On 4/26/05, Daniel Lopes <lopsch at lopsch.com> wrote:
> I would like to know how ICMP distinguishes between DROPped pings and
> non existing hosts. Both times you don´t get a reply from the
> destination host but if it doesn´t reply because it doesn´t exist you
> get the correct destination unreachable message if it drops the requests
> for example with IPTables you get a timeout. And I haven´t a clue why
> this is so.

In the case where you get a destination unreachable message back, its
the router that is responsible for the network on which the machine
you are trying to ping that is responding with that message. When ICMP
is dropped, the packet makes it to the host and thus the router does
not generate a destination unreachable message to send back to you.

