On Sep 15, 12:40pm, "Gaz" wrote: } } I don't think you will see the source as echo reply. By that, I mean that } the echo reply will only be evident in the destination. The source could be } any port.
ICMP does not have "port"s; therefore, this statement is non-sensical. } Remember ICMP is the odd protocol, which has to be allowed both ways through } a firewall, because the reply is a totally separate session. ICMP is a connectionless protocol; therefore, there is nu such thing as a "session". } If you telnet from A to B. The destination port is 23. In the reply from B } to A 'source' port is 23. Telnet uses TCP. There is no comparison. } If you use ping though for example, from A to B. The destination will be } echo. In the reply from B to A, the source will not be 'echo' it could be } anything. The important part will be the destination port which is } 'echo-reply'. ICMP does not have "port"s. It has "type"s and "code". Echo is type 8 and Echo Reply is type 0. Neither one uses codes, so the code is 0. The only information as to the source of an ICMP message is the IP address. As I said to the other guy, go read RFC 792 (especially before answering any more questions about it). } Hope I haven't confused. Hope even more that I haven't errored. You have errored. Go read the RFC, it is a simple one and will get you into the habit of going to the source when conducting your research. }-- End of excerpt from "Gaz" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42618&t=42618 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]