difference between DROPped pings and non existing hosts

Tobias DiPasquale codeslinger at gmail.com
Tue Apr 26 20:16:14 CEST 2005


On 4/26/05, Daniel Lopes <lopsch at lopsch.com> wrote:
> I would like to know how ICMP distinguishes between DROPped pings and
> non existing hosts. Both times you don´t get a reply from the
> destination host but if it doesn´t reply because it doesn´t exist you
> get the correct destination unreachable message if it drops the requests
> for example with IPTables you get a timeout. And I haven´t a clue why
> this is so.

In the case where you get a destination unreachable message back, its
the router that is responsible for the network on which the machine
you are trying to ping that is responding with that message. When ICMP
is dropped, the packet makes it to the host and thus the router does
not generate a destination unreachable message to send back to you.

-- 
[ Tobias DiPasquale ]
0x636f6465736c696e67657240676d61696c2e636f6d



More information about the netfilter mailing list