• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..03-May-2022-

CHANGESH A D25-Aug-19951.7 KiB2928

CHECKSUMS.ascH A D25-Aug-1995930 2723

DOCH A D17-Aug-19954.3 KiB10577

MakefileH A D17-Aug-1995837 4216

NocTools.InfosH A D17-Aug-19951.4 KiB5837

READMEH A D17-Aug-19954.3 KiB10577

TODOH A D17-Aug-199545 32

defs.hH A D26-May-19941.6 KiB6034

err.cH A D22-Apr-1994311 2421

icmpinfo.cH A D17-Aug-19953.9 KiB14181

icmpinfo.manH A D17-Aug-19951.6 KiB7054

linux_ip_icmp.hH A D11-May-19943.7 KiB10490

print.cH A D25-Aug-19956.6 KiB261215

recvping.cH A D07-Jan-1994552 2918

README

1Vers 1.11.1 - 17 August 95
2
3ICMPINFO:
4
5   icmpinfo is a tool for looking at the icmp messages received on
6   the running host.
7
8   The source code is written by Laurent Demailly, and comes from an
9   heavily modified BSD ping source; it comes AS IS - no warranty, etc...
10                                       <dl@hplyot.obspm.fr>
11
12need to be chmod 4555 , chown root, or run as root [like ping]
13
14USAGE:
15
16icmpinfo       o Gives info about weird packets only [mainly icmp_unreachable].
17icmpinfo -v    o Gives info about all icmp packets [that includes your own
18                 traceroutes...] except pings (icmp_echo_reply).
19icmpinfo -vv   o To see pings too.
20icmpinfo -vvv  o Will add an ascci/hexa dump of the packet.
21icmpinfo -n    o Avoids name queries (faster, lighter).
22icmpinfo -p    o Avoids port number to service name queries (faster, lighter).
23icmpinfo -s    o Also decode the ip_src field which is the address of the
24                 interface receiving the packet. This option is not usefull
25                 for hosts with a single network interface.
26icmpinfo -l    o Run like a daemon (forks) and output to SYSLOG.
27                 (It now checks that you are root for that)
28
29The output format is as follows (output can be shorter for some icmp
30messages (like for echo/echo_reply (pings)) and the field names intend
31to be fully meaningful for icmp unreachables packets mainly (default
32behaviour)) :
33
34MMM DD HH:MM:SS ICMP_type[sub-type] < sender_ip [sender_name] > unreach_ip
35[unreach_name] sp=source_port [src_port_name] dp=dest_port [dest_port_name]
36seq=sequence sz=packet_size
37
38or if you use -s option :
39
40MMM DD HH:MM:SS ICMP_type[sub-type] < sender_ip [sender_name] - my_ip
41[my_name] > unreach_ip [unreach_name] sp=source_port [src_port_name]
42dp=dest_port [dest_port_name] seq=sequence sz=packet_size
43
44(Real output will be on one line, it has been show cut here.)
45
46   Sample bomb output :
47
48   date&time ICMP_Dest_Unreachable[Port/Source/...] < bomber > bombed
49   ... service bombed ...
50
51   Note that to be a bomb 'bomber' must not be one of the router between
52   you and 'bombed' [in that case, it is just a normal net break,...]
53   double check with traceroute,...etc... before complaining !
54   Also note that port number/service can be easily faked by bombing programs.
55
56I'll suggest that you leave icmpinfo running all time (with -l, or -lnp for
57minimal resource consumption (also see NOTE below)) and recording its
58output for further reference.
59It is a very light process using only few kbytes of memory and almost no cpu.
60
61GNU like free software . [with Berkeley (c) where applicable]
62
63The latest version should always be avaliable via anonymous ftp on
64hplyot.obspm.fr:/net/icmpinfo-*.tar.gz
65It is now mirrored on
66ftp.sunet.se:/pub/network/monitoring/icmpinfo/icmpinfo-*.tar.gz
67ftp.leo.org:/pub/comp/networking/net-tools/icmpinfo/icmpinfo-*.tar.gz
68and also (maybe less uptodate) on :
69ftp.funet.fi:/pub/unix/networking/icmpinfo-*.tar.gz
70
71If you have W3 access, have a look at
72http://hplyot.obspm.fr/~dl/icmpinfo.html
73
74INSTALLATION
75------------
76 o If you plan to use syslog(3) facility (-l) and don't want the
77   default daemon.notice output, edit icmpinfo.c and change ligne 128.
78
79 o Have a look at the makefile, make, and maybe look at defs.h if you have
80   compile errors/includes missing (some linux boxes might need a symlink).
81
82 o Copy icmpinfo to your favorite bin path, chown root icmpinfo,
83   chmod 4555 icmpinfo. Copy icmpinfo.man to your MANPATH/man1/icmpinfo.1
84
85IMPORTANT NOTE : *If* you machine is running a named (is a name
86server) you MUST USE -n when leaving icmpinfo unattended, to avoid
87some possible looping, when icmpinfo tries to resolve an ip in an
88unreachable domain. [this problem of domain generated icmps has been
89worked upon... but I found no satisfary solutions, suggestions welcome,
90maybe a solution for v1.12 !]
91
92If you have any problems and/or suggestion, drop me a mail...
93
94Enjoy !
95
96dl - <dl@hplyot.obspm.fr>
97<A HREF="http://hplyot.obspm.fr/~dl/">Laurent Demailly</A> - finger for PGP key
98
99Credits - Thanx to Vesa for help in debugging buggy bsd code!
100          To Dave for providing the original man page!
101          And to ScottM for making my english readable!
102
103Note 1  - icmpinfo distribution now includes PGP signed md5 CHECKSUMS
104Note 2  - read the file CHANGES to get information about new features.
105