Le ven 18/10/2002 =E0 11:52, Antony Stone a =E9crit : > Although I agree with what you've said here, it's not really relevant > to the original poster's question, because in these cases you'll > still never see an ICMP entry in the connection tracking table. =20 > Because the ICMP packets are RELATED to the original connection, it's > the original packet which you'll see in the conntrack table - the ICMP > replies simply get through because of their > relationship to the original packet. True ;) > > So, for ICMP requests, you have some kind of conntrack, based on ICMP > > sequence number. For ICMP errors, conntrack tries to associate them t= o > > an existing entry. > ICMP sequence number ??? What's that ? cbr@elendil:~$ ping thor PING thor (192.168.10.50): 56 data bytes 64 bytes from 192.168.10.50: icmp_seq=3D0 ttl=3D255 time=3D0.3 ms 64 bytes from 192.168.10.50: icmp_seq=3D1 ttl=3D255 time=3D0.3 ms 64 bytes from 192.168.10.50: icmp_seq=3D2 ttl=3D255 time=3D0.2 ms 64 bytes from 192.168.10.50: icmp_seq=3D3 ttl=3D255 time=3D0.3 ms 64 bytes from 192.168.10.50: icmp_seq=3D4 ttl=3D255 time=3D0.3 ms ^^^^^^^^^^ This Just spy an ICMP request/reply stuff such as ping with ethereal and look at sequence number field. It aims to associate received reply to the good sent request. --=20 C=E9dric Blancher <blancher@cartel-securite.fr> Consultant en s=E9curit=E9 des syst=E8mes et r=E9seaux - Cartel S=E9curi= t=E9 T=E9l: +33 (0)1 44 06 97 87 - Fax: +33 (0)1 44 06 97 99 PGP KeyID:157E98EE FingerPrint:FA62226DA9E72FA8AECAA240008B480E157E98EE
