HPE Community
Operating System - OpenVMS
1755609 Members
3361 Online
108836 Solutions
New Discussion юеВ

DNS, UDP & ICMP

 
SOLVED
Go to solution
Wim Van den Wyngaert
Honored Contributor

тАО04-09-2008 04:19 AM

тАО04-09-2008 04:19 AM

DNS, UDP & ICMP

I did a tcptrace/prot=udp and found many udp packets arriving on ports without the VMS node responding to it (ports 2301, 67, 138). No ICMP UNREACH was generated.

However, for DNS I get from time to time a packet from the DNS server (coming from port 53) on which my system reacts with ICMP UNREACH. Looking further, I found that the package of DNS came 8 seconds after VMS sended the request. I guess my udp listener was no longer there.

When does TCP generate an ICMP UNREACH for incoming UDP packets without a UDP listener ?

Wim
Wim
0 Kudos
Reply
5 REPLIES 5
Richard Whalen
Honored Contributor

тАО04-09-2008 05:12 AM

тАО04-09-2008 05:12 AM

Solution

Re: DNS, UDP & ICMP

TCP does not generate ICMP UNREACH for incoming UDP packets. UDP might, but it won't for broadcast or multicast packets. I doubt that tcptrace with /prot=udp is sending broadcast/multicast packet as the typical way to do a tcptrace is to send the packet with a small TTL (time to live/hop limit). When the IP layer processes the packet and notices that the TTL is zero, but the packet is not at the destination it will send an ICMP Time Exceeded packet back to the source. TCPTRACE will start the TTL at 1 and increase it until the packet reaches the destination.

DNS packets are most likely sent with a TTL of 255 (the maximum) to begin with, so they can wander around a lot longer trying to get to the destination.
Reply
Wim Van den Wyngaert
Honored Contributor

тАО04-09-2008 05:23 AM

тАО04-09-2008 05:23 AM

Re: DNS, UDP & ICMP

Richard,

With TCP I meant the TCP software. But indeed the UDP layer of it.

I didn't think of that. DNS is indead to an address and all other UDP packets were broadcasts. So, it's logical that only DNS got the ICMP.

And I think you confuse tcptrace with traceroute (tcptrace doesn't send any packages.

Solved.

Wim
Wim
0 Kudos
Reply
Richard Whalen
Honored Contributor

тАО04-09-2008 10:56 AM

тАО04-09-2008 10:56 AM

Re: DNS, UDP & ICMP

Yes, I did confuse tcptrace with traceroute. I don't regularly use TCP/IP services, so I don't know all of the utilities by name. From looking at the documentation I now see that tcptrace is effectively tcpdump.

I suspect that part of the answer you don't see ICMP UNREACH packets is that you asked tcptrace to only report on the UDP protocol so it won't display ICMP packets.
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО04-13-2008 10:51 PM

тАО04-13-2008 10:51 PM

Re: DNS, UDP & ICMP

Richard,

I first did a trace of ICMP. Then a full trace of all IP packets for that node. And then wait until the word ICMP came up.

Wim

Wim
0 Kudos
Reply
Wim Van den Wyngaert
Honored Contributor

тАО04-14-2008 06:03 AM

тАО04-14-2008 06:03 AM

Re: DNS, UDP & ICMP

Still strange. See enclosed trace.

I have in ucx sho nam
retry : 4
timeout : 4
1 DNS server (was 2 but removed 1)

Why is the DNS "listener" gone after 2 of the 4 retries ? Is the listener temporary gone for some time during the retries ?

Wim
Wim
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.