Table of Contents
Advertisement
Configuring the Protocol Analysis Module
ICMP Analysis Configuration
The ICMP protocol is used by a variety of normal and hacker activities. Logging all of that activity
generates a lot of information. You can configure ICMP Analysis settings to filter ICMP traffic and
only log specific ICMP events by using the ICMP Log Elements section of the ICMP Analysis
Settings window.
Table 2-6
Table 2-6 ICMP Protocol Values
2-66 Creating Network Sensor Policies
below lists the ICMP type and code values that you can use to filter ICMP traffic.
Type
Code
0
3
3
3
3
3
3
3
3
3
3
3
3
3
3
4
8
9
10
11
12
13
14
15
16
17
18
30
Name [Reference]
-
ECHO REPLY
0
DESTINATION UNREACHABLE
1
HOST UNREACHABLE
2
PROTOCOL UNREACHABLE
3
PORT UNREACHABLE
4
FRAGMENTATION NEEDED
5
SOURCE ROUTE FAILED
6
NETWORK UNKNOWN
7
HOST UNKNOWN
8
HOST ISOLATED
9
PROHIBITED NETWORK
10
PROHIBITED HOST
11
NETWORK TOS
12
HOST TOS
13
ADMIN PROHIBITED FILTER
-
SOURCE QUENCH
-
ECHO (PING)
-
IDRP Router Advertisement [RFC1256]
-
IDRP Router Selection [RFC1256]
-
TIME EXCEEDED
-
DATA PROBLEM
-
TIMESTAMP REQUEST
-
TIMESTAMP REPLY
-
INFO REQUEST
-
INFO REPLY
-
NETMASK REQUEST
-
NETMASK REPLY
-
TRACEROUTE
Advertisement
Table of Contents
Need help?
Do you have a question about the Intrusion Prevention System and is the answer not in the manual?