[Tfug] How do I Interpret ICMP Probes?
Adrian
choprboy at dakotacom.net
Sun Jun 17 03:14:18 MST 2007
On Saturday 16 June 2007 22:58, Felix Tilley wrote:
> How do I interpret ICMP probes? I log them, but do not drop them.
>
> I cannot finf anything in the man pages that interprets they TYPES and
> CODES.
>
ICMP is just another protocol like TCP or UDP. Type and code fields for ICMP
are defined by the relevant RFCs, and similar to SYN/ACK or port numbers, the
type/code exist to differentiate the ICMP packet purpose. The following is a
pretty good list of ICMP types and codes for looking stuff up:
http://www.spirit.com/Resources/icmp.html
> May 31 18:30:41 -0700 SRC=4.242.129.36 DST=4.240.150.100 PROTO=ICMP
> TYPE=8 CODE=0 ID=512
So, as you expected, a type 8 ICMP packet is an echo request (ping). There are
no defined codes for type 8. And yes... pings are often a fore-runner to
attack probes and attempts, though by no means a distingusher of future
packets.
Adrian
More information about the tfug
mailing list