ICMP packet messages - Aix

This is a discussion on ICMP packet messages - Aix ; One of our AIX servers has been trying to send packets out of the network and we have been seeing the following errors in the firewall logs (IPs changed for security purposes) 2007-10-29 13:53:53 crit Large ICMP packet! From 192.168.1.21 ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: ICMP packet messages

  1. ICMP packet messages

    One of our AIX servers has been trying to send packets out of the
    network and we have been seeing the following errors in the firewall
    logs (IPs changed for security purposes)

    2007-10-29 13:53:53 crit Large ICMP packet! From 192.168.1.21 to
    148.223.199.32, proto 1 (zone Trust, int ethernet1). Occurred 1
    times.
    2007-10-29 13:24:13 crit Large ICMP packet! From 192.168.1.21 to
    148.223.199.32, proto 1 (zone Trust, int ethernet1). Occurred 1
    times.
    2007-10-29 13:23:55 crit Large ICMP packet! From 192.168.1.21 to
    148.223.199.32, proto 1 (zone Trust, int ethernet1). Occurred 1
    times.
    2007-10-29 12:54:16 crit Large ICMP packet! From 192.168.1.21 to
    148.223.199.32, proto 1 (zone Trust, int ethernet1). Occurred 1 times.

    I have two questions on this:

    1) Why does a large ICMP packet occur from this server? We have the
    default value for Max Packet Size set to 1500 for the network card,
    which came with the system. I am not that familiar with network config
    settings so I am a bit confused at the moment.

    2) The IP address it is trying to reach with the packet is somewhere
    in Mexico, but we should not have any reason to try and reach that IP
    as far as I can tell. Is there any way to figure out what process is
    sending that packet? For example, can I turn on auditing or look in a
    log somewhere that tells me who or what is trying to reach a specific
    IP?

    I am going to keep searching the system and the Internet for answers
    on this, but if someone has experience in the matter, it would help
    point me in the right direction. Thanks in advance.

    Steve


  2. Re: ICMP packet messages

    Adding to my post...I think that I can use "iptrace" to see what is
    happening with that IP address. I'll see what that does, but if anyone
    has other suggestions, I'm all ears.

    Steve



  3. Re: ICMP packet messages

    steven_nospam at Yahoo! Canada wrote:
    snaYC>Adding to my post...I think that I can use "iptrace" to see what is
    snaYC>happening with that IP address. I'll see what that does, but if anyone
    snaYC>has other suggestions, I'm all ears.
    snaYC>
    snaYC>Steve

    PMTU Discovery?

+ Reply to Thread