Solved

Invalid ICMP type 69

Posted on 2006-11-03
4
1,266 Views
Last Modified: 2008-01-09
I'm writing a small UDP port scanner that just relys on an ICMP response to detect non-filtered/closed ports.

For some reason my code is returning an ICMP type 69 Code 1 which is not a valid type that I can see. I'd expect a type 3 ( Destination Unreachable ) not an undefined type.

Am I deciphering the ICMP packet I'm receiving wrong? Here is the code I am using:

#!/usr/bin/perl

use IO::Socket;

#
#    Scan UDP ports
#
$|++;
my @ports = ( 53, 514, 15555 );
scan_udp_ports( 'localhost', \@ports );


sub scan_udp_ports {
    my $host = shift;
    my $ports = shift;

    my($closed, $open, $filtered);

    #    Setup ICMP listen
    my $icmp = IO::Socket::INET->new(
                        Proto        =>    'icmp',
                        Blocking    =>    0
                        ) or die("No ICMP listen");

    foreach my $port ( @$ports ) {

        print "Scanning $port\n";

        #    Setup UDP send connection
        $client = IO::Socket::INET->new(
                        PeerPort    =>    $port,
                        PeerAddr    =>    $host,
                        Proto        =>    'udp',
                        Blocking    =>    0
                        ) or die("No server $!");

        #    Send UDP packet
        $client->send( undef );
        sleep( 5 );
        my $icmpbuffer = icmp_recv( $icmp );

        #    Check for response
        my $flags;
        if( $client->recv( $dgram, 10, $flags ) ) {
            print "This udp port $port at host $host responded!\n";
        }
    }
}

sub icmp_recv {
    my $icmp = shift;

    #    Listen for ICMP response
    my $icmpbuffer;
    if( my $icmpr = $icmp->recv( $icmpbuffer, 1024, 0 ) ) {
        print "ICMP Type: " . unpack("%8C", $icmpbuffer) . "\n";
        print "ICMP Code: " . unpack("%8c", substr($icmpbuffer, 9)) . "\n";
        print "ICMP Checksum: " . unpack("%8c", substr($icmpbuffer, 33)) . "\n";
    }
    return $icmpbuffer;
}

0
Comment
Question by:rivusglobal
  • 2
  • 2
4 Comments
 
LVL 16

Expert Comment

by:manav_mathur
ID: 17868839
Since you have already recieved the data in $icmp->recv inside icmp_recv(), why are you again doing $client_recv in scan_udp_ports.

AFAIK, you should set the listening socket ($icmp) in blocking mode; and just test the value of $icmpbuffer to see if data has  arrived....
0
 
LVL 10

Author Comment

by:rivusglobal
ID: 17869069
I'm doing the $client->recv just in case any data actually gets returned over the UDP port, which would be a confirmation of the port being open.

In blocking mode, if there is no ICMP response ( ie. filtered port ) then the script would never receive a response.
0
 
LVL 16

Accepted Solution

by:
manav_mathur earned 500 total points
ID: 17869145
0
 
LVL 10

Author Comment

by:rivusglobal
ID: 17870121
My unpacking routine wasn't working at all.  After looking at Net::Ping I understand that the actual start of the ICMP type in the returned packet starts 20 bytes into the packet.  This line of code returns the proper ICMP Type and SubCode.

my($fromtype, $fromsubcode) = unpack("C2", substr($icmpbuffer, 20, 2) );

Thanks for pointing me in the right direction manav_mathur.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now