Home page logo
/

nanog logo nanog mailing list archives

RE: ? how cisco router handle the out-of-order ICMP echo-reply packets
From: Mikael Abrahamsson <swmike () swm pp se>
Date: Tue, 6 Jan 2009 14:26:44 +0100 (CET)

On Tue, 6 Jan 2009, Scott Morris wrote:

There aren't sequence numbers with ICMP.  And the timeout value is
watched/triggered before the next ICMP is sent, so there shouldn't really be
any ordering problem/interpretation anyway.

Linux ping command does sequencing (so that part of your statement isn't accurate), and you can get out of order packets. It'll say a sequence number and ping time, and there really isn't any "timeout", an ICMP packet can come back 60 seconds later and it'll be counted, even though there were 59 other packets send and returned in the meantime.

$ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.023 ms
64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.020 ms

In IOS, my interpretation anyway, is that the timeout value (2 seconds) mean that it really considers this packet as dropped, so no, in IOS you cannot get out of order packets, at least not that the CLI will show. If the ICMP response packet comes back after timeout value has triggered, it's considered lost.

--
Mikael Abrahamsson    email: swmike () swm pp se


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault