Ping is just a small program which sends ICMP Echo Requests, and receives the ICMP Echo Replies. Actually, many different implementations of ping exist...
On Windows, the default ping utility sends 4 echo request by default. So, when everything is working fine, you will see 4 echo replies. You can send more (or less) requests by passing the -n option to the ping executable.
On Unix systems, the default implementation will keep sending echo requests until interrupted by the user (with Ctrl-C), and the option to send a specific number of requests is -c.
Then the local device generates an ICMP Echo (Type 8, code 0) which is sent outbound. The device then waits to receive an ICMP Echo Reply (Type 0, code 0).
If the packets TTL expires before reaching its destination, then an ICMP Time Exceeded (Type 11, code 0) packet is sent to the originator of the ICMP Echo.
When using Traceroute and the ICMP packet reaches the final destination, normally a ICMP Port Unreachable (Type 3, code 3) will be sent back towards the source.
If a device in the forwarding path does not know how to route towards the destination it will send an ICMP Net Unreachable (Type 3, code 0). This is true no matter what kind of packet was sent from the beginning, ICMP or not.
Note that many administrators filter ICMP (often on lacking knowledge) so that ICMP packets may not be received back.
You would need to create an ACL to filter the ICMP traffic (edit: referring to ping here - it's generally not advisable to filter all ICMP), and apply it to the desired interfaces, including the management interface. You would specify host addresses that match your router's management interface, as well as any addresses of routed interfaces.
ip access-list 666 deny any x.x.x.x icmp echo
ip access-list 666 deny any x.x.x.x icmp echo-reply
ip access-list 666 deny any y.y.y.y icmp echo
ip access-list 666 deny any y.y.y.y icmp echo-reply
ip access-list 666 permit ip any any
Where x.x.x.x and y.y.y.y would represent your addresses that you wish to filter. Continue to add addresses as you see fit. Don't forget the explicit permit at the end. Once you have the ACL created, you would then apply it to your desired interfaces in the inbound direction.
ip access-group 666 in
ETA: the echo-reply rules may be superfluous, since one shouldn't be generated if the original echo is filtered by the ACL. I don't have a Brocade at hand to test.
Best Answer
Ping is just a small program which sends ICMP Echo Requests, and receives the ICMP Echo Replies. Actually, many different implementations of ping exist...
On Windows, the default ping utility sends 4 echo request by default. So, when everything is working fine, you will see 4 echo replies. You can send more (or less) requests by passing the
-n
option to the ping executable.On Unix systems, the default implementation will keep sending echo requests until interrupted by the user (with Ctrl-C), and the option to send a specific number of requests is
-c
.