Date: Sat, 25 Jan 2003 01:49:25 +0300 From: "Vadim A. Shklyaev" <lexxmail@front.ru> To: Josh Brooks <user@mail.econolodgetulsa.com> Cc: freebsd-net@freebsd.org Subject: Re: catching bad ICMP errors - very odd Message-ID: <18174609192.20030125014925@front.ru> In-Reply-To: <20030124035318.O64423-100000@mail.econolodgetulsa.com> References: <20030124035318.O64423-100000@mail.econolodgetulsa.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Josh.
You wrote 24 January 2003, 14:56:54:
JB> I have inserted this ipfw rule, based on guidance from the archives:
JB> count icmp from any to any icmptype 4,5,9,10,12,13,14,15,16,17,18
JB> Now, I am watching that count rule, and it keeps growing. This means that
JB> people are sending me packets other than types 0,3,8,11.
JB> So I wanted to see what they were:
JB> tcpdump -vvv -n | grep -v echo | grep -v unreach | grep -v exceeded
JB> and I let that run for hours and hours and hours - and during that time,
JB> the counter continued to grow and grow, but my screen where I was running
JB> tcpdump stayed blank - I never saw a single packet.
JB> So how is it that the counter for the above rule can grow and grow and
JB> grow, but I never see a single ICMP message that says anything besides
JB> "echo", "unreach" or "exceeded" ?
JB> thanks.
You should better write this, due to possible buffered output of
grep.
tcpdump -vvvni iface0 'icmp and icmp[icmptype]!=icmp-echo and \
icmp[icmptype]!=icmp-echoreply and icmp[icmptype]!=icmp-unreach \
and icmp[icmptype]!=icmp-timxceed'
--
Best regards,
Vadim mailto:lexxmail@front.ru
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?18174609192.20030125014925>