Tuesday, May 12, 2009

Traceroute Explained

What is Traceroute

Traceroute is a computer network tool used to determine the route taken by packets across an IP network.

Traceroute is a tool available on all Unix variants, traceroute have many variants like tracepath ( Linux ), tracert ( windows), windows NT based system have another implementation named pathping does the similar job

How traceroute works

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent

Traceroute sending out a packet with a Time To Live (TTL) of 1. The first hop then sends back an ICMP [1] error message indicating that the packet could not be forwarded because the TTL expired. The packet is then resent with a TTL of 2, and the second hop returns the TTL expired. This process continues until the destination is reached. The purpose behind this is to record the source of each ICMP TTL exceeded message to provide a trace of the path the packet took to reach the destination.

When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed en route to the destination.

traceroute utility by default uses UDP datagrams with destination ports number range from 33434 to 33534

The traceroute utility usually has an option to specify use of ICMP echo request (type 8) as used by the Windows tracert utility

Why traceroute is using

Traceroute is often used for network troubleshooting. Providing a list of routers traversed, it allows the user to identify the path taken to reach a particular destination in the network. This can help identify routing problems or firewalls that may be blocking access to a site.

Traceriute is also used by penetration testers to get an idea about the network infrastructure and IP range.

Traceroute can help us in download data, if we have choices of mirrors, definitely we can find out which mirror gives the faster download

Traceroute IP option format

Following is the representation of Traceroute with IP option format

its

0-7

8-15

16- 31

Data Format

F

C

Number

Length

ID Number

Outbound Hop Count

Return Hop Count

Originator IP Address







F (copy to fragments) : - It uses 1 bit (1/8) this is set to 1 if the option is indented to copied in to all the fragments when a datagram is fragmented , it is set to 0 if it is not copied to fragments. It uses 1 bit

C (class) :- It uses 2 bits (2/8) specifies one of the four potential values that indicates the general category into which the option belongs. Normally only two of the values are used 0 and 2. 0 is for controlling option and 2 is for debugging and measurement. It uses 2 bits

Number :- it uses 5 bits (5/8) specifies the kind of option. 32 different values can be specified for each of the two option classes, of these only few are most commonly used. . It uses 5 bits

18 (F+C+Number = 82)

Amazed how we got the number 82, the steps as follows

((0<<7) | (2<<5) | 18) =82

Ie (0 X 27)=0

(2 X 25)=64

0 | 64 | 18 = 82

Hope now you got how we arrived at the number 82

Option Class

Option Number

Length (bytes)

Option Name

Description

0

0

1

End Of Options List

An option containing just a single zero byte, used to mark the end of a list of options.

0

1

1

No Operation

A “dummy option” used as “internal padding” to align certain options on a 32-bit boundary when required.

0

2

11

Security

An option provided for the military to indicate the security classification of IP datagrams.

0

3

Variable

Loose Source Route

One of two options for source routing of IP datagrams. See below for an explanation.

0

7

Variable

Record Route

This option allows the route used by a datagram to be recorded within the header for the datagram itself. If a source device sends a datagram with this option in it, each router that “handles” the datagram adds its IP address to this option. The recipient can then extract the list of IP addresses to see the route taken by the datagram.

0

9

Variable

Strict Source Route

One of two options for source routing of IP datagrams. See below for an explanation.

2

4

Variable

Timestamp

This option is similar to the Record Route option. However, instead of each device that handles the datagram inserting its IP address into the option, it puts in a timestamp, so the recipient can see how long it took for the datagram to travel between routers.

2

18

12

Traceroute

Used in the enhanced implementation of the traceroute utility, as described in RFC 1393.

ID Number

An arbitrary number used by the originator of the Outbound Packet to identify the ICMP Traceroute messages. It is NOT related to the ID number in the IP header. . It uses 16 bits

Originator IP Address

The IP address of the originator of the Outbound Packet. This is needed so the routers know where to send the ICMP Traceroute message for Return Packets. It is also needed for Outbound Packets which have a Source Route option. . It uses 16 bits

Outbound Hop Count (OHC)

The number of routers through which the Outbound Packet has passed. This field is not incremented by the Outbound Packet's destination. . It uses 16 bits

Return Hop Count (RHC)

The number of routers through which the Return Packet has passed. This field is not incremented by the Return Packet's destination. . It uses 32 bits

