One for the comms experts

[GaryT]

meandmine wrote:
> GaryT wrote:
>> Below is a line from one of my log files. I want to know whether it's an
>> incoming or outgoing packet.

[BIG SNIP]

> It's an ICMP. or ping, packet. Type 3 is a 'Destination Unreachable' and
> the code=4 is an error meaning 'Fragmentation Needed and Don't Fragment
> was Set'. It's more than likely a DHCP packet asking who has what
> address. The second is just an acknowledgment (ACK).
> 
> Are you blocking pings?

Yes... by not responding.

However, re the packet itself.

Is it correct to say that the packet is literally only one data packet; 
that it's an acknowledgment requested by the outgoing 1493-byte long TCP 
packet whose details are  [shown between the square brackets].

And if that's correct, what would have happened to the original outgoing 
packet?  Is there anything in the ICMP part that indicates non-delivery?
Type 3 Code 4 reports only on fragmentation - it's doesn't necessarily 
say the transmission attempt was unsuccessful. Perhaps one has to assume 
normal delivery was affected.

I have thousands of these and I want to be sure so that I can accurately 
report what's happening.

And on that note, does anyone know of an available online resource that 
one can use to learn all about this stuff?

> Try using Wireshark to see if you can find the actual packets.

This program I didn't know about.  I've spend hours trawling the net
looking for a packet sniffer for Linux and all the time it appears 
Ubuntu had one available for download.  Magic!  Have now installed and
will learn to use it. I hope it captures and writes to disk the contents
of the various packets.

Many thanks for that lead.
GaryT