[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nmap-hackers
Subject:    Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines)
From:       Darren Reed <avalon () coombs ! anu ! edu ! au>
Date:       2000-11-25 1:23:00
[Download RAW message or body]

In some mail from Ofir Arkin, sie said:
> 
> Every ICMP error message includes the Internet Protocol (IP) Header and at
> least the first 8 data bytes of the datagram that triggered the error (the
> offending datagram); more than 8 bytes may be sent according to RFC 1122.
> 
> Except for LINUX and Sun Solaris based machines all other operating systems
> will closely follow RFC 1122 guidelines – quoting the IP Header and the
> first 8 bytes of data of the offending packet.

Wrong, HP-UX 11 also quotes more, by default, if I recall correctly.

NetBSD has a sysctl to control how much gets quoted (curtesy of yours
truely :-).

If you read RFC1122 closely, it says that the inclusion of 64bits of data
from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX
are not in error here:
...
         Every ICMP error message includes the Internet header and at
         least the first 8 data octets of the datagram that triggered
         the error; more than 8 octets MAY be sent; this header and data
         MUST be unchanged from the received datagram.
...

Darren

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org).

[prev in list] [next in list] [prev in thread] [next in thread]