One for the comms experts
taig at melbpc.org.au
Mon Sep 21 02:52:18 UTC 2009
> GaryT wrote:
>> Below is a line from one of my log files. I want to know whether it's an
>> incoming or outgoing packet.
> It's an ICMP. or ping, packet. Type 3 is a 'Destination Unreachable' and
> the code=4 is an error meaning 'Fragmentation Needed and Don't Fragment
> was Set'. It's more than likely a DHCP packet asking who has what
> address. The second is just an acknowledgment (ACK).
> Are you blocking pings?
Yes... by not responding.
However, re the packet itself.
Is it correct to say that the packet is literally only one data packet;
that it's an acknowledgment requested by the outgoing 1493-byte long TCP
packet whose details are [shown between the square brackets].
And if that's correct, what would have happened to the original outgoing
packet? Is there anything in the ICMP part that indicates non-delivery?
Type 3 Code 4 reports only on fragmentation - it's doesn't necessarily
say the transmission attempt was unsuccessful. Perhaps one has to assume
normal delivery was affected.
I have thousands of these and I want to be sure so that I can accurately
report what's happening.
And on that note, does anyone know of an available online resource that
one can use to learn all about this stuff?
> Try using Wireshark to see if you can find the actual packets.
This program I didn't know about. I've spend hours trawling the net
looking for a packet sniffer for Linux and all the time it appears
Ubuntu had one available for download. Magic! Have now installed and
will learn to use it. I hope it captures and writes to disk the contents
of the various packets.
Many thanks for that lead.
More information about the ubuntu-users