[Dnsmasq-discuss] DNS - ICMP - Destination unreachable (Port unreachable) ?

Nikita N. nikitan at operamail.com
Wed May 13 07:49:55 BST 2015


Hi Simon,
thanks for the bet! :)
So if I'm understanding correctly, it is nothing related to Dnsmasq,
right?

By your opinion, what is the purpose of such a ICMP/UDP frame sent from
src port 53?
Is that some kind of alternate DNS mechanism?
Is that anything standard behavior?

>> When the answer comes back, there's nothing listening on the destination port

I always see those ICMP at gateway side, so I guess the gateway must
have received at least that answer back.
Is that answer back supposed to be a simple UDP frame or another ICMP
frame?

Also, client and gateway are on different machines, loopback is not
possible, why I can't see neither the UDP/ICMP answer back, nor the
query?
How would I set Wireshark, to sniff out those 2 mysterious UDP frame?

-- 
  Nikita N.
  nikitan at operamail.com


On Tue, May 12, 2015, at 02:22 PM, Simon Kelley wrote:
> The most likely reason is that something opens a UDP port and sends the
> query, and then gives up, or gets an answer from somewhere else, and
> closes the UDP socket. When the answer comes back, there's nothing
> listening on the destination port, so the kernel generates the ICMP port
> unreachable message.
> 
> My money would be a on Web browser.
> 
> Cheers,
> 
> Simon.
> 
> 
> 
> On 12/05/15 18:35, Nikita N. wrote:
> > Hi All,
> > was wandering about those ICMP frames, which keep coming out always
> > right after every Dnsmasq responses.
> > What is their origin?
> > What is their purpose?
> > 
> > Just to be sure what I'm talking about, here how it happens:
> > 1) client (192.168.2.2) -> gateway (192.168.2.1), DNS Standard query
> > about mylocalsite.com
> > 2) gateway -> client, DNS Standard query response A 192.168.2.1
> > (Wireshark "Request in" pointer is to #1)
> > 3) client -> gateway, ICMP Destination unreachable (Port unreachable)
> > (Wireshark "Request in" pointer is also to #1)
> > 
> > That ICMP frame has IPv4 section, Src: 192.168.2.2 (client), Dst:
> > 192.168.2.1 (gateway)
> > But the ICMP section shows the opposite, Src: 192.168.2.1, Dst:
> > 192.168.2.2
> > Whose UDP section, Src Port: 53 (53), Dst Port: 5xxxx
> > 
> > I googled around, and I can't see any ICMP echo ping preceding, so I
> > don't understand where those ICMP are from, and/what are their purpose.
> > Maybe are generated by Dnsmasq, as some kind of alternate DNS response?
> > Maybe are generated by gateway linux kernel, as some kind of standard
> > behavior?
> > Maybe are generated by the client software/web browser?
> > 
> > Thanks
> > 
> 
> 
> _______________________________________________
> Dnsmasq-discuss mailing list
> Dnsmasq-discuss at lists.thekelleys.org.uk
> http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss

-- 
http://www.fastmail.com - Choose from over 50 domains or use your own




More information about the Dnsmasq-discuss mailing list