use scapy to send UDP ping with a high frequency, why only receive the first few ICMP port unreachable message?

1
votes

In a linux system, I use scapy to send a high frequency UDP ping. For example: each 20 milliseconds, send a UDP packet; a total of 100. But I can only get the first few ICMP port unreachable answer. 

 pkt = IP(dst=dst)/UDP(dport=RandShort())
 ans,_ = sr(pkt*100, inter=0.02, timeout=3)

I tried to use tcpdump to capture packet and found that all UDP packets have been sent to the target machine, but only a few ICMP packet came back to the source machine. What would cause this?

If I use ICMP ping,this does not happen.

I guess:

  1. may be caused by the target machine's system kernel parameter which process icmp packet
  2. may be caused by the icmp packet routing switch strategies.
1
linuxnetworkingudpscapyicmp

1 Answers

0
votes

The rate of ICMP packets is hard limited by the kernel to prevent DDOS attacks. Usually to only 1 packet per second. Almost impossible to get anything faster than that in any external (internet) router. Example