Cisco Cisco Firepower Management Center 4000

The 

icmp_seq

 keyword inspects an ICMP echo request or reply packet's ICMP sequence. Use a numeric 

value that corresponds with the ICMP sequence number as the argument for the 

icmp_seq

 keyword.

Protection

Use the 

itype

either a valid ICMP type value (see http://www.iana.org/assignments/icmp-parameters or 
http://www.faqs.org/rfcs/rfc792.html for a full list of ICMP type numbers) or an invalid ICMP type value 
to test for different types of traffic. For example, attackers may set ICMP type values out of range to 
cause denial of service and flooding attacks.

You can specify a range for the 

itype

 argument value using less than (<) and greater than (>).

For example:

<35

>36

3<>55

See http://www.iana.org/assignments/icmp-parameters or http://www.faqs.org/rfcs/rfc792.html for a 
full list of ICMP type numbers.

Protection

You can use the 

icode

 keyword to identify packets with specific ICMP code values. You can choose to 

specify either a valid ICMP code value or an invalid ICMP code value to test for different types of traffic. 

You can specify a range for the 

icode

 argument value using less than (<) and greater than (>).

For example:

to find values less than 35, specify 

<35.

to find values greater than 36, specify 

>36.

to find values between 3 and 55, specify 

3<>55.

You can use the 

icode

 and 

itype

 keywords together to identify traffic that matches both. For example, 

to identify ICMP traffic that contains an ICMP Destination Unreachable code type with an ICMP Port 
Unreachable code type, specify an 

itype

 keyword with a value of 3 (for Destination Unreachable) and 

an 

icode

 keyword with a value of 3 (for Port Unreachable).