Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [icmp]

ICMP stands for Internet Control Message Protocol. It is primarily used by the operating systems of networked computers to send error messages indicating service status.

ICMP is not normally used by end-users or to send messages. It's main use is in diagnostics and checking that the network is functioning correctly.

ICMP is just one communications protocol on the web. Others include:

  • Transmission Control Protocol (TCP)
  • User Datagram Protocol (UDP)
  • Hypertext Transfer Protocol (HTTP)
  • Post Office Protocol (POP3)
  • File Transfer Protocol (FTP)
  • Internet Message Access Protocol (IMAP)

ICMP on Wikipedia

225 questions
56
votes
10 answers

Why not block ICMP?

I think I almost have my iptables setup complete on my CentOS 5.3 system. Here is my script... # Establish a clean slate iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -P OUTPUT ACCEPT iptables -F # Flush all rules iptables -X # Delete…
Agvorth
  • 2,429
  • 4
  • 28
  • 29
31
votes
4 answers

Why do ICMP Redirect Host happen?

I'm setting up a Debian box as a router for 4 subnets. For that I have defined 4 virtual interfaces on the NIC where the LAN is connected (eth1). eth1 Link encap:Ethernet HWaddr 94:0c:6d:82:0d:98 inet addr:10.1.1.1 …
El Barto
  • 943
  • 5
  • 16
  • 24
29
votes
2 answers

Does traceroute use UDP or ICMP or both?

When I do a trace on the www.google.com domain from my laptop, am I using icmp or udp ? I thought it was icmp type 11 but while searching for something else I came across rules where icmp type 30 was used and I saw rules where udp was used. Can…
Kris
  • 1,347
  • 3
  • 15
  • 16
12
votes
3 answers

Strange: why does linux respond to ping with ARP request after last ping reply?

I (and a colleague) have just noticed, and tested, that when a Linux machine is pinged, after the last ping it initiates a unicast ARP request to the machine that initiated the ICMP ping. When pinging to a Windows machine, the Windows machine does…
Rabarberski
  • 263
  • 1
  • 3
  • 8
12
votes
2 answers

Why is ICMP categorized as a layer 3 protocol?

ICMP is categorized as a layer 3 protocol in the OSI model, but as far as i can tell it does not meet the definition of a network layer protocol. It does not provide addressing or packet routing (it uses IP for this), so all it does is send…
Robbie Mckennie
  • 1,083
  • 1
  • 8
  • 21
12
votes
3 answers

What exactly do --limit 1/s and --limit-burst mean in iptables rules?

I'm using CentOS 5.x trying to wrap my mind around the following iptables rule on one of my servers: -A RH-Firewall-1-INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT On another server I have: -A RH-Firewall-1-INPUT -p icmp…
Mike B
  • 11,570
  • 42
  • 106
  • 165
11
votes
4 answers

What happens when ARP Request comes from a different subnet?

What will happen when an ARP Request packet is sent from router1 to router2 in the following two cases? Will an ARP Reply be generated or the ARP Request packet be dropped? [router1]Intf1(20.0.0.1/24) ======== (40.0.0.1/24)Intf2[router2]…
gsinha
  • 323
  • 1
  • 3
  • 15
10
votes
2 answers

Forwarding traffic from TUN device (C++ backend) to the default gateway

The following problem is just a piece of the bigger solution I have a problem with. All other elements seem working so far, so I'll try to describe very small piece which I have problem with. I've got a linux machine, with tun0 (tunneling interface)…
Marcin Górski
  • 101
  • 1
  • 5
9
votes
2 answers

nic: Something Wicked happened! ffff

I'm configuring a GNU/Linux Router with Debian Stretch (9.7) and before rebooting the server, all traffic from one interface to another was going ok, but after that, I received a message like this (tty): enp1s6: Something Wicked happened! ffff. I…
ivanleoncz
  • 1,433
  • 4
  • 18
  • 32
9
votes
5 answers

iptables, ICMP and RELATED

I am using the following simple iptables rule that accepts related packets: -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT I am letting ICMP echo-requests pass with this other rule: -A INPUT -p icmp --icmp-type echo-request -j…
S19N
  • 1,693
  • 1
  • 17
  • 28
9
votes
4 answers

How does TCP Ping or Traceroute Work?

How does the tcp ping or traceroute work? Does it take in account just the time it takes to establis the TCP handshake? Also in ICMP ping you can specify the packet size, can this be achieved in TCP ping?
GeorgeU
  • 496
  • 1
  • 5
  • 17
9
votes
4 answers

Why do some web servers not respond to icmp requests?

What is the purpose of blocking/dropping inbound ICMP traffic on a public web server? Is it common for it be blocked? I had to test if a server was accessible from various locations (tested on various servers located in different states/countries).…
John Himmelman
  • 833
  • 5
  • 10
  • 18
8
votes
6 answers

Why block outbound ICMP?

This question is slightly related to "Why Block Port 22 Outbound?". I don't see how this can be a notable security risk.
gak
  • 713
  • 1
  • 9
  • 23
8
votes
2 answers

Can't ping multihomed Linux machine on non-default interface

I have a multihomed Ubuntu server with a set of interfaces that includes: eth2: 10.10.0.131/24 eth3: 10.20.0.2/24 The default interface is eth2, with a gateway of 10.10.0.1. Here's what the routing table looks like: root@c220-1:~# netstat…
Lorin Hochstein
  • 4,868
  • 15
  • 54
  • 72
8
votes
2 answers

iptables | Types of ICMP: which ones are (potentially) harmful?

I read that certain types¹ of ICMP packets can be harmful. Questions: Which ones and why? How should I layout an iptables ruleset to handle each type of ICMP packet? Should I rate-limit any of these types of ICMP packets? And how? [¹] The types I…
ML--
  • 325
  • 1
  • 4
  • 11
1
2 3
14 15