Traceroute ICMP option format

Following is the representation of Traceroute with ICMP message format

Bits

0-7

8-15

16- 31

Data Format

Type

Code

Checksum

ID Number

Unused

Outbound hope Count

Return Hop Count

Output Link Speed

Output link MTU






Type :- Always 30. It uses 8 bits

Code . It uses 8 bits

Code

Description

0

Outbound Packet successfully forwarded

1

No route for Outbound Packet; packet discarded

Checksum : - The 16 bit one's complement of the one's complement sum of all 16 bit words in the header. For computing the checksum, the checksum field should be zero. It uses 16 bits

ID Number:- The ID Number as copied from the IP Traceroute option of the packet which caused this Traceroute message to be sent. This is NOT related to the ID number in the IP header. It uses 16 bits

Unused: - It uses 16 bits

Outbound Hop Count:-The Outbound Hop Count as copied from the IP Traceroute option of the packet which caused this Traceroute message to be sent. It uses 16 bits

Return Hop Count:-The Return Hop Count as copied from the IP Traceroute option of the packet which caused this Traceroute message to be sent. It uses 16 bits

Output link speed : The speed, in bytes per second, of the link over which the Outbound/Return Packet will be sent. If this value cannot be determined, the field should be set to zero. It uses 32 bits

Output link MTU : The MTU (Maximum Transmission Unit), in bytes, of the link over which the Outbound/Return Packet will be sent. MTU refers to the data portion (includes IP header; excludes datalink header/trailer) of the packet. If this value cannot be determined, this field should be set to zero. It uses 32 bits

If a packet does not return within the expected timeout window, a star (asterisk) is traditionally printed

Traceroute command

The traceroute implementation is available on most of the operationg systems, including most Unix systems, Linux, Mac OS X, and Windows 95 and later.

On a Unix/Linux system, including Mac OS X, run a traceroute at the command line like this:

traceroute [servername]

Windows, the command is called tracert. Open a DOS window and enter the command:

tracert [servername]

Interpreting the output of traceroute

Here is some example traceroute output, from a Linux system: I have used the Linux distro named Matiux, the swiss army knife for a Hacker with loads of tools and applications by security expert Manu Zacharia , the distribution is yet to be realsed

matriux ~ # traceroute www.airnews.net

traceroute to tower-iaweb.mis.iadfw.net (209.44.184.153), 30 hops max, 38 byte packets

4 illekm-static-203.200.136.33.vsnl.net.in (203.200.136.33) 5.779 ms 3.932 ms 4.242 ms

5 if-1-1.core3.NQT-NewYork.as6453.net (64.86.5.5) 254.191 ms 260.088 ms 254.802 ms

6 if-14-0.mcore4.NQT-NewYork.as6453.net (216.6.87.45) 246.136 ms 245.748 ms 246.004 ms

7 if-5-0.mcore3.NYY-NewYork.as6453.net (216.6.87.54) 246.415 ms 246.365 ms 248.866 ms

8 if-2-0-0-976.mcore4.NYY-NewYork.as6453.net (216.6.81.6) 255.208 ms 253.232 ms 252.844 ms

9 if-5-0.mcore4.NJY-Newark.as6453.net (216.6.63.41) 259.878 ms 275.122 ms 261.457 ms

10 Vlan1101.icore1.NJY-Newark.as6453.net (216.6.63.6) 258.184 ms 254.848 ms 261.434 ms

11 ix-3-1.icore1.NJY-Newark.as6453.net (206.82.132.38) 262.131 ms 261.582 ms 260.846 ms

12 ded1-g8-3-0.hstntx.sbcglobal.net (151.164.241.101) 337.080 ms 313.352 ms 313.639 ms

13 Internet.cust-rtr.swbell.net (70.253.121.218) 317.513 ms 316.848 ms 316.081 ms

14 * * *

15 * * *

16 * * *

Here, I am tracing the route to airnews.net, the news server name at Airnews. The first line of output is information about what are we going to do; it shows the target system, that system's IP address, the maximum number of hops that will be allowed, and the size of the packets being sent.

Then we have one line for each system or router in the path between our system and the target system. Each line shows the name of the system (as determined from DNS), the system's IP address, and three round trip times in milliseconds. The round trip times (or RTTs) tell us how long it took a packet to get from our system to another system and back , called the latency between the two systems. By default, three packets are sent to each system along the route, so we get three RTTs.

