From owner-freebsd-net Fri Jan 24 12:29: 3 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3546E37B401 for ; Fri, 24 Jan 2003 12:29:01 -0800 (PST) Received: from mx2.nersc.gov (mx2.nersc.gov [128.55.6.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 828F143EB2 for ; Fri, 24 Jan 2003 12:29:00 -0800 (PST) (envelope-from dart@nersc.gov) Received: from mx2.nersc.gov (localhost [127.0.0.1]) by localhost.nersc.gov (Postfix) with ESMTP id AF3D47788; Fri, 24 Jan 2003 12:28:54 -0800 (PST) Received: from gemini.nersc.gov (gemini.nersc.gov [128.55.16.111]) by mx2.nersc.gov (Postfix) with ESMTP id 60362777D; Fri, 24 Jan 2003 12:28:54 -0800 (PST) Received: from gemini.nersc.gov (localhost [127.0.0.1]) by gemini.nersc.gov (Postfix) with ESMTP id E42E13B1AE; Fri, 24 Jan 2003 12:28:53 -0800 (PST) X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4 To: Luigi Rizzo Cc: Josh Brooks , freebsd-net@FreeBSD.ORG Subject: Re: catching bad ICMP errors - very odd In-Reply-To: Message from Luigi Rizzo of "Fri, 24 Jan 2003 10:07:14 PST." <20030124100714.B14895@xorpc.icir.org> Mime-Version: 1.0 Content-Type: multipart/signed; boundary="==_Exmh_-1729541048P"; micalg=pgp-sha1; protocol="application/pgp-signature" Content-Transfer-Encoding: 7bit Date: Fri, 24 Jan 2003 12:28:53 -0800 From: Eli Dart Message-Id: <20030124202853.E42E13B1AE@gemini.nersc.gov> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --==_Exmh_-1729541048P Content-Type: text/plain; charset=us-ascii In reply to Luigi Rizzo : > is this with ipfw1 or ipfw2 or both ? > > cheers > luigi > > On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote: > > > > I have inserted this ipfw rule, based on guidance from the archives: > > > > count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 > > > > Now, I am watching that count rule, and it keeps growing. This means that > > people are sending me packets other than types 0,3,8,11. > > > > So I wanted to see what they were: > > > > tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded Are you sure tcpdump is attaching to the correct interface? --eli > > > > and I let that run for hours and hours and hours - and during that time, > > the counter continued to grow and grow, but my screen where I was running > > tcpdump stayed blank - I never saw a single packet. > > > > So how is it that the counter for the above rule can grow and grow and > > grow, but I never see a single ICMP message that says anything besides > > "echo", "unreach" or "exceeded" ? > > > > thanks. > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message --==_Exmh_-1729541048P Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: This is a comment. iD8DBQE+MaIFLTFEeF+CsrMRAqxBAJ4u0fWjf7EazS52svFkqBNTbXBiEwCg3+sB TDM2s3UvBbTvye9JpEEMEhQ= =Cdwl -----END PGP SIGNATURE----- --==_Exmh_-1729541048P-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message