Ask Your Question

Revision history [back]

ICMP - Yet another destination unreachable - Rookie

Hi there, I am no Wireshark neither packet capture expert, nevertheless I am attempting to understand why a SIP/TLS app is not behaving as expected, so I have attached wireshark to a mirrored port on our switch, which mirrors all traffic on the PBX network.

What comes to my eyes is that we have some ICMP errors:

No.     Time               Source                Destination           Protocol Length Info                                   DSCP    1056 11:27:32.748536   
172.16.4.10           8.8.8.8               ICMP     174    Destination unreachable (Port unreachable)         Class Selector 6,Default

Frame 1056: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface \Device\NPF_{--------HIDDEN----------}, id 0
    Interface id: 0 (\Device\NPF_{--------HIDDEN----------})
    Encapsulation type: Ethernet (1)
    Arrival Time: Apr 16, 2021 11:27:32.748536000 W. Europe Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1618565252.748536000 seconds
    [Time delta from previous captured frame: 0.000332000 seconds]
    [Time delta from previous displayed frame: 0.000332000 seconds]
    [Time since reference or first frame: 56.350984000 seconds]
    Frame Number: 1056
    Frame Length: 174 bytes (1392 bits)
    Capture Length: 174 bytes (1392 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
    [Coloring Rule Name: ICMP errors]
    [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx), Dst: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
    Destination: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
        Address: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx)
        Address: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 172.16.4.10, Dst: 8.8.8.8
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
        1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 160
    Identification: 0xfaa4 (64164)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment Offset: 0
    Time to Live: 64
    Protocol: ICMP (1)
    Header Checksum: 0xbece [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 172.16.4.10
    Destination Address: 8.8.8.8 Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 3 (Port unreachable)
    Checksum: 0xbda8 [correct]
    [Checksum Status: Good]
    Unused: 00000000
    Internet Protocol Version 4, Src: 8.8.8.8, Dst: 172.16.4.10
        0100 .... = Version: 4
        .... 0101 = Header Length: 20 bytes (5)
        Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
            0000 00.. = Differentiated Services Codepoint: Default (0)
            .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
        Total Length: 132
        Identification: 0x87a6 (34726)
        Flags: 0x00
            0... .... = Reserved bit: Not set
            .0.. .... = Don't fragment: Not set
            ..0. .... = More fragments: Not set
        Fragment Offset: 0
        Time to Live: 119
        Protocol: UDP (17)
        Header Checksum: 0xfb98 [validation disabled]
        [Header checksum status: Unverified]
        Source Address: 8.8.8.8
        Destination Address: 172.16.4.10
    User Datagram Protocol, Src Port: 53, Dst Port: 63882
        Source Port: 53
        Destination Port: 63882
        Length: 112
        Checksum: 0x2261 [unverified]
        [Checksum Status: Unverified]
        [Stream index: 12]
        UDP payload (104 bytes) Domain Name System (response)
    Transaction ID: 0x39f2
        [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1055]
            [DNS response retransmission. Original response in frame 1055]
            [Severity level: Warning]
            [Group: Protocol]
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 2
    Authority RRs: 0
    Additional RRs: 0
    Queries
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            [Name Length: 54]
            [Label Count: 5]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN, addr 54.178.136.218
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 20 (20 seconds)
            Data length: 4
            Address: 54.178.136.218
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN, addr 3.115.118.189
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 20 (20 seconds)
            Data length: 4
            Address: 3.115.118.189
    [Retransmitted response. Original response in: 1055]

Apparently the error is thrown by IP 172.16.4.10 (PBX) attempting to ping 8.8.8.8 (Google DNS), which is reachable. Where am I wrong?

ICMP - Yet another destination unreachable - Rookie

Hi there, I am no Wireshark neither packet capture expert, nevertheless I am attempting to understand why a SIP/TLS app is not behaving as expected, so I have attached wireshark to a mirrored port on our switch, which mirrors all traffic on the PBX network.

