At 08:13 AM 11/21/00, Chris Larson wrote:
>My point being that the response you will see at a workstation will not
>always be the same as the response you will see at the console of a Cisco
>router. The router generally has a more robust implementation of ICMP then
>the Windows workstation. In a sniffer trace you will see certain types of
>ICMP replies that the Windows boxes simply report as destination
>unreachables, or even timeouts even though the ICMP type as specified by6
>the RFC's is not simply unreachable.
I could believe that some implementations don't always provide to the end
user the code that goes with the Destination Unreachable message. I have
also seen MS-DOS Ping report a timeout even though the router sent a reply
or ICMP message. Sniffing is required to know what's really going on.
How much ICMP an OS must implement is standardized by the IETF in the Host
Requirements document, RFC 1112, but the document is unclear regarding how
many details to report to the user. (It doesn't really deal with users
whatsoever).
One LAST comment (I promise):
There are some cases where it's the end node (workstation, server, or
whatever) that sends back the Destination Unreachable. A workstation might
send a Protocol Unreachable or Port Unreachable. Protocol Unreachable means
the station doesn't understand the protocol field in the IP header. Port
Unreachable means it doesn't recognize the TCP or UDP port.
Some varieties of traceroute take advantage of the fact that a workstation
will send back a Dest Unreachable, Port Unreachable. In particular, most
Cisco and UNIX traceroute implementations send to a large UDP port number
that won't be recognized by the end node. The end node sends back Dest
Unreachable, Port Unreachable. This is a good thing because it lets you
traceroute all the way to the end node, past all the routers in the chain.
I am going on and on about this subject because I think it's so important.
An understanding of Destination Unreachable means a good understanding of
how packets are forwarded in an internetwork. My messages aren't directed
to anyone in particular, (in case you're wondering, Chris). I'm just using
them as a "training" forum. I can't help it. Once an instructor, always an
instructor. &;-)
Priscilla
>Of course, that is what I meant. Not that the workstation sends an ICMP, but
>that what it recieves from the router is simply a timeout.
>
>
>
>----- Original Message -----
>From: "Priscilla Oppenheimer" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Sent: Monday, November 20, 2000 4:47 PM
>Subject: Re: !H !H !H!H
>
>
>At 03:25 PM 11/20/00, Chris Larson wrote:
> >Even if this was correct you cannot simply by getting an !h say that this
>is
> >from an access-list. There are many reasons for a host unreachable message.
> >
> >Also, from most workstations (Windows that is), you will simply get a
> >timeout and neither !A or !h from packets being denied by an access-list.
>
>Sending a Destination Unreachable is the job of the Router, not the
>workstation. Whether it sends an A, H, or nothing depends on the
>implementation of ICMP that it is running.
>
>Priscilla
________________________
Priscilla Oppenheimer
http://www.priscilla.com
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
