Skip navigation
Cisco Learning Home > Certifications > Routing & Switching (CCNP) > Discussions

_Communities

This Question is Not Answered 1 Correct Answer available (4 pts) 2 Helpful Answers available (2 pts)
16816 Views 2 Replies Latest reply: Jan 26, 2012 6:59 AM by Keith Barker - CCIE RS/Security, CISSP RSS

Currently Being Moderated

ICMP

Jan 25, 2012 8:39 PM

sdhanwada 37 posts since
Mar 3, 2011

Hello All,

 

I have never been able to find a definite answer for this -

 

     Does ICMP use a specific port?

 

 

I have read something about blocking port 7 to stop ping requests etc. But nothing concrete as such. If somebody can clarify, that will be great.

 

 

 

Thank you.

  • chrisjoms 378 posts since
    Jul 22, 2010
    Currently Being Moderated
    1. Jan 25, 2012 11:24 PM (in response to sdhanwada)
    Re: ICMP

    ICMP has no any particular port, take a look at the structue of the ICMP packet it doesn't have any option to set the port.

    

    ICMP_PACKET.PNG

    the picture above i get from this link: http://en.wikipedia.org/wiki/Ping

     

    if you want to block ping requests then you might need to create an access list for that.

     

    Example below is allow ICMP, in the access list command below replace the keyword permit with deny, it should deny ICMP packets. But just remember ICMP helps a lot on troubleshooting.

     

    Allow Pings (ICMP)

    This figure shows that ICMP sourced from NetA destined to NetB is permitted, and pings sourced from NetB destined to NetA are denied.

    ACLsamples-4.gif

    This configuration permits only echo-reply (ping response) packets to come in on interface Ethernet 0 from NetB towards NetA. However, the configuration blocks all echo-request ICMP packets when pings are sourced in NetB and destined to NetA. Therefore, hosts in NetA can ping hosts in NetB, but hosts in NetB cannot ping hosts in NetA.

    R1
    hostname R1!interface ethernet0ip access-group 102 in!access-list 102 permit icmp any any echo-reply
  • Keith Barker - CCIE RS/Security, CISSP 5,351 posts since
    Jul 3, 2009
    Currently Being Moderated
    2. Jan 26, 2012 6:59 AM (in response to sdhanwada)
    Re: ICMP

    sandilya dhanwada wrote:

     

    Hello All,

     

    I have never been able to find a definite answer for this -

     

         Does ICMP use a specific port?

     

     

    I have read something about blocking port 7 to stop ping requests etc. But nothing concrete as such. If somebody can clarify, that will be great.

     

     

     

    Thank you.

    Hello-

     

    ICMP has it's own protocol number (in a similar to the L4 protocol numbers that TCP and UDP have).

     

    TCP is protocol 6

    UDP is protocol 7

    ICMP is protocol 1

     

    (Some people argue that ICMP is or isn't a L4 protocol, due to it having it's own protocol number.  At the end of the day, it is ok for disagreement of L4 or not, because we can agree that it has it's own protocol number.   ICMP is really an assistant to IP, at L3.)   But I digress.  

     

    With TCP and UDP, they use port numbers to refer to application layer services such as HTTP (port 80), TELNET (port 23) and so forth for TCP, and UDP services have their own well known ports too.

     

    With ICMP, it doesn't use port numbers, but has ICMP "types" along with ICMP "codes".

     

    For a full list of these, you can visit here:

     

    http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml

     

    The most popuar ICMP types are an PING request and reply, which uses an ICMP type 8 (echo-request), and an ICMP type 0 (echo-reply).

     

    Best wishes,

     

    Keith

Actions

More Like This

  • Retrieving data ...

Bookmarked By (0)