Ok, I sent a ping to a remote computer which is definitively alive and responding.
However I get a timeout at my local computer because of too restrictive firewall rules.
Which ICMP ports must be open to be able to receive all possible answers from the target machine ?
Peter
Post removed (X-No-Archive: yes)
In comp.security.firewalls Peter Waibel
> Ok, I sent a ping to a remote computer which is definitively alive and
> responding.
>
> However I get a timeout at my local computer because of too
> restrictive firewall rules.
>
> Which ICMP ports must be open to be able to receive all possible
> answers from the target machine ?
ICMP is a protocol of its own, which - unlike TCP or UDP - doesn't have
something like "ports". What you want to do is allow certain types of
ICMP messages. I usually suggest to allow:
Type 0 (echo reply)
Type 3 (destination unreachable)
Type 4 (source quench)
Type 8 (echo request)
Type 11 (time exceeded)
Type 12 (parameter problem)
Allowing other types I wouldn't recommend, unless you know what you're
doing.
cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich
On 29 Mar 2007 14:28:00 GMT, p.waibel@hotmail.com (Peter Waibel) wrote:
>Ok, I sent a ping to a remote computer which is definitively alive and responding.
>
>However I get a timeout at my local computer because of too restrictive firewall rules.
>
>Which ICMP ports must be open to be able to receive all possible answers from the target machine ?
>
>Peter
Peter,
Rules related to ports are for TCP/UDP traffic. ICMP rules are separate. For
Windows Firewall, look on the Advanced tab, under ICMP. Enable "incoming echo
request" on both computers.
--
Cheers,
Chuck, MS-MVP [Windows - Networking]
http://nitecruzr.blogspot.com/
Paranoia is not a problem, when it's a normal response from experience.
My email is AT DOT
actual address pchuck mvps org.
On 29 Mar, 15:28, p.wai...@hotmail.com (Peter Waibel) wrote:
> Ok, I sent a ping to a remote computer which is definitively alive and responding.
>
> However I get a timeout at my local computer because of too restrictive firewall rules.
>
> Which ICMP ports must be open to be able to receive all possible answers from the target machine ?
>
> Peter
None. It doesn't use ports.
Many firewalls would have a setting to allow or disallow ICMP.
e.g. The Windows Firewall has an advanced tab where you can enable
ICMP related things. It'd be set on the remote machine. At the moment
the remote machine may be blocking ICMP.
you could also use nmap -P0 1.2.3.4
where 1.2.3.4 is the ip of the machine that you are testing for a sign
of life.
That will work even when ICMP is blocked.
In article <460bccf0$0$23149$9b4e6d93@newsspool1.arcor-online.net>,
p.waibel@hotmail.com (Peter Waibel) writes:
>Ok, I sent a ping to a remote computer which is definitively alive and
> responding.
>
>However I get a timeout at my local computer because of too restrictive
> firewall rules.
>
>Which ICMP ports must be open to be able to receive all possible answers from
> the target machine ?
ICMP doesn't use ports, it uses "types." If you're only interested
in echo requests/responses, the echo request is ICMP type 8 and comes from
your system, and the target machine will respond with an echo response, which
is ICMP type 0. If you're dealing with the Windows XP SP2 firewall, if you
allow echo requests (Control Panel->Windows Firewall->Advanced tab->ICMP
Settings...), this will implicitly allow echo responses. Alternatively, you
can just allow "File and Printer Sharing" in the Exceptions tab, but that may
open you up to more than you want to allow.
>
>Peter
>
Regards,
Mike
--
| Systems Specialist: CBE,MSE
Michael T. Davis (Mike) | Departmental Networking/Computing
http://www.ecr6.ohio-state.edu/~davism/ | The Ohio State University
| 197 Watts, (614) 292-6928