 | 1 | initial version |
Hello and welcome to the wonderful world of packet/protocol analysis.
Apparently the error is thrown by IP 172.16.4.10 (PBX) attempting to ping 8.8.8.8 (Google DNS), which is reachable. Is this normal?
Well, not all ICMP packets are a result of ping. Ping uses type 8 (echo) and 0(echo-reply).This ICMP packet is of type 3 (Destination Unrechable) and code 3 (port unreachable). In the ICMP payload is the first part of the IP datagram that triggered this ICMP message. In it, you can see that there was a DNS response from 8.8.8.8 port 53 (DNS) to your PBX on port 63882. But the PBX had it's port already closed.
This happens quite often. A system will sometimes send multiple DNS requests and when one response is received, it moves on and closes the ports of the other outstanding requests. So when a (later) response comes in, it finds the port closed and an ICMP message is generated.
In your trace you will can filter on dns to view all DNS requests. And you will (hopefully) see this happen.
