Browsing articles tagged with "icmp - Admins Goodies"
Jun 21, 2012
tom

freebsd dmesg has a lot of “Limiting icmp unreach response from 1293 to 200 packets/sec”

I has a simple freebsd 9.0 machine.But everytime i start my freebsd and use command dmesg. There aren’t any hardware information there but full of “Limiting icmp unreach response from 1293 to 200 packets/sec” there. Does any one there can tell me why this happen? And how can i erase this ? Asked by altman It seems that your machine is being hit by UDP packets which are destined to closed ports. So, it is […]

Continue Reading »
Apr 26, 2012
tom

Denying ICMP type 3 code 4 traffic – good or bad?

Investigating a slow VPN connection (Cisco ASA IPSec) to a remote office, I noticed on our firewall a lot of access rule matches: Denied ICMP type=3, code=4 from *ip_address* on interface outside I noticed that a traceroute to the remote site included the same IP address, somewhere between our ISP and the ISP the remote site uses. I’m also seeing a message immediately after before saying No matching connection for ICMP error mesage: icmp src […]

Continue Reading »
Mar 28, 2012
tom

Can i change the default AWS EC2 Public DNS?

I’m using Route 53 and created A record to the Elastic IP that associated with an instance. In Security Group, i activated the “All ICMP” and make it accessible from anywhere (0.0.0.0/0) so i can ping it. When i pinged my domain this is the output: 64 bytes from ec2-xx-xxx-xxx-xxx.ap-southeast-1.compute.amazonaws.com (xx.xxx.xxx.xxx): icmp_req=477 ttl=55 time=19.5 ms Question: Can i change the public DNS so the output will be like below? 64 bytes from my.domain.com (xx.xxx.xxx.xxx): icmp_req=477 […]

Continue Reading »
Jan 31, 2012
tom

size of packet icmp with netstat TX

I am confused with the size of packet icmp. I just did a simple initial netstat, where for eth0 : TX-OK = 485 after 1 ping message is send, again I see in netstat TX-OK = 488 So, I just want to know how does the TX actually intepret the icmp packet is counted? I thought with 1 ping , then the TX-OK will be 486? *edit : 1 PING is 64 bytes. so howcome […]

Continue Reading »
Dec 12, 2011
tom

What does the C3 portion of 0xC308(BE) mean in an ICMP identifier?

I am using Wireshark to analyze traffic. I know that the 8 refers to the echo (ping) type. I have been unsuccesful with finding information regarding the C3 byte. Identifier (BE): 49928 (0xc308) You can look it up in rfc792 (page 13): Identifier If code = 0, an identifier to aid in matching echos and replies, may be zero. Here is another usefull link: http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml Check more discussion of this question. Bookmark on Delicious Digg […]

Continue Reading »
Aug 23, 2011
tom

ping -f shows problems but regular ping doesn’t

I have a strange issue, hosting at Softlayer Washington data center. Test from an EC2 instance to my server at Softlayer :- [root@EC2-box ~]# ping -f -c 100 MY-SL-BOX PING MY-SL-BOX (MY-SL-BOX) 56(84) bytes of data. ………………………………………….. — MY-SL-BOX ping statistics — 100 packets transmitted, 50 received, 50% packet loss, time 743ms rtt min/avg/max/mdev = 2.464/2.906/3.606/0.220 ms, ipg/ewma 7.505/2.927 ms [root@EC2-box ~]# Test from an EC2 instance to www.softlayer.com (or any other website):- [root@EC2-box ~]# […]

Continue Reading »
Aug 23, 2011
tom

How do you allow ICMP Echo Requests on a Cisco ASA 55xx Router?

I’m very new to managing Cisco equipment, so bear with me. I’m configuring a Cisco ASA 5505 router for my office, and I am reasonably competent enough with the console to configure the basics — our business needs are not extravagant. Our pings are being dropped by the router, however. How do I configure the router to allow ICMP Echo Requests? Are there other types of ICMP requests that should be allowed? What are the […]

Continue Reading »
Aug 23, 2011
tom

How to properly interpet the results of tracert, in particular the second to last hop before a timeout

I am troubleshooting a wireless internet connection that is continuously dropping. The isp says the radio signal is good so it must by my cisco asa 5505. I don’t believe them… For discussion assume the following: Remote site public ip is 10.1.1.50 and its default gateway is 10.1.1.1 When i am doing a tracert from a remote location to 10.1.1.50, should the second to last hop of the tracert always be 10.1.1.1? When the connection […]

Continue Reading »
Aug 22, 2011
tom

Why block outbound ICMP?

This question is slightly related to “Why Block Port 22 Outbound?“. I don’t see how this can be a notable security risk. Blocking ICMP outbound and ALL other connections from your environment is a good start for building your firewall/security policy. But there are a lot of things that you should know before hand and take into account. A good example is when blocking all ICMP packets while allowing some other protocols such as tcp […]

Continue Reading »
Aug 20, 2011
tom

Why not block ICMP?

I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script… # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete all chains# Disable routing. Drop packets if they reach the end of the chain. iptables -P FORWARD DROP# Drop all packets with a bad state iptables -A INPUT -m state […]

Continue Reading »
Pages:123»