Re: how to further diagnose 'ICMP Destination Unreachable' problem?

[Stephen Nesman <nesman () gmail com>]

I've had some success using tcpdump (assuming that this is an ongoing issue 
and the source and destination are consistent). Tcpdump does decode the ICMP 
packet which should reveal what the real destination is. You may wish to 
watch traffic to the real destination with tcpdump after that to discover 
what services may be involved.

On 8/30/05, Chris W. Parker <cparker () swatgear com> wrote:
> Briggs, Bruce <mailto:Bruce.Briggs () suny edu>
> on Tuesday, August 30, 2005 6:39 AM said:
>
> > You can find out a little more about ICMP Destination Unreachable
> > here: http://www.networksorcery.com/enp/protocol/icmp/msg3.htm
>
> Thanks. I will get to reading.
>
> > It could be caused by a number of things. For example there could be a
> > firewall (or router with ACLs) which is preventing a packet from being
> > received/forwarded and if the firewall had an option enabled to notify
> > the sender of this blocked port packet, then an ICMP type 3 code 3
> > packet would be sent out to the initiating IP addr from the firewall.
>
> Unfortunately that's not the case but thanks for the info anyway.
>
>
> Chris.
>
>
> -------------------------------------------------------
> SF.Net email is Sponsored by the Better Software Conference & EXPO
> September 19-22, 2005 * San Francisco, CA * Development Lifecycle 
> Practices
> Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
> Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?listsnort-users