Technical Explanation: FortiGate traffic logs show "destination port number" for an ICMP traffic
Description
For UDP and TCP traffic, the FortiGate traffic log fields 'Dst Port' and 'Src Port' are populated with source port and destination port associated to the protocol.
ICMP protocol does not have source and destination ports numbers, but the FortiGate traffic log still report a 'Dst Port' value.
ICMP protocol does not have source and destination ports numbers, but the FortiGate traffic log still report a 'Dst Port' value.
This KB article explains, what does this value correspond to.
For ICMP traffic, the Dst_Port field is used to report ICMP type and code.
ICMP type and code, in decimal format on Dst Port field are interpreted in Service field.
Samples :
| Decimal | Hexadecimal | Type | Code | Meaning |
| 771 | 303 | 3 | 03 | Destination unreachable Port unreachable |
| 778 | 30A | 3 | 10 | Destination unreachable Communication with Destination Host is Administratively Prohibited |
| 2048 | 800 | 8 | 00 | Echo Request |
ICMP type and code are defined in RFC 792.
