Nmap Announce mailing list archives
Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines)
From: Darren Reed <avalon () coombs anu edu au>
Date: Sat, 25 Nov 2000 12:23:00 +1100 (Australia/ACT)
In some mail from Ofir Arkin, sie said:
Every ICMP error message includes the Internet Protocol (IP) Header and at least the first 8 data bytes of the datagram that triggered the error (the offending datagram); more than 8 bytes may be sent according to RFC 1122. Except for LINUX and Sun Solaris based machines all other operating systems will closely follow RFC 1122 guidelines quoting the IP Header and the first 8 bytes of data of the offending packet.
Wrong, HP-UX 11 also quotes more, by default, if I recall correctly. NetBSD has a sysctl to control how much gets quoted (curtesy of yours truely :-). If you read RFC1122 closely, it says that the inclusion of 64bits of data from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX are not in error here: ... Every ICMP error message includes the Internet header and at least the first 8 data octets of the datagram that triggered the error; more than 8 octets MAY be sent; this header and data MUST be unchanged from the received datagram. ... Darren -------------------------------------------------- For help using this (nmap-hackers) mailing list, send a blank email to nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines) Ofir Arkin (Nov 25)
- Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines) Darren Reed (Nov 25)