Re: [IPLOGGER] Odd log messages Was: problem with named

To: Anand Kumria <wildfire@progsoc.uts.edu.au>
Cc: Alexander Koch <koch@cid.net>, debian-user@lists.debian.org
Subject: Re: [IPLOGGER] Odd log messages Was: problem with named
From: "Jens B. Jorgensen" <jjorgens@bdsinc.com>
Date: Mon, 04 Aug 1997 12:04:06 -0500
Message-id: <[🔎] 33E60B86.726F@bdsinc.com>
Reply-to: jjorgens@bdsinc.com
References: <[🔎] Pine.SUN.3.95.970804011824.9114E-100000@ftoomsh.progsoc.uts.edu.au>

Anand Kumria wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> On Sat, 2 Aug 1997, Alexander Koch wrote:
> 
> > Aug  2 09:25:19 cephyr icmplogd: destination unreachable from cephyr.cid-net.de
> > Aug  2 09:25:40 cephyr icmplogd: destination unreachable from cephyr.cid-net.de
> >
> > There're two routes going out. default is the router and the other is the
> > subnet. What is wrong here? What is unreachable?
> 
> These message are beging generated becasue you have the iplogger package
> installed. The iplogger package sets the interfaces into promiscuous mode
> and log any unusual ICMP, TCP or UDP packes that it sees.
> 
> Destination unreachable _could_ be a sign of a problem, but if when you
> check things you find that you still have connectivity then what is most
> likely happening is that someone running traceroute - traceroute generates
> a lot of destination unreachable packets [or is that port unreachable?]

Neither. If the TTL field reaches zero a gateway will respond with
an ICMP Time Exceeded Message (ICMP type 11). traceroute would generate
"lots" of these packets. If a packet reaches the destination host
and the destination port is inactive, the host would generate a
Destination Unreachable (ICMP type 3) with the Code = 3 indicating
that the port was unreachable. Running traceroute would cause 
one of these packets to be generated.

I've found destination unreachable messages to most often be seen
from attempts to deliver mail. If the target host is very busy (and
on many systems this is quite often the case) no more SMTP connections
may be able to be made at the moment, in which case a dest. unreachable
message would be generated. It would be nice if the iplogger would
include the rest of the info which comes in such a message.

> Another possiblity is that of your machines has got the wrong subnet mask
> - - if you know how to, I'd run tcpdump and log the ICMP packets and see
> where cephyr is replying to, and then check that machine.
> 

-- 
Jens B. Jorgensen
jjorgens@bdsinc.com

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- [IPLOGGER] Odd log messages Was: problem with named
  - From: Anand Kumria <wildfire@progsoc.uts.edu.au>

Prev by Date: Re: ICQ
Next by Date: Re: IRC bug ?
Previous by thread: [IPLOGGER] Odd log messages Was: problem with named
Next by thread: [NAME SERVICE] Re: problem with named
Index(es):
- Date
- Thread