1. Oracle Solaris 11.4 DTrace (Dynamic Tracing) Guide
  2. DTrace Providers
  3. Network and Network Service Protocol Providers
  4. icmp Provider
  5. Using the ICMP Provider
  6. ICMP Errors Sent by Remote Host/Port

ICMP Errors Sent by Remote Host/Port

This DTrace one-liner monitors ICMP errors sent, by aggregating the originating host and target port:

# dtrace -n 'icmp:::send / args[4]->icmp_error_dport != 0 / { @[args[2]->ip_daddr, args[4]->icmp_error_dport] = count(); }'
dtrace: description 'icmp:::send ' matched 9 probes
^C

  203.0.113.5                                           517               21

The output shows 21 ICMP errors sent in response to packets sent from the system to the local port 517. These UDP packets are generated by running the talk() program when the associated inetd service is not enabled. The ICMP errors are destination unreachable/port unreachable errors, and this script can be used to catch UDP service connection refusal.