Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Jan 2003 12:28:53 -0800
From:      Eli Dart <dart@nersc.gov>
To:        Luigi Rizzo <rizzo@icir.org>
Cc:        Josh Brooks <user@mail.econolodgetulsa.com>, freebsd-net@FreeBSD.ORG
Subject:   Re: catching bad ICMP errors - very odd 
Message-ID:  <20030124202853.E42E13B1AE@gemini.nersc.gov>
In-Reply-To: Message from Luigi Rizzo <rizzo@icir.org>  of "Fri, 24 Jan 2003 10:07:14 PST." <20030124100714.B14895@xorpc.icir.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--==_Exmh_-1729541048P
Content-Type: text/plain; charset=us-ascii


In reply to Luigi Rizzo <rizzo@icir.org> :

> is this with ipfw1 or ipfw2 or both ?
> 
> 	cheers
> 	luigi
> 
> On Fri, Jan 24, 2003 at 03:56:54AM -0800, Josh Brooks wrote:
> > 
> > I have inserted this ipfw rule, based on guidance from the archives:
> > 
> > count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18
> > 
> > Now, I am watching that count rule, and it keeps growing.  This means that
> > people are sending me packets other than types 0,3,8,11.
> > 
> > So I wanted to see what they were:
> > 
> > tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded

Are you sure tcpdump is attaching to the correct interface?

		--eli


> > 
> > and I let that run for hours and hours and hours - and during that time,
> > the counter continued to grow and grow, but my screen where I was running
> > tcpdump stayed blank - I never saw a single packet.
> > 
> > So how is it that the counter for the above rule can grow and grow and
> > grow, but I never see a single ICMP message that says anything besides
> > "echo", "unreach" or "exceeded" ?
> > 
> > thanks.
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-net" in the body of the message
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message



--==_Exmh_-1729541048P
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: This is a comment.

iD8DBQE+MaIFLTFEeF+CsrMRAqxBAJ4u0fWjf7EazS52svFkqBNTbXBiEwCg3+sB
TDM2s3UvBbTvye9JpEEMEhQ=
=Cdwl
-----END PGP SIGNATURE-----

--==_Exmh_-1729541048P--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030124202853.E42E13B1AE>