[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Large ICMP packets tracing/troubleshooting



On Sun, Apr 22, 2007 at 09:45:12AM -0400, Tony Heal wrote:
> I keep getting these entries in my firewall log. I am getting this
> same entry every 10 seconds. I can not determine what is sending or
> why.
> 
> [00001] 2007-04-22 08:06:24 [Root]system-critical-00436: Large ICMP
> packet! From 192.168.2.7 to 212.110.79.74, proto 1 (zone Trust, int
> trust). Occurred 1 times.
> 
If your box is 192.168.2.7 and the internet is 212.110.79.74 then the
packet is coming from your box and is trying to get out to the net.

> also after every 7th entry of the above I get this
> 
> [00004] 2007-04-22 08:05:54 [Root]system-critical-00436: Large ICMP
> packet! From 192.168.2.7 to 210.163.43.1, proto 1 (zone Trust, int
> trust). Occurred 1 times.
> 
Out to a different host.
 
> I can not determine what is going on and it is driving me nuts.
> everything I google comes up with nothing, so I thought I would ask
> the list for any help in troubleshooting this that you can think of.

If you're getting it every 10 seconds, at least it should be simple to
track down.  Run through the shutdown scripts one at a time and see when
it stops (that is, run each script in rc6.d in order with the parameter
'stop').  When the errors stop, you've found the culpret.

Good luck.

Doug.



Reply to: