[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-hackers
Subject: Re: ICMP Error Message Quoting Size (Identifying Sun Solaris & LINUX based machines)
From: Darren Reed <avalon () coombs ! anu ! edu ! au>
Date: 2000-11-25 1:23:00
[Download RAW message or body]
In some mail from Ofir Arkin, sie said:
>
> Every ICMP error message includes the Internet Protocol (IP) Header and at
> least the first 8 data bytes of the datagram that triggered the error (the
> offending datagram); more than 8 bytes may be sent according to RFC 1122.
>
> Except for LINUX and Sun Solaris based machines all other operating systems
> will closely follow RFC 1122 guidelines – quoting the IP Header and the
> first 8 bytes of data of the offending packet.
Wrong, HP-UX 11 also quotes more, by default, if I recall correctly.
NetBSD has a sysctl to control how much gets quoted (curtesy of yours
truely :-).
If you read RFC1122 closely, it says that the inclusion of 64bits of data
from the original IP packet is the minimum - Linux/Solaris/NetBSD/HP-UX
are not in error here:
...
Every ICMP error message includes the Internet header and at
least the first 8 data octets of the datagram that triggered
the error; more than 8 octets MAY be sent; this header and data
MUST be unchanged from the received datagram.
...
Darren
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help@insecure.org . List run by ezmlm-idx (www.ezmlm.org).
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic