From: Darby Weaver (darbyweaver@yahoo.com)
Date: Thu Feb 07 2008 - 13:12:02 ARST
Edouard,
Have you ever had a chance to take a look at "Secrets
of Network Cartography" by Professor Messer?
http://www.networkuptime.com/nmap/index.shtml
He's a Sniffer Ceritifed Master and a VP from Network
General / NetScout. Anyway he uses details the finer
points of the usage of NMAP and yes he even offers
videos.
It's an inexpensive way to get to know the better
usages of icmp.
If you get a chance break out your favorite sniffer
and nmap and the book by Messer or some of his
tutorials and kill a weekend playing around.
--- Edouard Zorrilla <ezorrilla@tsf.com.pe> wrote:
> Hello,
>
> When I am supposed to make icmp pass thru the
> Firewall, should I use :
>
> 1.- The protocol type 1 and then the sub type - echo
> and echo reply are 0
> and 8 if asked for these ones.
>
> or
>
> 2.- The udp ports stated in :
> http://www.iana.org/assignments/port-numbers ,
>
> Please let me know,
>
> Regards
>
> ----- Original Message -----
> From: "Victor Cappuccio"
> <Victor.Cappuccio@globalknowledgespain.es>
> To: "itsfortarget iwillgetit"
> <itsfortarget@gmail.com>; "Cisco
> certification" <ccielab@groupstudy.com>
> Sent: Tuesday, February 05, 2008 3:44 PM
> Subject: RE: ICMP portnumber
>
>
> > Hi,
> >
> > http://www.faqs.org/rfcs/rfc792.html
> >
> > R1(config)#ip access-list extended 101
> > R1(config-ext-nacl)#10 permit icmp any any ?
> > <0-255> ICMP message type
> > administratively-prohibited Administratively
> prohibited
> > alternate-address Alternate address
> > conversion-error Datagram conversion
> > dod-host-prohibited Host prohibited
> > dod-net-prohibited Net prohibited
> > dscp Match packets with
> given dscp value
> > echo Echo (ping)
> > echo-reply Echo reply
> > fragments Check non-initial
> fragments
> > general-parameter-problem Parameter problem
> > host-isolated Host isolated
> > host-precedence-unreachable Host unreachable for
> precedence
> > host-redirect Host redirect
> > host-tos-redirect Host redirect for
> TOS
> > host-tos-unreachable Host unreachable for
> TOS
> > host-unknown Host unknown
> > host-unreachable Host unreachable
> > information-reply Information replies
> > information-request Information requests
> > log Log matches against
> this entry
> > log-input Log matches against
> this entry, including
> > input
> >
> > R1(config-ext-nacl)#10 permit icmp any any 1 ?
> > <0-255> ICMP message code
> > dscp Match packets with given dscp value
> > log Log matches against this entry
> > log-input Log matches against this entry,
> including input interface
> > precedence Match packets with given precedence
> value
> > reflect Create reflexive access list entry
> > time-range Specify a time-range
> > tos Match packets with given TOS value
> > <cr>
> >
> >
> > thanks,
> > ---
> > Victor Cappuccio.-
> > CCSI #31452
> >
> > Global Knowledge Spain
> >
> > -----Mensaje original-----
> > De: nobody@groupstudy.com en nombre de
> itsfortarget iwillgetit
> > Enviado el: mar 05/02/2008 9:45
> > Para: Cisco certification
> > Asunto: ICMP portnumber
> >
> > Dear Team,
> >
> > Could please come across the port number used by
> ICMP packet.
> >
> >
>
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2008 - 16:54:47 ARST