[Tfug] How do I Interpret ICMP Probes?

Felix Tilley fetilley at earthlink.net
Sat Jun 16 22:58:28 MST 2007 

How do I interpret ICMP probes?  I log them, but do not drop them.

I cannot finf anything in the man pages that interprets they TYPES and 
CODES.

I have seen many TYPES and CODES over the last few months.  I think 
these are pings to see if my IP address is online.  In this sample, my 
IP address is near the prober.  That is not always the case.

Watch out for linewrap.

Felix in Tucson

==========================================

# ICMP  This is a test.  Log only.  Do not drop.  03 NOV 2006
/usr/sbin/iptables -A INPUT -p ICMP -j LOG


iplog |grep ICMP
May 31 18:30:41 -0700 SRC=4.242.129.36 DST=4.240.150.100 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 8 18:37:48 -0700 SRC=4.238.220.208 DST=4.240.150.140 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 8 19:36:18 -0700 SRC=4.237.14.187 DST=4.240.150.140 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 9 10:06:56 -0700 SRC=4.239.105.122 DST=4.240.114.99 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 9 10:07:43 -0700 SRC=4.242.87.89 DST=4.240.114.99 PROTO=ICMP TYPE=8 
CODE=0 ID=768
Jun 9 10:09:32 -0700 SRC=4.240.253.98 DST=4.240.114.99 PROTO=ICMP TYPE=8 
CODE=0 ID=768
Jun 9 10:14:13 -0700 SRC=4.240.45.95 DST=4.240.114.99 PROTO=ICMP TYPE=8 
CODE=0 ID=768
Jun 11 08:31:29 -0700 SRC=4.240.93.217 DST=4.240.150.104 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 11 08:41:18 -0700 SRC=4.242.216.192 DST=4.240.150.104 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 11 09:09:25 -0700 SRC=4.239.105.147 DST=4.240.150.104 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 14 21:14:25 -0700 SRC=4.240.244.5 DST=4.240.114.114 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 14 21:37:31 -0700 SRC=4.240.244.121 DST=4.240.114.114 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 19:51:31 -0700 SRC=4.242.135.168 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=2048
Jun 15 20:00:05 -0700 SRC=4.238.167.58 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 20:10:23 -0700 SRC=4.240.246.143 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 20:24:12 -0700 SRC=4.240.120.210 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 20:38:26 -0700 SRC=4.240.247.12 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 20:43:10 -0700 SRC=4.242.36.100 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 20:46:47 -0700 SRC=4.242.60.122 DST=4.240.114.147 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 15 21:06:04 -0700 SRC=4.240.247.115 DST=4.240.114.33 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 21:23:48 -0700 SRC=4.240.120.210 DST=4.240.150.201 PROTO=ICMP 
TYPE=8 CODE=0 ID=768
Jun 15 21:51:46 -0700 SRC=4.238.27.20 DST=4.240.150.201 PROTO=ICMP 
TYPE=8 CODE=0 ID=512
Jun 16 01:12:58 -0700 SRC=4.240.78.8 DST=4.240.150.240 PROTO=ICMP TYPE=8 
CODE=0 ID=768
Jun 16 22:04:32 -0700 SRC=4.243.28.147 DST=4.240.114.247 PROTO=ICMP 
TYPE=8 CODE=0 ID=768

More information about the tfug mailing list