Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

not getting all ICMP time-exceeded messages: why?

Tags:

python

icmp

ttl

packet

scapy

I'm using Scapy to replay some dumped packets in which I change the TTL value. I've been getting very odd results even with TTL=1.

When I run my test hours apart from each other, I can get from roughly 40% to 95% of packets replied to with an ICMP time-exceeded message. Then I can recursively replay unanswered packets and get each time more or less the same percentage of answered packets as before.

Why is that?

I've been sending packets with an interval of 0.1 seconds between each other. This should be ok, right? My timeout value is 10s, which should be very conservative.

What's wrong here?

like image 761
Ricky Robinson Avatar asked Jun 05 '12 14:06

Ricky Robinson

People also ask

What is a possible cause of an ICMP time exceeded message?

The ICMP - Time exceeded message is generated when the gateway processing the datagram (or packet, depending on how you look at it) finds the Time To Live field (this field is in the IP header of all packets) is equal to zero and therefore must be discarded.

What is ICMP Type 11 time exceeded used for?

Whenever a packet or message is sent on a network, a Time to Live (TTL) value is attached. The TTL value decreases after passing reach layer 3 devices such as a router along the way to the destination.

What do you mean by time exceeded error reporting message?

Time Exceeded error messages are used to indicate that a forwarding or reassembly operation took too long to complete and that the reporting device is discarding the data.

What ICMP type denotes a time exceeded response?

Time Exceeded—Type 11. The time exceeded message occurs when a router receives a datagram with a TTL (Time To Live) of 0 or 1.

1 Answers

What you're saying is essentially you can only test for so many unreachable hosts in a given span of time. One possible reason: many routers rate-limit ICMP messages.

It is much better to test for a ping success to a host before doing something else; this way you have positive confirmation of reachability. The downside is MS Windows blocks pings by default.

If you can't ping first, then you'll need to increase the time between your probes, or raise the ICMP unreachable rate on the router that is returning the ICMP messages.

EDIT:

Based on the comments, it looks like you're hitting a wall for scapy's ability to process traffic. I have improved throughput in the past by sending with scapy and spawning tcpdump in the background to receive traffic.

like image 169
Mike Pennington Avatar answered Oct 03 '22 19:10

Mike Pennington
Sign in to Comment

Related questions

Running a Python app on real Android phone
Disabling std. and file I/O in Python sandbox implementation
An algorithm for randomly generating integer partitions of a particular length, in Python?
how to direct python logger to Tkinker's Listbox?
Python: Emit some Utf-8 string to windows console [duplicate]
How to find first non-uppercase letter in the string using python
Fastest algorithm for finding overlap between two very large lists?
Can I customize ff-find-other-file to switch between tests and implementations?
"Bad marshal data" Django development server error
Setting arbitrary color in pseudocolor plot with matplotlib [duplicate]
Multiprocessing Process terminate fails on Linux
How to run a POST request programmatically in python with a GUI ? (spynner, webkit...)
Calculating pdf of Dirichlet distribution in python
Browsing file or directory Dialog in Python
QLabel() won't load a pixmap if it is a JPG image
Running a Python script on a PHP server
UnicodeDecodeError: 'utf8' codec can't decode byte
django-social-auth : did not save twitter's email
Replace subarrays in numpy
Find a 3x3 sliding window over an image

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!