Nikita N.
2015-05-12 17:35:33 UTC
Hi All,
was wandering about those ICMP frames, which keep coming out always
right after every Dnsmasq responses.
What is their origin?
What is their purpose?
Just to be sure what I'm talking about, here how it happens:
1) client (192.168.2.2) -> gateway (192.168.2.1), DNS Standard query
about mylocalsite.com
2) gateway -> client, DNS Standard query response A 192.168.2.1
(Wireshark "Request in" pointer is to #1)
3) client -> gateway, ICMP Destination unreachable (Port unreachable)
(Wireshark "Request in" pointer is also to #1)
That ICMP frame has IPv4 section, Src: 192.168.2.2 (client), Dst:
192.168.2.1 (gateway)
But the ICMP section shows the opposite, Src: 192.168.2.1, Dst:
192.168.2.2
Whose UDP section, Src Port: 53 (53), Dst Port: 5xxxx
I googled around, and I can't see any ICMP echo ping preceding, so I
don't understand where those ICMP are from, and/what are their purpose.
Maybe are generated by Dnsmasq, as some kind of alternate DNS response?
Maybe are generated by gateway linux kernel, as some kind of standard
behavior?
Maybe are generated by the client software/web browser?
Thanks
was wandering about those ICMP frames, which keep coming out always
right after every Dnsmasq responses.
What is their origin?
What is their purpose?
Just to be sure what I'm talking about, here how it happens:
1) client (192.168.2.2) -> gateway (192.168.2.1), DNS Standard query
about mylocalsite.com
2) gateway -> client, DNS Standard query response A 192.168.2.1
(Wireshark "Request in" pointer is to #1)
3) client -> gateway, ICMP Destination unreachable (Port unreachable)
(Wireshark "Request in" pointer is also to #1)
That ICMP frame has IPv4 section, Src: 192.168.2.2 (client), Dst:
192.168.2.1 (gateway)
But the ICMP section shows the opposite, Src: 192.168.2.1, Dst:
192.168.2.2
Whose UDP section, Src Port: 53 (53), Dst Port: 5xxxx
I googled around, and I can't see any ICMP echo ping preceding, so I
don't understand where those ICMP are from, and/what are their purpose.
Maybe are generated by Dnsmasq, as some kind of alternate DNS response?
Maybe are generated by gateway linux kernel, as some kind of standard
behavior?
Maybe are generated by the client software/web browser?
Thanks
--
Nikita N.
***@operamail.com
--
http://www.fastmail.com - The way an email service should be
Nikita N.
***@operamail.com
--
http://www.fastmail.com - The way an email service should be