My computer is sending ICMP packets to arbitrary destinations. I can't understand the reason. Dump of one of the packet is :
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x811b [correct]
Internet Protocol, Src: 80.167.113.76 (80.167.113.76), Dst: 192.168.1.2 (192.168.1.2)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 131
Identification: 0x0631 (1585)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 111
Protocol: UDP (17)
Header checksum: 0xc19b [correct]
[Good: True]
[Bad: False]
Source: 80.167.113.76 (80.167.113.76)
Destination: 192.168.1.2 (192.168.1.2)
User Datagram Protocol, Src Port: 61846 (61846), Dst Port: 25660 (25660)
Source port: 61846 (61846)
Destination port: 25660 (25660)
Length: 111
Checksum: 0x4b45 [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Data (103 bytes)
Data: 64313a6164323a696432303abe916abba14b8cb8a7167ce0...
What is meant by these arbitrary ICMP packets? I am afraid of rootkit. Kindly help.
operating system : windows 7 ultimate
This is normal, and alone should not be reason for any worries. What happened is that the computer with IP 80.167.113.76 sent an UDP packet to your computer, to port 25660. You don't have anything running in your computer waiting for UDP packets in this port, then your computer sends this ICMP packet back to the origin telling that nothing was reached at the given port (ICMP Type=3 Code=3 → Port unreachable). The ICMP packet contains a copy of the headers of the packet originally sent (in the opposite direction).
If you are getting this information from a packet sniffer (looks like wireshark?), then look for an incoming UDP packet from that IP arriving before the packet you just copied in this question.
Certainly you are using an ISP which dynamically assigns IP addresses to users. Probably your current IP address was being used by someone running some P2P application, and your IP plus this port combination was cached on someone else's application, and then that one tried to connect back to the original user who was using this IP.
No need for worry, really. But if it bothers you, you may want to install a stateful firewall that simply DROPs packets for non-tracked sessions. Instead of sending a "Port Unreachable" message to the origin, the firewall simply drops the original packet since it will not be in its internal connection table.
A tool like TCPView should let you see which process is creating this packets. That should give you a better idea of their purpose.
http://technet.microsoft.com/en-us/sysinternals/bb897437
I think you are receiving ICMP Port unreachable for UDP 80.167.113.76 on port 25660. This means that an application on your computer is trying to connect to 80.167.113.76:25660 via UDP protocol and no remote service is listening on that port, or it is filtered.
May be you are running a P2P application which is trying to connect to some clients that are behind a firewall.
ICMP is stateless (no session) so it is difficult to track a process that is creating the requests using common networking tools for windows.
Use a tool like listdlls from sysinternals. You can then see what process has loaded icmp.dll:
-http://www.linkedin.com/answers/technology/information-technology/computer-networking/TCH_ITS_CNW/12726-1647009