What comes to my eyes is that we have some ICMP errors:

No.     Time               Source                Destination           Protocol Length Info                                   DSCP    1056 11:27:32.748536   
172.16.4.10           8.8.8.8               ICMP     174    Destination unreachable (Port unreachable)         Class Selector 6,Default

Frame 1056: 174 bytes on wire (1392 bits), 174 bytes captured (1392 bits) on interface \Device\NPF_{--------HIDDEN----------}, id 0
    Interface id: 0 (\Device\NPF_{--------HIDDEN----------})
    Encapsulation type: Ethernet (1)
    Arrival Time: Apr 16, 2021 11:27:32.748536000 W. Europe Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1618565252.748536000 seconds
    [Time delta from previous captured frame: 0.000332000 seconds]
    [Time delta from previous displayed frame: 0.000332000 seconds]
    [Time since reference or first frame: 56.350984000 seconds]
    Frame Number: 1056
    Frame Length: 174 bytes (1392 bits)
    Capture Length: 174 bytes (1392 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
    [Coloring Rule Name: ICMP errors]
    [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx), Dst: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
    Destination: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
        Address: PeplinkI_xx:xx:xx (yy:yy:yy:yy:yy:yy)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx)
        Address: Panasoni_yy:yy:yy (xx:xx:xx:xx:xx:xx)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 172.16.4.10, Dst: 8.8.8.8
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0xc0 (DSCP: CS6, ECN: Not-ECT)
        1100 00.. = Differentiated Services Codepoint: Class Selector 6 (48)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 160
    Identification: 0xfaa4 (64164)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment Offset: 0
    Time to Live: 64
    Protocol: ICMP (1)
    Header Checksum: 0xbece [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 172.16.4.10
    Destination Address: 8.8.8.8 Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 3 (Port unreachable)
    Checksum: 0xbda8 [correct]
    [Checksum Status: Good]
    Unused: 00000000
    Internet Protocol Version 4, Src: 8.8.8.8, Dst: 172.16.4.10
        0100 .... = Version: 4
        .... 0101 = Header Length: 20 bytes (5)
        Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
            0000 00.. = Differentiated Services Codepoint: Default (0)
            .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
        Total Length: 132
        Identification: 0x87a6 (34726)
        Flags: 0x00
            0... .... = Reserved bit: Not set
            .0.. .... = Don't fragment: Not set
            ..0. .... = More fragments: Not set
        Fragment Offset: 0
        Time to Live: 119
        Protocol: UDP (17)
        Header Checksum: 0xfb98 [validation disabled]
        [Header checksum status: Unverified]
        Source Address: 8.8.8.8
        Destination Address: 172.16.4.10
    User Datagram Protocol, Src Port: 53, Dst Port: 63882
        Source Port: 53
        Destination Port: 63882
        Length: 112
        Checksum: 0x2261 [unverified]
        [Checksum Status: Unverified]
        [Stream index: 12]
        UDP payload (104 bytes) Domain Name System (response)
    Transaction ID: 0x39f2
        [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1055]
            [DNS response retransmission. Original response in frame 1055]
            [Severity level: Warning]
            [Group: Protocol]
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 2
    Authority RRs: 0
    Additional RRs: 0
    Queries
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            [Name Length: 54]
            [Label Count: 5]
            Type: A (Host Address) (1)
            Class: IN (0x0001)
    Answers
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN, addr 54.178.136.218
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 20 (20 seconds)
            Data length: 4
            Address: 54.178.136.218
        mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com: type A, class IN, addr 3.115.118.189
            Name: mobile-sip-1277875736.ap-northeast-1.elb.amazonaws.com
            Type: A (Host Address) (1)
            Class: IN (0x0001)
            Time to live: 20 (20 seconds)
            Data length: 4
            Address: 3.115.118.189
    [Retransmitted response. Original response in: 1055]

Apparently the error is thrown by IP 172.16.4.10 (PBX) attempting to ping 8.8.8.8 (Google DNS), which is reachable. Where am I wrong?Is this normal?