Sending a "ping": Which (ICMP) ports must be open in firewall to receive answer ?

ICMP doesn't have ports and if you don't even understand how a simple ICMP works then you shouldn't try to implement a firewall.

ICMP is a protocol of its own, which - unlike TCP or UDP - doesn't have something like "ports". What you want to do is allow certain types of ICMP messages. I usually suggest to allow:

Type 0 (echo reply) Type 3 (destination unreachable) Type 4 (source quench) Type 8 (echo request) Type 11 (time exceeded) Type 12 (parameter problem)

Allowing other types I wouldn't recommend, unless you know what you're doing.

cu

59cobalt

the target machine ?

Peter,

Rules related to ports are for TCP/UDP traffic. ICMP rules are separate. For Windows Firewall, look on the Advanced tab, under ICMP. Enable "incoming echo request" on both computers.

the target machine ?

None. It doesn't use ports.

Many firewalls would have a setting to allow or disallow ICMP. e.g. The Windows Firewall has an advanced tab where you can enable ICMP related things. It'd be set on the remote machine. At the moment the remote machine may be blocking ICMP.

you could also use nmap -P0 1.2.3.4 where 1.2.3.4 is the ip of the machine that you are testing for a sign of life. That will work even when ICMP is blocked.

ICMP doesn't use ports, it uses "types." If you're only interested in echo requests/responses, the echo request is ICMP type 8 and comes from your system, and the target machine will respond with an echo response, which is ICMP type 0. If you're dealing with the Windows XP SP2 firewall, if you allow echo requests (Control Panel->Windows Firewall->Advanced tab->ICMP Settings...), this will implicitly allow echo responses. Alternatively, you can just allow "File and Printer Sharing" in the Exceptions tab, but that may open you up to more than you want to allow.

Regards, Mike

-- | Systems Specialist: CBE,MSE Michael T. Davis (Mike) | Departmental Networking/Computing

| The Ohio State University | 197 Watts, (614) 292-6928