I noticed I have several networks with all ICMP messages blocked at the firewall level, except for ICMP echo and reply.
I know that there is a need at least ICMP messages type 3 in IPv4 have to be allowed for the MTU negotiation to occur.
The packets can be sniffed with the command:
sudo tcpdump icmp
However, how do I generate ICMP packets type 3 on one remote point to make global tests?
Best Answer
You need ICMP type 3 "destination unreachable" packets to provide healthy IP connections.
The easiest way to generate ICMP packets type 3 for testing is by using the
nping
program.The
nping
program is part of thenmap
package, and as such there is a need to have it installed. For it you have to do:After having it installed, to test a remote Linux system, starting running on the remote side, to listen for ICMP type 3 and 4 packets:
or
and then do the other system/side to send the ICMP type 3 packets:
Be sure to test them in both directions.
As an example, using the loopback interface to show the test in the local machine:
In the first terminal - listening for ICMP type 3 messages:
In the second terminal - sending ICMP type 3 messages: