msg that is not
authenticated must be ignored and should be recorded in the system/audit log.
- The ICMP message should always specify the complete set of Kij, Crypt, MAC,
and compression algorithms the host supports.
- SKIP ADP ICMP msg Format:
0 8 16 31
+----------+-----------+--------------------+
| type | code | checksum |
+----------+-----------+--------------------+
|Ver | Rsv| proto | port number |
+----------+-----------+--------------------+
| n Kij | Kij Algs(0-255), 1b each |
+----------+--------------------------------+
| n Crypt | Crypt Algs(0-255), 1b each |
+----------+--------------------------------+
| n MAC | MAC Algs(0-255), 1b each |
+----------+--------------------------------+
| n Comp |Compression Algs.(0-255),1b each|
+----------+--------------------------------+
Ver: Version of the ICMP message.
Rsv: Reserved. Must be set to zero by the sender and ignored by the receiver.
proto & port number: indicate if this algorithm discovery is to be applied
only for a particular protocol or port # pair. This
allows different communication end-points on an IP node
to use different algorithms.
If the algorithms are to be used on a per-Master
Key-ID (MKID) basis, rather than a per-communications
end-point basis, the "proto" field must be zero. If
"proto" is zero, "port number" must be ignored. In this
case, the algorithms should be used on a per-MKID basis,
where the MKID is the source Master Key-ID in the ICMP
hdr. If the source MKID is absent from the SKIP hdr,
the algorithms should be used on a per-node basis,
using the src IP addr of the ICMP msg as the node
identifier.
Kij/Crypt/MAC/Comp: first, one byte to specify how much algs of that kind
the system supports. Then a list with the 1-byte
identifiers of Kij, Crypt, MAC, and Compression algs
supported, most desirable first, least desirable last.
If the system does not support a class of algs: 0.
A host can elicit a SKIP_ICMP message by sending a SKIP pkt to the remote
host with Kij Alg set to zero.
- Codes: 7 6 5 4 3 2 1 0
I P M C R
I: set if the Kij algorithm is unsupported in the SKIP pkt.
P: set if the Crypt algorithm is unsupported in the SKIP pkt.
M: set if the MAC algorithm is unsupported in the SKIP pkt.
C: set if the compression algorithm is unsupported in the SKIP pkt.
R: set if replay protection is required but was not used in the SKIP pkt.
In case a replay protection mechanism is defined, this bit can be used
to request replay protection.
bits 0-2: Reserved. Must be set to zero by sender and ignored by receiver.
40. Photuris - Security failures
--------------------------------
- RFC 2401: Security Architecture for the Internet Protocol.
RFC 2521: ICMP Security Failures Messages.
RFC 2522: Photuris: Session-Key Management Protocol
RFC 2523: Photuris: Extended Schemes and Attributes
- Photuris: key management protocol alternative to IKE and ISAKMP.
- Unauthenticated SKIP ADP msgs or msgs that fail authentication must be
discarded.
- Used for indicating failures with the IPSec protocols AH and ESP.
0 8 16 31
+-------+-------+---------------+
| type | code | checksum |
+-------+-------+---------------+
| Reserved | pointer |
+---------------+---------------+
~ DATA ~
+-------------------------------+
- Codes:
0 Bad SPI. Received dg includes an invalid or expired SPI.
1 Authentication Failed. Dg failed authenticity or integrity
check for a given SPI.
2 Decompression Failed. Dg failed decompression check for a given SPI.
3 Decryption Failed. Dg failed decryption check for a given SPI.
4 Need Authentication. Dg will not be accepted without additional
authentication.
5 Need Authorization. Dg will not be accepted because it has
insufficient authorization.
- Pointer: A pointer offset into the Original Internet Headers that
locates the most significant octet of the offending SPI.
Will be zero when no SPI is present.
- Data: The original IP header, any intervening headers up to and
including the offending SPI (if any), plus the first 64 bits (8
octets) of the remaining payload data. This data is used by the host
to match the message to the appropriate process. If a payload protocol
uses port numbers, they are assumed to be in the first 64-bits of the
original datagram's payload.
...............................................................................
^ TOP ^
4. ICMP Dangers
===============
- ping:
+ Can be used for DoS attacks. Any protocol can, but ICMP is easier as
standard cli tools allow to easily do it.
+ Network Mapping. Increases the efficiency of further attacks.
+ Malformed pings may cause systems with weak IP stacks to malfunction.
+ The data portion of ping can legally contain anything -> Covert channels /
/ tunnels
- redirect (5): causes changes to a host's routing tables.
- destination unreachable: fake d.u. msgs may cause hosts to cut off
communications in progress (very popular on IRC)
...............................................................................
^ TOP ^
5. Stimulus & Response
======================
- See RFC 1122
- Notes about ICMP messages generation:
+ ICMP err msgs are never sent in response to
- another ICMP error msg
- a dg destined to network or broadcast addrs.
- a dg sent as a link layer broadcast or multicast
- a dg whose src addr does not represent a unique host
(0.0.0.0, loopback, broadcast, multicast)
- an IGMP msg
+ For transient errors (such as an invalid checksum or a data-link delivery
failure), no ICMP messages should be sent.
+ For fragmented IP dgs, ICMP msgs are only sent for errs on fragment 0
+ Routers will almost always generate ICMP msgs but when it comes to a dst
host(s), the number of ICMP msgs generated is implementation dependent.
- An unsolicited ICMP echo reply does not generate a response of any kind
(Verified on Linux 2.4)
...............................................................................
^ TOP ^
99. Acronyms used
=================
+ alg(s): algorithms
+ dg: datagram
+ pkt: packet
+ msg(s): message(s)
+ err(s): error(s)
+ addr(s): address(es)
+ src: source
+ dst: destination
+ sec(s): second(s)
+ E: Error
+ Q: Query
+ R: Router
+ H: Host
+ SPI: Security Parameter Index
Last Updated: 21/08/2003-02:41:17 - © Copyright 2004, Jess García