Analysis of ICMP Quotations
Malone, David and Luckie, Matthew (2007) Analysis of ICMP Quotations. In: Proceedings of the Passive and active network measurement 8th international conference, PAM 2007, April 5-6, 2007, Louvain-la-Neuve, Belgium.
RFC 792 requires most ICMP error messages to quote the IP header and the next eight bytes of the packet to which the ICMP error message applies. The quoted packet is used by the receiver to match the ICMP message to an appropriate process. An operating system may examine the quoted source and destination IP addresses, IP protocol, and source and destination port numbers to determine the socket or process corresponding to the ICMP message. In an idealised end- to-end Internet, the portion of the packet quoted should be the same as that which was sent, except for the IP TTL, DSCP, ECN bits, and checksum fields. In the modern Internet, this may not always be the case. This paper presents an analysis of ICMP quotations where the quote does not match the probe.
Repository Staff Only: item control page