Article ID: 325122 - Last Review: October 30, 2006 - Revision: 2.1

Internet Control Message Protocol "Destination Unreachable" (Code = 0x0D) Packets

View products that this article applies to.
This article was previously published under Q325122

On This Page

Expand all | Collapse all

SUMMARY

When you analyze a network trace, you may see Internet Control Message Protocol (ICMP) Type 3 "Destination Unreachable" packets with a code value of hexadecimal 0X0D or decimal 13: 
IP: Source Address = <dotted-IP-address-of-router>
ICMP: Destination Unreachable: <dotted-IP-address-of-target-host>
   ICMP: Packet Type = Destination Unreachable
   ICMP: Unreachable Code = 0x0D
The code value of the ICMP Destination Unreachable packet is 0x0D. The hexadecimal code 0X0D (code decimal 13) translates to "Communication Administratively Prohibited" from Requests for Comments (RFC) 1812: 
   13 = Communication Administratively Prohibited - generated if a
        router cannot forward a packet due to administrative filtering;
This is generated if a router cannot forward a packet because of administrative filtering. This is the code value for an administrative denial, which indicates that a router is filtering a port and is not permitting traffic to pass. The packet is typically seen when traffic is refused to pass through a router or a firewall.

For example, if a firewall or a router is not allowing Transmission Control Protocol (TCP) port 139, you may receive the following error messages:
Error 121: The semaphore timeout period has expired (ERROR_SEM_TIMEOUT).
-and-
Error 1231: The remote network is not reachable by the transport (ERROR_NETWORK_UNREACHABLE).
Additionally, because the user process may ignore the ICMP packet, the redirector and TCP may try many times before they receive these types of error messages.

If a firewall or a router is blocking TCP or User Datagram Protocol (UDP) port 53, the error indicates the reason for the failing Domain Name System (DNS) queries.

The ICMP packet is sent as a response to a DNS name query by using TCP/UDP port 53. To troubleshoot this problem, you can use the tracert command to the destination host. Check the source address for the ICMP packet to identify the router that is sending the packet. In the Detail pane of Network Monitor, you can see the Internet Protocol (IP) header, which displays information about the IP address of the router or the node from where the packet is coming. Contact the router or the firewall administrator to open the filtered port.
Back to the top

MORE INFORMATION

Internet Control Message Protocol (ICMP) Destination Unreachable Code Values

When a packet is undeliverable, a Destination Unreachable ICMP Type 3 message is generated. Type 3 ICMP packets can have a code value of 0 to 15.

The following ICMP Type 3 codes values are defined in RFC 1812: 
Hexadecimal  Decimal  Description
---------------------------------------------------------------------------
0x00         0        Network Unreachable - generated by a router if a forwarding path
                     (route) to the destination network is not available;

0x01         1        Host Unreachable - generated by a router if a forwarding path
                      (route) to the destination host on a directly connected network
                      is not available (does not respond to ARP);

0x02         2        Protocol Unreachable - generated if the transport protocol
                      designated in a datagram is not supported in the transport layer
                      of the final destination;

0x03         3        Port Unreachable - generated if the designated transport protocol
                      (e.g., UDP) is unable to demultiplex the datagram in the
                      transport layer of the final destination but has no protocol
                      mechanism to inform the sender;

0x04         4        Fragmentation Needed and DF Set - generated if a router needs to
                      fragment a datagram but cannot since the DF flag is set;

0x05         5        Source Route Failed - generated if a router cannot forward a
                      packet to the next hop in a source route option;

0x06         6        Destination Network Unknown - This code SHOULD NOT be generated
                      since it would imply on the part of the router that the
                      destination network does not exist (net unreachable code 0
                      SHOULD be used in place of code 6);

0x07         7        Destination Host Unknown - generated only when a router can
                      determine (from link layer advice) that the destination host
                      does not exist;

0x0B         11       Network Unreachable For Type Of Service - generated by a router
                      if a forwarding path (route) to the destination network with the
                      requested or default TOS is not available;

0x0C         12       Host Unreachable For Type Of Service - generated if a router
                      cannot forward a packet because its route(s) to the destination
                      do not match either the TOS requested in the datagram or the
                      default TOS (0).

0x0D         13       Communication Administratively Prohibited - generated if a
                      router cannot forward a packet due to administrative filtering;

0x0E         14       Host Precedence Violation.  Sent by the first hop router to a
                      host to indicate that a requested precedence is not permitted
                      for the particular combination of source/destination host or
                      network, upper layer protocol, and source/destination port;

0x0F         15       Precedence cutoff in effect.  The network operators have imposed
                      a minimum level of precedence required for operation, the
                      datagram was sent with a precedence below this level;
Routers may have a configuration option that causes code 13 messages ("Communication Administratively Prohibited") not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because its forwarding is administratively prohibited.

For more information, see Request for Comments 1812: Requirements for IP Version 4 Routers, or see the following book:
Wright, Gary R., and W. Richard Stevens. TCP/IP Illustrated, Volume 2: The Implementation. Addison-Wesley Professional, 1995, ISBN 0-201-63354-X.
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
170292  (http://support.microsoft.com/kb/170292/EN-US/ ) Internet Control Message Protocol (ICMP) Basics
179442  (http://support.microsoft.com/kb/179442/EN-US/ ) How to Configure a Firewall for Domains and Trusts
159211  (http://support.microsoft.com/kb/159211/EN-US/ ) Diagnoses and Treatment of Black Hole Routers
Back to the top
APPLIES TO
  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
Back to the top
Keywords: 
kbinfo KB325122
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations