In some mail from Ofir Arkin, sie said:
>
> Every ICMP error message includes the Internet Protocol (IP) Header and at
> least the first 8 data bytes of the datagram that triggered the error (the
> offending datagram); more than 8 bytes may be sent according to RFC 1122.
>
> Except for LINUX and Sun Solaris based machines all other operating systems
> will closely follow RFC 1122 guidelines – quoting the IP Header and the
> first 8 bytes of data of the offending packet.
Wrong, HP-UX 11 also quotes more, by default, if I recall correctly.
NetBSD has a sysctl to control how much gets quoted (curtesy of yours
truely :-).
If you read RFC1122 closely, it says that the inclusion of 64bits of data
from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX
are not in error here:
...
Every ICMP error message includes the Internet header and at
least the first 8 data octets of the datagram that triggered
the error; more than 8 octets MAY be sent; this header and data
MUST be unchanged from the received datagram.
...
Darren
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Nov 26 2000
Intro