Eg : 4 illekm-static-203.200.136.33.vsnl.net.in (203.200.136.33) 5.779 ms 3.932 ms 4.242 ms

Sometimes, a line in the output may have all times missing, with an asterisk where it should be: this means no packets returned

eg:- 14 * * *

If it comes like the following means we have lost two packets

eg: -5 if-1-1.core3.NQT-NewYork.as6453.net (64.86.5.5) 254.191 ms * *

In this case, the machine is up and responding, but for whatever reason it did not respond to the second and third packets. This does not necessarily indicate a problem; in fact, it is usually normal, and just means that the system discarded the packet for some reason. Many systems do this normally.

It's important to remember that timeouts are not necessarily an indication of packet loss. This is a common misconception, but since there are only three probes, dropping one response is no big deal.

Sometimes you will see an entry with just an IP address and no name:

eg: 12 151.164.241.101 (151.164.241.101) 337.080 ms 313.352 ms 313.639 ms

This simply means that a reverse DNS lookup on the address failed, so the name of the system could not be determined.

This means that the target system could not be reached. More accurately, it means that the packets could not make it there and back; they may actually be reaching the target system but encountering problems on the return trip. This can be possibly due to some problem, but it may also be an intentional block due to a firewall or other security measures, and the block may affect traceroute but not actual server connections.

Error Messages in Traceroute

A trace can end with one of several error indications indicating why the trace cannot proceed. In this example, the router is indicating that it has no route to the target host:

eg: - 14 if-5-0.mcore4.NJY-Newark.as6453.net (216.6.63.41) 35.931 ms !H * 39.970 ms !H

The !H is a “host unreachable” error message (it indicates that an ICMP error message was received). The trace will stop at this point. Possible ICMP error messages of this nature include:

!H :- Host unreachable. The router has no route to the target system.

!N :- Network unreachable.

!P :- Protocol unreachable.

!S :- Source route failed. You tried to use source routing, but the router is configured to block source-routed packets.

!F :- Fragmentation needed. This indicates that the router is misconfigured.

!X :- Communication administratively prohibited. The network administrator has blocked traceroute at this router.

with some versions of traceroute, you will see TTL warnings after the times:

eg: - 5 if-1-1.core3.NQT-NewYork.as6453.net (64.86.5.5) 90.0 ms (ttl=251!) 90.0 ms (ttl=251!) 90.0 ms (ttl=251!)

This merely indicates that the TTL (time-to-live) value on the reply packet was different from what was expected. This probably means that your route is asymmetric. This is not shown by all versions of traceroute, and can be safely ignored.

The output of the Windows version of traceroute is slightly different from the Unix

C:\>tracert www.airnews.net

Tracing route to tower-iaweb.mis.iadfw.net [209.44.184.153] over a maximum of 30 hops:

4 8 ms 6 ms 4 ms illekm-static-203.200.136.33.vsnl.net.in [203.200.136.33]

5 252 ms 252 ms 251 ms if-2-11.mse1.NW8-NewYork.as6453.net [209.58.75.37]

6 272 ms 256 ms 249 ms if-7-0-0.core1.NTO-NewYork.as6453.net [216.6.82.61]

7 256 ms 258 ms 251 ms Vlan14.icore1.NTO-NewYork.as6453.net [216.6.82.2]

8 256 ms 267 ms * Vlan7.icore1.NJY-Newark.as6453.net [206.82.132.13]

9 259 ms 261 ms 271 ms ix-3-1.icore1.NJY-Newark.as6453.net [206.82.132.38]

10 319 ms 318 ms 321 ms ded1-g8-3-0.hstntx.sbcglobal.net [151.164.241.101]

11 320 ms 320 ms 325 ms Internet.cust-rtr.swbell.net [70.253.121.218]

12 324 ms 319 ms 341 ms tower.mis.iadfw.net [209.44.184.150]

13 320 ms 324 ms 318 ms tower-iaweb.mis.iadfw.net [209.44.184.153]

Trace complete.

The Windows version does not show ICMP error messages as we described above. Errors are shown as (possibly ambiguous or confusing) text. For example, a “host unreachable” error will be shown as “Destination net unreachable” on Windows.

Reverse route

All the connections over the Internet actually depends on two routes. The route from our system to the server and the route from that server back to our system. These routes most probably completely different (asymmetric). If they differ, there is a problem in our connection and it could be a problem with either the route to the server, or with the route back from the server. So a traceroute result gives half of the picture

Unfortunately, source routing has a great potential for abuse, and therefore most network administrators block all source-routed packets at their border routers. In reality, loose source routes (specifies a system your packets should pass through before proceeding on to their destination) are not going to work.

Timeouts

See the results below

12 ded1-g8-3-0.hstntx.sbcglobal.net (151.164.241.101) 337.080 ms 313.352 ms 313.639 ms

13 Internet.cust-rtr.swbell.net (70.253.121.218) 317.513 ms 316.848 ms 316.081 ms

14 * * *

15 * * *

Well, obviously, if the trace stops at a particular system and can't go any further, then that system is where the problem lies, right? Yes there is a possibility but not necessarily because it may be blocked intentionally.

Long Routes

If our route to the destination server is very long, its going to impact on the. The reasons for a long route can be because of less-than-optimal configuration within some network .

High latency

As we discussed earlier the three numbers given on each line of traceroute output show the round trip times (latency) in milliseconds. Smaller numbers generally mean better connections. As the latency of a connection increases, performance degrades. Download speed can also suffer as a result of high latency (due to TCP windowing)

eg: - 4 illekm-static-203.200.136.33.vsnl.net.in (203.200.136.33) 5.779 ms 3.932 ms 4.242 ms

5 if-1-1.core3.NQT-NewYork.as6453.net (64.86.5.5) 254.191 ms 260.088 ms 254.802 ms

6 if-14-0.mcore4.NQT-NewYork.as6453.net (216.6.87.45) 246.136 ms 245.748 ms 246.004 ms

This example we have a high latency but it is because of cross-country link and it is natural.

If we observe, in a trace output, a large “jump” in latency from one hop to the next, that could indicate a problem. It could be a saturated (overused) network link; a slow network link; an overloaded router; or some other problem at that hop. Of course, it could also be a problem with the return route. If we feel like a roblem in the network, we can use the ping program (to get a better idea of the latency as well as the packet loss to a given site or router; traceroute only does three probes per router (by default)

Routing Weirdness

Routing weirdness, it can be showing the private ip address on the traceroute output. Following ip ranges are private and it is not supposed to show over internet routing.

The reserved private address ranges are:

* 10.*

* 172.[16-31].*

* 192.168.*

These ip address can be shown in our private network or intranet, exposing these ip over the internet will definitely cause problems.

A trace which includes private addresses is difficult to troubleshoot. we can't ping the private routers to see if there is any packet loss. We can't trace directly to them from other sites. That means, they show a certain level of cluelessness in how the network is set up

Routing loop

There is a chance we get a trace result as a route start “looping” back and forth between two routers, until the 30-hop limit is reached. This is called as routing loop. This usually means that one router has lost communication with another, and thus has dropped that route. Since the router has lost the route it needs, it sends the packet back to the sender, thinking maybe that is the best route. That router knows better and sends it back to the other one, over and over and it causes a loop.


This article can be found at the blog section of www.dileepk.info

Tuesday, May 5, 2009

Ping Command Expalined

Ping Command explained

What is Ping (Packet Internet Gopher)

Ping (Packet Internet Gopher) is a computer network tool used to test whether a particular host (host is a computer connected to the Internet/Network) is reachable across an IP network. In short Ping tests the basic connectivity from your computer to the target computer

Mike Muuss wrote the program for Unix and later it was adapted in most of the operating systems. The famous program Trace rout is evolved from Ping.

How ping works

Ping works as it sends ICMP (Internet Control Message Protocol) echo requests to the target or Host and listening for ICMP echo response replies.

What is the output ping gives

Ping calculates the round trip time to send and receive data packets, is there any data packet loss and gives a statistical summary about the time.

How ping helps

Ping result allow as to decide, on which layer we should do the further testing Lower layer (Network layer) or upper layer (Application layer). If the ping gives the positive results we can ensure the problem is with the application layer and network connectivity is working fine.

Basic Format of Ping command

Basic format

ping [host] [packet size] [count]

[host] :- The host name or IP address of the remote host being tested.

[packet size] :- Defines the size in bytes of the test packets. This field is only required if the count field is going to be used. Default packet size is 56 bytes.

[count] :-The number of packets to be sent in the test. Default number is usually 5.

eg:- ping www.google.com -l 64 –n 5

Normal Ping options available on windows

Option

Description

ping -t

Pings a device on the network until stopped

ping -a

Resolves addresses to hostnames

ping -n count

Specifies the number of echo requests to send

ping -r count

Records route for count hops

ping -s count

Timestamp for count hops

ping -w timeout

Timeout in milliseconds to wait for each reply

IF you use ping with –t , use ^C to stop the action

Normal ping options available on Linux

ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list

Option

Description

-t

Ping the specified host until interrupted.

-a

Resolve addresses to hostnames.

-n count

Number of echo requests to send.

-l size

Send buffer size.

-f

Set Don't Fragment flag in packet.

-i TTL

Time To Live.

-v TOS

Type Of Service.

-r count

Record route for count hops.

-s count

Timestamp for count hops.

-j host-list

Loose source route along host-list.

-k host-list

Strict source route along host-list.

-w timeout

Timeout in milliseconds to wait for each reply

.

Interpreting Ping Results





This is how we can read the results shown above

Reply from 209.85.153.104: bytes=32 time=44ms TTL=245

Reply from :- 209.85.153.104 ((Host IP here Google)

bytes :- Number of Bytes send to the Host

time :- time taken for the round trip

TTL :- Packet life (Time-to-live (TTL) is a value in an Internet Protocol (IP) packet, which tells a network router how long the packet has been in the network, too long and should be discarded.)

Ping statistics for 209.85.153.104:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

It tells the number of packets sent to the host (echo requests) and packets received (echo response reply) and number of packets lost in transmission.

Approximate round trip times in mille-seconds:

Minimum = 44ms, Maximum = 45ms, Average = 44ms

Gives a statistical data about the time taken for the round trip .

Example for Ping with switches

We are going to issue following command ping -n 3 -l 64 www.google.com

Here switch -n specifies number of packets to be sent and -l specifies the size of the packet to be sent to the host

You can use switches before or after the host name/address.









Ping Error Messages

When a ping response is not successful you can get a variety of error replies. Here are the main error messages and what they mean.

TTL Expired in Transit :- The TTL value determines the maximum amount of time an IP packet may live in the network without reaching its destination. This message indicates that the TTL expired in transit that means number of required hops exceeds TTL. We can increase TTL by using the ping -i switch.

Destination Host Unreachable :- The host that you are trying to ping is down or is not existing on the network. A local or remote route does not exist for destination host.

Request Timed Out :- The ping command timed out because there was no reply from the host. No Echo Reply messages were received due to network traffic, failure of the ARP request packet filtering, or router error. Increase the wait time using the ping -w switch.

Unknown Host :- The IP Address or the Host Name does not exist in the network or the destination host name cannot be resolved. Verify name and availability of DNS servers

ICMP Packet

Below is the structure of an ICMP packet used in a ping

Bytes

0-7

8-15

16-23

24-31

IP header

20 Bytes

Identification

Flags and Offsets

TTL

Protocol

Check Sum

Source IP Address

Destination IP Address

ICMP Payload

8+ Bytes

Type of Message

Code

Checksum

Quench

Data







ICMP Echo Request

Below is the structure of an ICMP echo request to host, identifier and sequence number is used to uniquely identify the packet.

0-7 Bytes

8 – 15 Bytes

16 – 31 Bytes

Type= 8

Code=0

Header Checksum

Identifier

Sequence Number

Data

Type =8 (Echo) and code =0 (Echo Request)

ICMP Echo Reply

Below is the structure of an ICMP echo reply to host, identifier and sequence number is used to determine the reply for which request.

0-7 Bytes

8 -15 Bytes

16 -31 Bytes

Type= 0

Code=0

Header Checksum

Identifier

Sequence Number

Data

Type =0 (Echo) and code =0 (Echo Reply)

The Other side of the ping

Ping is a very useful tool to detect the network issues, but unfortunately it is used as a harmful tool also. Following are few ways the tool is used for Cracking

ICMP packet magnification (or ICMP Smurf): An attacker sends forged ICMP echo packets to vulnerable networks' broadcast addresses. All the systems on those networks send ICMP echo replies to the victim, consuming the target system's available bandwidth and creating a denial of service (DoS) to legitimate traffic.

Ping of death: An attacker sends an ICMP echo request packet that's larger than the maximum IP packet size. Since the received ICMP echo request packet is larger than the normal IP packet size, it's fragmented. The target can't reassemble the packets, so the OS crashes or reboots.

ICMP flood attack: A broadcast storm of pings overwhelms the target system so it can't respond to legitimate traffic.

ICMP nuke attack: Nukes send a packet of information that the target OS can't handle, which causes the system to crash.

