Closed Thread
Results 1 to 15 of 15
  1. Senior Member
    Join Date
    Aug 2003
    Posts
    157

    Certifications
    A+, Network+
    #1

    Default ICMP port number?

    Does ICMP have a port number? If so, what is it?


  2. Login/register to remove this advertisement.
  3. Security Tinkerer
    Join Date
    Sep 2004
    Location
    I'm conviced, we all live in the Matrix.
    Posts
    1,228

    Certifications
    CISSP,,CCSP,CNSS-4013+4011,MCT MCSA2K3,CWNA MCSE2K3:Sec LPT ECSA CEH CHFI,CCNA CS-CFW, CCIE-Sec/Written, etc..
    #2
    ICMP does not have a port abstraction.

  4. Senior Member
    Join Date
    Aug 2003
    Posts
    157

    Certifications
    A+, Network+
    #3
    Quote Originally Posted by keatron
    ICMP does not have a port abstraction.
    Then how does it send out it's signals?

  5. Junior Member
    Join Date
    Jul 2005
    Posts
    14

    Certifications
    A+
    #4

    Default ...

    im not currently studing for net+ however i think it doesnt send signals out... it is ust a protocol for error handling....... from what i read...... maybe somoene can shed some light on this.

  6. Senior Member
    Join Date
    Apr 2005
    Location
    touring the Holiday Inns of the country
    Posts
    639

    Certifications
    not sane
    #5
    ICMP (ping, trace)is a layer 3 protocol suite within the TCP/IP suite, doesnt test any layer 4 or above functions, therefore, it has no TCP/UDP layer 4 port number. The sub protocols within it do. You can block echo replies by closing port 7. That is how you get to be not pinged on the net.

  7. Senior Member
    Join Date
    Apr 2005
    Location
    touring the Holiday Inns of the country
    Posts
    639

    Certifications
    not sane
    #6
    Quote Originally Posted by RZetlin
    Quote Originally Posted by keatron
    ICMP does not have a port abstraction.
    Then how does it send out it's signals?
    By using ICMP echo requests. Which do function on port 7.

  8. Junior Member
    Join Date
    Feb 2007
    Posts
    1
    #7
    This is complete bollocks. First, ICMP does not use a port since it does not have a place for a port. It is encapsulated with an IP datagram only. You will find the port option only on UDP and TCP datagrams. To block ICMP echo, you would explicitly block the type and code.

    People who do think that ICMP somehow uses port 7 (the old echo service where it would echo every character you sent to it) should not be in networking and should be shot.

    If you do not agree with what I have said, look at the structure of an IP datagram and of an ICMP datagram. The ICMP is encapsulated in the IP datagram and then the IP datagram into whatever the particular media needs to form the frame.

  9. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #8
    Quote Originally Posted by comm3c
    This is complete bollocks. First, ICMP does not use a port since it does not have a place for a port. It is encapsulated with an IP datagram only. You will find the port option only on UDP and TCP datagrams. To block ICMP echo, you would explicitly block the type and code.

    People who do think that ICMP somehow uses port 7 (the old echo service where it would echo every character you sent to it) should not be in networking and should be shot.

    If you do not agree with what I have said, look at the structure of an IP datagram and of an ICMP datagram. The ICMP is encapsulated in the IP datagram and then the IP datagram into whatever the particular media needs to form the frame.
    Chill out. You can make your point w/o putting people down.

    To the OP:
    Check out RFC 792.
    http://www.faqs.org/rfcs/rfc792.html
    ICMP, uses the basic support of IP as if it were a higher
    level protocol, however, ICMP is actually an integral part of IP, and
    must be implemented by every IP module
    Remember what a port really is used for - a service listening on a host. Logical ends of a conversation. Sometimes called sockets or listener or whatever. One way to think about it is since there is no ICMP service running on a host it has no listening port.

    I also found this thread on the firewall-wizards list with your exact same question and about 20 replies that basically said (in a nice way) the ICMP is a protocol like TCP and UDP are protocols, and not a service needing a port number. Scroll down and you'll see the topic "ICMP Well-Known Port":
    https://honor.icsalabs.com/pipermail...read.html#6507

  10. Junior Member
    Join Date
    May 2003
    Location
    Seattle, WA
    Posts
    24

    Certifications
    CCNP, CCVP, CCDA, MCSE, CIW, CISSP
    #9
    No, ICMP does not use ports.

    However, it does have various ICMP types, the most common being echo reply (type 0), echo request (type , and Destination Unreachable (type 3). Because of the numbers, you'll often hear "it's trying to connect on port 0", when actually it's an echo reply packet.

    More info:

    http://en.wikipedia.org/wiki/Interne...ssage_Protocol

  11. Junior Member
    Join Date
    Mar 2007
    Location
    pakistan
    Posts
    2
    #10

    Default ??

    If ping is blocked how will u check if a node is up and running in a different building?

  12. mikej412's caddy sprkymrk's Avatar
    Join Date
    Feb 2006
    Location
    Charleston, SC
    Posts
    4,976

    Certifications
    MCP (NT4 Server), MCSA 2000, MCSA 2003, CCNA, Security+, Network+
    #11

    Default Re: ??

    Quote Originally Posted by saba.khan
    If ping is blocked how will u check if a node is up and running in a different building?
    Most admins will block ICMP at the border router or firewall to keep out inquisitive n'er-do-wells. ICMP will remain open on the internal LAN. At least that's the way I do it. My internal LAN spans 3 class C subnets across dozens of buildings on over 300 acres and you can ping any host on the network from any other host on the network. Outsiders cannot ping past my firewall though.

  13. Junior Member
    Join Date
    Feb 2008
    Posts
    2
    #12
    I am auditing the firewall settings for my network. What should they look like to handle icmp??

    A little information -
    1. we want to ping external sites (really just to test the connection)
    2. we also do our own domain hosting, email, websites, etc.
    4. we do have multiple internet connections
    3. we have a cisco pix firewall

    Right now the setting is
    - permit icmp any any

    Initially I'm thinking that is to open and should be restricted. But I'm trying to figure out how to restrict it without closing something I need. Any help would be appreciated.

  14. Member
    Join Date
    Feb 2008
    Posts
    62
    #13
    Try this....don't quote me though - I'm an amateur at best

    http://www.velocityreviews.com/forum...interface.html

  15. Junior Member
    Join Date
    Feb 2008
    Posts
    2
    #14
    well, that looks pretty good. At this stage I'm not worried about the command line arguments, but more or less services I should block allow.

    So in that link, the guy is basically denying all incomming icmp requests except those that are responses to requests that orginated in his local subnet?

  16. Junior Member
    Join Date
    May 2010
    Posts
    1
    #15

    Default Layer 3 protocol/port identifiers

    layer 3, IP - identifies what layer 4-ish protocol is being carried in the packet.

    TCP at layer 3 is identified with port/protocol # 6
    UDP is 17
    ICMP is 1

    Protocol Numbers

    hth,
    LG

Closed Thread

Social Networking & Bookmarks