On Fri, 12 Nov 1999, Onno wrote:
> At 10:23 AM 11/11/99 -0600, Lyno Sullivan wrote:
> >At 08:44 AM 11/10/99 -0800, aphro wrote:
> > >On Tue, 9 Nov 1999, Art Lemasters wrote:
> > >
> > >alemas > Which port number does ping use in Debian Linux?
> > >
> > >I do not believe ICMP uses ports, there are TYPES of ICMP though, the
> > >'ping' command uses ICMP type 8. at least thats what i have blocked in my
> > >firewall, it refuses pings but accepts traceroutes.
> >
> >According to "Building Internet Firewalls"
> >
> >ICMP,8 for incoming and outgoing ping requests
> >ICMP,0 for responses to ping request
>
> I think the "Building Internet Firewalls" is wrong.
> ICMP uses -types-, in other words the host sends
> an ICMP packet with type 'n' or recieves an ICMP
> packet with type 'n'.
> ICMP type 8 is an echo-request (ping).
> ICMP type 0 is an echo-reply (pong).
>
> The "incoming and outgoing" remark doesn't apply.
> Same with other types.
>
> >tracert uses:
> >UDP ports >32768 (usually) for incming and outgoing probe
> >ICMP,11 for incoming and outgoing "TTL exceeded'
> >ICMP,3 for incoming and outgoing "servive unavailable"
>
I'll try to straighten out the confusion here, and hope I don't sound too
pendantic doing it.
'ping' uses ICMP, specifically ICMP echo request and ICMP echo reply
packets. There is no 'port' associated with ICMP. Ports are associated
with the two IP transport layer protocols, TCP and UDP. ICMP packets are
identified by the 'protocol' field in the IP datagram header. ICMP does
not use either UDP or TCP communications services, it uses raw IP
communications services. This means that the ICMP message is carried
directly in an IP datagram data field. ('raw' comes from how this is
implemented in software, to create and send an ICMP message, one opens a
'raw' socket, builds a buffer containing the ICMP message, and then writes
the buffer containing the message to the raw socket.) The IP protocol
value for ICMP is 1. (The protocol field is part of the IP header and
identifies what is in the data portion of the IP datagram.)
The ICMP protocol has many different uses and capabilities. The ICMP
message (contained in the IP datagram data field) has a 'type' field and a
'code' field to identify the different ICMP messages. For example, an ICMP
echo request message has type = 8 and code = 0 -- an ICMP echo reply has
type = 0 and code = 0. There are other fields according to the type of
ICMP message.
For further information see:
RFC792 Internet Control Message Protocol - explanation of ICMP
RFC1700 Assigned Numbers - defines the values for all
header fields in just about
all protocols.
Hope this helps a little...
