By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Unable to send ICMP Time Exceeded Message with my AWS instance

0

I am testing something by sending an ICMP type 11 packet (Time-to-live exceeded) from an AWS EC2 server to another server of mine that's not hosted on AWS. Whenever I send this packet, I can see with tcpdump on the server itself that the message is being sent. But it never arrives at my other server. Just to clarify I am able to receive ICMP Time Exceeded messages on my AWS instance, but I cannot send them (for example, I can still execute traceroute on the AWS server to any IP address). Does anyone know what might be filtering this ICMP traffic? I also set up the correct inbound and outbound security group rules for both instances. I have the ability to send other ICMP-type messages such as Echo/Reply.

Topics
ComputeNetworking & Content Delivery
Tags
Amazon EC2Security Group
Language
English
Angelos
asked 5 months ago149 views
1 Answer
0

I'd say there is some device in the network path that is filtering those packets. So you can send the packets but under many circumstances they may not get to the destination.

For example: Any decent firewall (and I'd include home internet routers in this) will not allow a Time Exceeded ICMP response unless it has seen some sort of outbound packet that the response could be a reply to. So sending "unsolicited" Time Exceeded packets probably won't work.

profile pictureAWS
EXPERT
Brettski-AWS
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content