1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Determine what it is that is sendin ICMP type 3

Discussion in 'Networking (Hardware & Software)' started by roktok, 2007/03/03.

  1. 2007/03/03
    roktok

    roktok Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    2
    Likes Received:
    0
    Hi,

    I get lots of mail from my router (a couple of logs per hour). The router log is full of messages that says something like:

    [INFO] Sun Jan 07 15:06:30 2007 Blocked outgoing ICMP packet (ICMP type 3) from xxx.xxx.xxx.xxx to yyy.yyy.yyy.yyy

    xxx.xxx.xxx.xxx is one of my machines on a local network. The machine is running some applications and I expect people to be connected to that machine, se there is normal TCP/IP traffic.

    I have disabled the SSDP Discovery Service, and I can see that it is disabled, so I guess that it isn't the upnp service which is sending the ICMP type 3 messages.

    What can it be? How can I determine what it is that is sending the messages?

    Thanks
    Roktok
     
    roktok,
    #1
  2. 2007/03/03
    TonyT

    TonyT SuperGeek Staff

    Joined:
    2002/01/18
    Messages:
    9,068
    Likes Received:
    396
    go to the machine in question, open a command windows and use:
    netstat -a
    to see all current connections.

    The port used may be a clue to what app is sending the icmp packets. It could be a trojan or it could be a legit app's auto-update feature. It could even be windows media player looking for updates. But, since it's icmp, it could be a "keep-alive" used by a game or even a yahoo game.

    task manager will show most apps that are running. Anti-spware apps will detect unseen running apps & antivirus should pick up any backdoor trojans.
     
    TonyT,
    #2


  3. to hide this advert.

  4. 2007/03/04
    roktok

    roktok Inactive Thread Starter

    Joined:
    2007/03/03
    Messages:
    2
    Likes Received:
    0
    Hi,

    Thanks for the answer.

    I have now executed Ad-Aware, Spybot and an antivirus program on the machine. The only things that those could find were a few cookies.

    I also waited till I got a log file, and then issued:

    netstat -an

    I could not see any of the ip addresses from the log in the output from that command. :(

    I'm not playing any games on the machine, and I'm not using the media player.



     
    roktok,
    #3

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...