well, in practical terms, all that matters is whether you can get there or
not. anything else is icing on the cake, so to speak.
one of the bad things that has happened as a result of the DDoS attacks of
the last year or so is that a lot of net admins have locked down their
networks, and you don't get ping replies at all. how do you know you can get
from here to there if all ICMP replied are dropped no matter what?
in a way, you can look at the RFC and see what the writers and designers
were thinking - more information leads to better analysis of issues. on the
other hand, it is well publicized in security circles that the less
information you provide, the more difficult it is for people with bad
intentions to discover things about you.
Chuck
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Neiberger
Sent: Tuesday, July 03, 2001 3:45 PM
To: [EMAIL PROTECTED]
Subject: Re: ping replies [7:10910]
I personally have yet to encounter anything except a period, an
exclamation point, a U, and I think possibly an A once. But that's it.
I've tried to get some of the others to occur but it doesn't seem that
Cisco has bothered to be too specific with their implementation. ;-)
Apparently, in Cisco ICMP, we have the following reply values:
! = Good Response
. = No Response
U = We got a response and it wasn't good, but we don't feel like
necessarily letting you in on what it was.
John
>>> "Priscilla Oppenheimer" 7/3/01 3:46:38 PM
>>>
As we all know, ping is really an ICMP echo. There are many possible
ICMP
replies. Now, Cisco could tell the user of the Cisco IOS ping command
the
actual reply received, but instead they output a character code.
(Wouldn't
want to make the product intuitive, now would we?) I'm trying to get
more
data on the character codes.
This is not a newbie question. Don't send me the chart of ping reply
codes.
I've already seen about 20 versions of the chart. I'm trying to figure
out
what routers really display and why there are so many versions of the
chart. Putting together all versions of the chart (plus the A code that
we
have all seen but is not listed in Cisco documentation, as far as I can
tell), I have developed this list:
! An ICMP echo reply was received.
. The sending router or switch timed out while waiting for a
reply.
U A destination unreachable response was received.
N A network unreachable response was received.
H A host unreachable response was received.
P A protocol unreachable response was received.
M Fragmentation was needed and the don't fragment (DF) bit was
set.
& A time-to-live exceeded message was received.
I The user interrupted the test.
A The ping was administratively prohibited (blocked by an access
list
probably).
Q A source quench response was received.
? An unknown packet was received.
C A packet was received with the congestion-experienced bit
set.**
Questions:
Has anyone ever seen N, H, or P? It seems to me that Cisco just outputs
U
if the router receives network, host, or protocol unreachable.
Has anyone ever seen M? I couldn't get this to happen in my lab. Is M
even
for real or was that an error in one of the versions of the
documentation?
Has anyone every seen &? I couldn't get that one to happen either.
How about I? That doesn't happen on my routers. Plus one version of the
documentation said it was |, not I.
And how about the mysterious C? I found out that it's related to RFC
2481,
an experimental protocol that adds explicit congestion notification to
IP.
Maybe some internal developer asked for this. Cisco clearly favors
helping
developers troubleshoot over helping customers troubleshoot. (Sorry,
but
this ping research has made me angry at Cisco.)
Thanks for your help.
Priscilla
________________________
Priscilla Oppenheimer
http://www.priscilla.com
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=10922&t=10910
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
