Home page logo
/

Nmap Announce mailing list archives

Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines)
From: Darren Reed <avalon () coombs anu edu au>
Date: Sat, 25 Nov 2000 12:23:00 +1100 (Australia/ACT)

In some mail from Ofir Arkin, sie said:

Every ICMP error message includes the Internet Protocol (IP) Header and at
least the first 8 data bytes of the datagram that triggered the error (the
offending datagram); more than 8 bytes may be sent according to RFC 1122.

Except for LINUX and Sun Solaris based machines all other operating systems
will closely follow RFC 1122 guidelines – quoting the IP Header and the
first 8 bytes of data of the offending packet.

Wrong, HP-UX 11 also quotes more, by default, if I recall correctly.

NetBSD has a sysctl to control how much gets quoted (curtesy of yours
truely :-).

If you read RFC1122 closely, it says that the inclusion of 64bits of data
from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX
are not in error here:
...
         Every ICMP error message includes the Internet header and at
         least the first 8 data octets of the datagram that triggered
         the error; more than 8 octets MAY be sent; this header and data
         MUST be unchanged from the received datagram.
...

Darren

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault