Ethereal-dev: [Ethereal-dev] Incomplete ICMP code-3 error packet decoding

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: "Shawn Henry" <shenry@xxxxxxxxxxx>
Date: Thu, 9 Jun 2005 15:37:01 -0500
Not sure if this is the correct list but I was testing TCP attacks via ICMP against our routers today and noticed Ethereal v0.10.11 is not decoding an ICMP error packet completely. Not a major bug but I figured someone would want to know anyway.
 
The packet is an ICMP code 3, type 2 (or 3). RFC 792 specifies that after the ICMP header I need the errored IP header and first 8 bytes of the datagram (tcp header in my case). Ethereal properly decodes the TCP source/dest port but ignores the last 4 bytes (sequence number). Again, its a small issue but I figured I would bring it to your attention.
 
Hex dump of the packet:
 
=====================================
00 07 3f ff fe e2 08 00  46 72 55 83 08 00 45 00
00 38 00 00 00 00 40 01  66 4f 0a 00 00 63 0a 00
00 14 03 02 cc da 00 00  00 00 45 00 00 2a ca 2f
40 00 40 06 5c 28 0a 00  00 14 0a 00 00 63 00 17
04 3c 2a e9 00 e7
=====================================
 
Thanks,
Shawn Henry