You are currently offline, waiting for your internet to reconnect

Internet Control Message Protocol "Destination Unreachable" (Code = 0x0D) Packets

Support for Windows XP has ended

Microsoft ended support for Windows XP on April 8, 2014. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q325122
When you analyze a network trace, you may see Internet Control Message Protocol (ICMP) Type 3 "Destination Unreachable" packets with a code value of hexadecimal 0X0D or decimal 13:
IP: Source Address = <dotted-IP-address-of-router>ICMP: Destination Unreachable: <dotted-IP-address-of-target-host>   ICMP: Packet Type = Destination Unreachable   ICMP: Unreachable Code = 0x0D					
The code value of the ICMP Destination Unreachable packet is 0x0D. The hexadecimal code 0X0D (code decimal 13) translates to "Communication Administratively Prohibited" from Requests for Comments (RFC) 1812:
   13 = Communication Administratively Prohibited - generated if a        router cannot forward a packet due to administrative filtering;					
This is generated if a router cannot forward a packet because of administrative filtering. This is the code value for an administrative denial, which indicates that a router is filtering a port and is not permitting traffic to pass. The packet is typically seen when traffic is refused to pass through a router or a firewall.

For example, if a firewall or a router is not allowing Transmission Control Protocol (TCP) port 139, you may receive the following error messages:
Error 121: The semaphore timeout period has expired (ERROR_SEM_TIMEOUT).
Error 1231: The remote network is not reachable by the transport (ERROR_NETWORK_UNREACHABLE).
Additionally, because the user process may ignore the ICMP packet, the redirector and TCP may try many times before they receive these types of error messages.

If a firewall or a router is blocking TCP or User Datagram Protocol (UDP) port 53, the error indicates the reason for the failing Domain Name System (DNS) queries.

The ICMP packet is sent as a response to a DNS name query by using TCP/UDP port 53. To troubleshoot this problem, you can use the tracert command to the destination host. Check the source address for the ICMP packet to identify the router that is sending the packet. In the Detail pane of Network Monitor, you can see the Internet Protocol (IP) header, which displays information about the IP address of the router or the node from where the packet is coming. Contact the router or the firewall administrator to open the filtered port.

Internet Control Message Protocol (ICMP) Destination Unreachable Code Values

When a packet is undeliverable, a Destination Unreachable ICMP Type 3 message is generated. Type 3 ICMP packets can have a code value of 0 to 15.

The following ICMP Type 3 codes values are defined in RFC 1812:
Hexadecimal  Decimal  Description---------------------------------------------------------------------------0x00         0        Network Unreachable - generated by a router if a forwarding path                     (route) to the destination network is not available;0x01         1        Host Unreachable - generated by a router if a forwarding path                      (route) to the destination host on a directly connected network                      is not available (does not respond to ARP);0x02         2        Protocol Unreachable - generated if the transport protocol                      designated in a datagram is not supported in the transport layer                      of the final destination;0x03         3        Port Unreachable - generated if the designated transport protocol                      (e.g., UDP) is unable to demultiplex the datagram in the                      transport layer of the final destination but has no protocol                      mechanism to inform the sender;0x04         4        Fragmentation Needed and DF Set - generated if a router needs to                      fragment a datagram but cannot since the DF flag is set;0x05         5        Source Route Failed - generated if a router cannot forward a                      packet to the next hop in a source route option;0x06         6        Destination Network Unknown - This code SHOULD NOT be generated                      since it would imply on the part of the router that the                      destination network does not exist (net unreachable code 0                      SHOULD be used in place of code 6);0x07         7        Destination Host Unknown - generated only when a router can                      determine (from link layer advice) that the destination host                      does not exist;0x0B         11       Network Unreachable For Type Of Service - generated by a router                      if a forwarding path (route) to the destination network with the                      requested or default TOS is not available;0x0C         12       Host Unreachable For Type Of Service - generated if a router                      cannot forward a packet because its route(s) to the destination                      do not match either the TOS requested in the datagram or the                      default TOS (0).0x0D         13       Communication Administratively Prohibited - generated if a                      router cannot forward a packet due to administrative filtering;0x0E         14       Host Precedence Violation.  Sent by the first hop router to a                      host to indicate that a requested precedence is not permitted                      for the particular combination of source/destination host or                      network, upper layer protocol, and source/destination port;0x0F         15       Precedence cutoff in effect.  The network operators have imposed                      a minimum level of precedence required for operation, the                      datagram was sent with a precedence below this level;					
Routers may have a configuration option that causes code 13 messages ("Communication Administratively Prohibited") not to be generated. When this option is enabled, no ICMP error message is sent in response to a packet that is dropped because its forwarding is administratively prohibited.

For more information, see Request for Comments 1812: Requirements for IP Version 4 Routers, or see the following book:
Wright, Gary R., and W. Richard Stevens. TCP/IP Illustrated, Volume 2: The Implementation. Addison-Wesley Professional, 1995, ISBN 0-201-63354-X.
For additional information, click the article numbers below to view the articles in the Microsoft Knowledge Base:
170292 Internet Control Message Protocol (ICMP) Basics
179442 How to Configure a Firewall for Domains and Trusts
159211 Diagnoses and Treatment of Black Hole Routers
ICMP gateway netmon

Article ID: 325122 - Last Review: 10/30/2006 23:19:26 - Revision: 2.1

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows NT Server 4.0 Standard Edition
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • kbinfo KB325122
ICMP:..." />
ICMP:..." />