There are lot of sites blocks ping like Microsoft, Amazon etc. they have faced the DoS attacks from Crackers using ping

ICMP Code and Types explained

To understand more about the ICMP type and code please refer the table below

ICMP code

ICMP code name

type code

type name

type description

0

echo

0

echo-reply

RFC 792 - for echo reply message

3

unreachable

0

net-unreachable

RFC 792 - net unreachable

3

unreachable

1

host-unreachable

RFC 792 - host unreachable

3

unreachable

2

protocol-unreachable

RFC 792 - protocol unreachable

3

unreachable

3

port-unreachable

RFC 792 - port unreachable

3

unreachable

4

fragmentation-df-set

RFC 792 - fragmentation needed and DF set

3

unreachable

5

source-route-failed

RFC 792 - source route failed

3

unreachable

6

dest-network-unknown

RFC 792 - Destination Network Unknown

3

unreachable

7

dest-port-unknown

RFC 792 - Destination Host Unknown

3

unreachable

8

source-host-isolated

RFC 792 - Source Host Isolated

3

unreachable

9

network-admin

RFC 792 - Communication with Destination Network is Administratively Prohibited Communication with Destination Network is Administratively Prohibited

3

unreachable

10

host-admin

RFC 792 - Communication with Destination Host is Administratively Prohibited

3

unreachable

11

network-service

RFC 792 - Destination Network Unreachable for Type of Service

3

unreachable

12

host-service

RFC 792 - Destination Host Unreachable for Type of Service

3

unreachable

13

com-admin-prohibited

RFC 1812 - Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering

3

unreachable

14

host-precedence-violation

RFC 1812 - Host Precedence Violation. Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source/destination host or network, upper layer protocol, and source/destination port

3

unreachable

15

precedence-cuttof-in-effect

RFC 1812 - Precedence cutoff in effect. The network operators have imposed a minimum level of precedence required for operation, the datagram was sent with a precedence below this level

4

quench

0

source-quench

RFC 792 - source quench (slow down!)

5

redirect

0

redirect-network

RFC 792 - Redirect datagrams for the Network (or subnet)

5

redirect

1

redirect-host

RFC 792 - Redirect datagrams for the Host

5

redirect

2

redirect-service-network

RFC 792 - Redirect datagrams for the Type of Service and Network

5

redirect

3

redirect-service-host

RFC 792 - Redirect datagrams for the Type of Service and Host

6

alternate

0

alternate-host-address

JBP - Alternate address for host

8

echo

0

echo-request

RFC 792 - for echo message

9

router

0

router-advertisement

RFC 1256 - Router advertisement

10

router

0

router-selection

RFC 1256 - Router selection

11

exceeded

0

ttl-exceeded

RFC 792 - time to live exceeded in transit

11

exceeded

1

fragment-reassembly-exceeded

RFC 792 - fragment reassembly time exceeded

12

error

0

pointer-error

RFC 792 - pointer indicates the error

12

error

1

missing-option

RFC 792 - Missing a Required Option

12

error

2

bad-length

RFC 792 - Bad Length

13

timestamp

0

timestamp-request

RFC 792 - for timestamp message

14

timestamp

0

timestamp-reply

RFC 792 - for timestamp reply message

15

information

0

info-request

RFC 792 - for information request message

16

information

0

info-reply

RFC 792 - for information reply message

17

mask

0

mask-request

RFC 950 - Address Mask Request

18

mask

0

mask-reply

RFC 950 - Address Mask Reply

30

traceroute

0

traceroute-forwarded

RFC 1393 - Traceroute - Outbound Packet successfully forwarded

30

traceroute

1

packet-discarded

RFC 1393 - traceroute - No route for Outbound Packet; packet discarded

31

datagram

0

datagram-conversion-error

RFC 1475 - Datagram Conversion Error

32

mobile

0

mobile-host-redirect

David Johnson - Mobile Host Redirect

33

ipv6-request

0

ipv6-where-are-you

Bill Simpson -IPv6 Where-Are-You

34

ipv6-reply

0

ipv6-here-I-am

Bill Simpson - IPv6 I-Am-Here

35

mobile

0

mobile-registration-request

Bill Simpson - Mobile Registration Request

36

mobile

0

mobile-registration-reply

Bill Simpson - Mobile Registration Reply

37

domain-name

0

domain-name-request

RFC 1788 - icmp domain name request

38

domain-name

0

domain-name-reply

RFC 1788 - icmp domain name reply

40

security

0

bad-spi

RFC 2521 - Bad SPI

40

security

1

authentication-failed

RFC 2521 - Authentication Failed

40

security

2

decompression-failed

RFC 2521 - Decompression Failed

40

security

3

decryption-failed

RFC 2521 - Decryption Failed

40

security

4

need-authentication

RFC 2521 - Need Authentication

40

security

5

need-authorization

RFC 2521 - Need Authorization



This Post is available at www.dileepk.info