At 2:53 PM -0400 4/26/02, Anthony Pace wrote: >I thought I was actually asking a CISCO syntax question but the ICMP >discussion turned out to be very educational as I thought I understood ICMP >but in fact was really not clear on the relationship of the echo and >echo-reply. It sounds like it is fairly primitve and straight forward. THank >you everyone!
A few comments inline. > >Anthony Pace >""Gaz"" wrote in message >[EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> You didn't muddy them half as much as I did! >> >> I think mine ranks up with my most inaccurate post ever. Unfortunately, I >> answered with the junk that I had in my mind, which for creating >> access-lists and configuring firewall rule bases has always been close >> enough to allow things to work (even if totally for the wrong reasons). >> As soon as I read John's post I realised what an arse I'd made of it. >> >> I will take a severe hand smacking for that one. Lesson learnt - get the >> facts right - don't guess. >> But maybe my totally incorrect answer induced John to shoot me down with a >> decent answer. I'll console myself with that. >> I've now read the RFC. >> >> John Nemeth, you're a cruel man, and I totally deserved it ;-) >> >> >> Joe Bloggs >> (Definitely not Gaz anyway) >> >> >> ""Jeremy"" wrote in message >> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... >> > I think it relates to the fact that ICMP uses TYPES rather than PORTS. >> > Though it still uses source and destination IP address, ports are not >> used, >> > so the whole source port thing doesn't really make sense with ICMP. >There >> > really is no "source type", so they don't have granularity on the source >> > address. Make Sense? Or did I muddy the waters further? >> > >> > -----Original Message----- >> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] >> > Sent: Thursday, April 25, 2002 5:29 PM >> > To: [EMAIL PROTECTED] >> > Subject: Re: Why does IOS only allow ICMP granularity on "destination" >> > [7:42618] >> > >> > >> > On Sep 15, 12:40pm, "Gaz" wrote: >> > } >> > } I don't think you will see the source as echo reply. By that, I mean >> that >> > } the echo reply will only be evident in the destination. The source >could >> > be >> > } any port. >> > >> > ICMP does not have "port"s; therefore, this statement is >> > non-sensical. Indeed, there are exploits (Ping of Death) that depend on systems expecting ICMP to be short. > > > >> > } Remember ICMP is the odd protocol, which has to be allowed both ways >> > through >> > } a firewall, because the reply is a totally separate session. >> > >> > ICMP is a connectionless protocol; therefore, there is nu such >> > thing as a "session". Not everything neatly falls into connectionless or connection-oriented, and, indeed, different functions in ICMP have different characteristics. Ping is an example of what might be called an "acknowledged datagram" protocol application, as are many client/server protocols. They are not true connection-oriented protocols because the destination often keeps no knowledge of the existence of the sender; it simply responds when it gets the query and then keeps no state. The sender, however, has to keep state to know it has a pending query. Effectively, this is short-connection in one direction and connectionless in the other. Even more complex are client/server applications where the server has to keep state until an application process gives it information it needs to answer the query. Protocols involving this sort of behavior include RPC, AppleTalk Transaction Protocol, X.25 Fast Select, etc. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=42746&t=42746 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
