From owner-freebsd-net Fri Jan 24 3:57: 0 2003 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 48ED237B401 for ; Fri, 24 Jan 2003 03:56:59 -0800 (PST) Received: from mail.econolodgetulsa.com (mail.econolodgetulsa.com [198.78.66.163]) by mx1.FreeBSD.org (Postfix) with ESMTP id C200243E4A for ; Fri, 24 Jan 2003 03:56:57 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Received: from mail (user@mail [198.78.66.163]) by mail.econolodgetulsa.com (8.12.3/8.12.3) with ESMTP id h0OBusZb066296 for ; Fri, 24 Jan 2003 03:56:54 -0800 (PST) (envelope-from user@mail.econolodgetulsa.com) Date: Fri, 24 Jan 2003 03:56:54 -0800 (PST) From: Josh Brooks To: freebsd-net@freebsd.org Subject: catching bad ICMP errors - very odd Message-ID: <20030124035318.O64423-100000@mail.econolodgetulsa.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I have inserted this ipfw rule, based on guidance from the archives: count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18 Now, I am watching that count rule, and it keeps growing. This means that people are sending me packets other than types 0,3,8,11. So I wanted to see what they were: tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded and I let that run for hours and hours and hours - and during that time, the counter continued to grow and grow, but my screen where I was running tcpdump stayed blank - I never saw a single packet. So how is it that the counter for the above rule can grow and grow and grow, but I never see a single ICMP message that says anything besides "echo", "unreach" or "exceeded" ? thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message