[asterisk-users] tired of "midget packet received" warnings

[Rob Hillis]

Tzafrir Cohen wrote:
> On Sat, Nov 08, 2008 at 02:33:18PM +1100, Rob Hillis wrote:
>   
>>> Maybe it's me, but I think that "warning" should be regarding a problem
>>> I can fix. Malformed network content does not neceserily fall under that
>>> definition. "notice"?
>>>   
>>>       
>> Absolutely it does.  Warnings of malformed packets are often (as 
>> mentioned above) symptomatic of network problems.  Fix the network 
>> problem, fix the warning.
>>     
>
> As you saw in this case, this is a monitoring program that checks if
> somebody still listens on the UDP port. Would you teach nmap to try a
> valid IAX packet on every UDP port? How can you tell in advance that the
> port is IAX and not SIP? Or whatever UDP protocol? Why should the
> monitoring program care?
>   

Depends on how thorough you want the monitoring program to be.  
Personally if I were monitoring a service, I'd want to know that the 
service was responding the way you were expecting it to rather than 
blindly checking whether the port was open.  However, one of my previous 
job was to monitor a large network that was running software that I 
would consider to be pretty badly broken and the fact that a port was 
open meant nothing more than the executable was still running - it was 
quite common for the software behind it to have gone into an infinite 
loop that promptly ignored all other data.  I learnt to be incredibly 
paranoid if I wanted to be sure that everything was working the way it 
was supposed to be.

UDP presents it's own challenges when it comes to monitoring anyway 
since there's no guarantee you'll get a reply from the other end.   
However, in the case of a program such as nmap, I take your point.  Nmap 
is more interested in whether a port is open than whether the software 
is fully functional or not.