Rule Options
99
The type field in the ICMP header of a data packet is used to determine the type of
the ICMP packet. Table 3 3 lists different ICMP types and values of the type field in the
ICMP header.
Table 3 3 ICMP type filed values
Value
Type of ICMP Packet
0
Echo reply
3
Destination unreachable
4
Source quench
5
Redirect
8
Echo request
11
Time exceed
12
Parameter problem
13
Timestamp request
14
Timestamp reply
15
Information request
16
Information reply
For example, if you want to generate an alert for each source quench message, use
the following rule:
alert icmp any any  > any any (itype: 4; \
   msg: "ICMP Source Quench Message received";)
The ICMP code field is used to further classify ICMP packets. 
3.6.13 The icode Keyword
In ICMP packets, the ICMP header comes after the IP header. It contains a code
field, as shown in Appendix C and RFC 792 at http://www.rfc editor.org/rfc/rfc792.txt.
The icode keyword is used to detect the code field in the ICMP packet header. The argu 
ment to this field is a number and the general format is as follows:
icode: "ICMP_codee_number"






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved