Re: browser behind firewall causing me to receive ICMP messages?

From: RainbowHat (nHiATlE_at_blSackholeP.mAit.edMu.invalid)
Date: 09/07/03

Date: Sun, 7 Sep 2003 17:43:43 +0000 (UTC)

< Neil Sandow IP web server
              3hops 10hops 1hop

> ->

Looks like sent source port 0 to destination port 0/TCP
(or a bug of snort 2.0.0?) and admin prohibit filtered.

>TIME: 11:23:21.607182 (0.003618) -> SYN (TCP opt 8bytes)
>TIME: 11:23:21.607497 (0.000315) <- SYN|ACK (TCP opt 4bytes)

Detail of above TCP options?

>TIME: 11:23:21.663391 (0.006901) -> ICMP admin prohibit filtered
>DATA: ....E..,#j..4.A........r.P.QnE..

Ascii dump is useful for application level debugging. In this case,
hex dump or to parse ICMP original packet is helpful. Especially
src/dst ports is 0 or not.

Regards, RainbowHat. To spoof or not to spoof, that is the IPv4 packet.