Wireshark · Ethereal-users: Re: [Ethereal-users] Re: ICMP

[Michael Tuexen <Michael.Tuexen@xxxxxxxxxxxxxxxxx>]

I have seem more than the first 8 bytes in ICMP packets (protocol 
unreachable)
in response to SCTP packets....

Best regards
Michael

On Mar 22, 2005, at 16:20 Uhr, LEGO wrote:

> I took a look to rfc792 (ICMP) and fOr every message supposed to carry
> the errored packet it says:
>
>    Internet Header + 64 bits of Data Datagram
>
>       The internet header plus the first 64 bits of the original
>       datagram's data.  This data is used by the host to match the
>       message to the appropriate process.  If a higher level protocol
>       uses port numbers, they are assumed to be in the first 64 data
>       bits of the original datagram's data.
>
> I assume it's just the fisrt 8 bytes. Otherwise it would be a waste of
> badwidth that at the time when it was written (1981) would had been
> unacceptable. So far I've never seen more than that.
>
>
> On Tue, 22 Mar 2005 16:10:33 +0100, Michael Tuexen
> <Michael.Tuexen@xxxxxxxxxxxxxxxxx> wrote:
> > As far as I know ICMP packets are required to contain
> > at least the first 8 bytes. But they can contain more...
> >
> > Best regards
> > Michael
> >
> > On Mar 22, 2005, at 15:55 Uhr, julien.leproust@xxxxxxxx wrote:
> >
> > > LEGO a écrit :
> > > > On Tue, 22 Mar 2005 15:33:16 +0100, julien.leproust@xxxxxxxx
> > > > <julien.leproust@xxxxxxxx> wrote:
> > > > Just a reminder:
> > > > ICMP messages carry only the first 64 bits (eight octets) of the
> > > > payload of the errored ip packet. i.e. just enough for the UDP 
> > > > header.
> > >
> > > Ok, I didn't know. Too bad, that would have been fun :)
> > >
> > > --
> > > Julien Leproust
> > >
> > >
> > > _______________________________________________
> > > Ethereal-users mailing list
> > > Ethereal-users@xxxxxxxxxxxx
> > > http://www.ethereal.com/mailman/listinfo/ethereal-users
>
>
> --
> This information is top security. When you have read it, destroy 
> yourself.
> -- Marshall McLuhan