Technical Explanation: FortiGate traffic logs show "destination port number" for an ICMP traffic
Products
FortiGate
Description
For UDP and TCP traffic, the FortiGate traffic log fields 'Dst Port' and 'Src Port' are populated with source port and destination port associated to the protocol.

ICMP protocol does not have source and destination ports numbers, but the FortiGate traffic log still report a 'Dst Port' value.
 
This KB article explains, what does this value correspond to.





For ICMP traffic, the Dst_Port field is used to report ICMP type and code.



ICMP type and code, in decimal format on Dst Port field are interpreted in Service field.

Samples :
Decimal
Hexadecimal
Type
Code
Meaning
771
303
3
03
Destination unreachable
Port unreachable
778
30A
3
10
Destination unreachable
Communication with Destination Host is Administratively Prohibited
2048
800
8
00
Echo Request

ICMP type and code are defined in RFC 792.
 






Last Modified Date: 10-09-2013 Document ID: FD34359