icmp (internet control message protocol) computer networks by: saeedeh zahmatkesh 90-91 spring
TRANSCRIPT
ICMP
(Internet Control Message Protocol)
Computer Networks
By: Saeedeh Zahmatkesh
90-91 spring
ICMP 2
ICMP is used to send debugging information and error reports between hosts, routers and other network devices
ICMP provides communication between the Internet Protocol software on one machine and the Internet Protocol software on another
ICMP
ICMP 3
ICMP Error Message Data
Historically, ICMP errors returned the offending IP header and the 1st 8 data bytes
No longer adequate with more complicated headers like IP in IP
New rules say that it should contain as much as original datagram as possible, without the length of ICMP datagram being > 576 bytes (standard Internet min size)
ICMP 4
ICMP Message Delivery
In all other respects, an ICMP message travels as would any other datagram
No additional reliability or priority The only difference between a normal datagram
and a datagram containing an ICMP message occurs in the event that the datagram containing the ICMP causes an error
No error messages are sent for ICMP error message failures
ICMP 5
ICMP messages can be lost or discarded Errors in ICMP messages should not generate additional ICMP
messages
ICMP messages are not allowed to be sent in response to (RFC1812): an ICMP error message (ok for queries) datagrams failing header validation tests broadcast or multicast IP datagrams link-layer broadcast or multicast frames invalid source address any fragment other than the first
ICMP
ICMP 6
ICMP is an integral part of IP But it is actually encapsulated within IP (Protocol=1)
IP header ICMP message
20 bytes
IP datagram
ICMP
ICMP 7
ICMP Message Types
Type Field ICMP Message Type0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo Request
9 Router Advertisement
10 Router Solicitation
11 Time Exceeded
ICMP 8
Type Field ICMP Message Type
12 Parameter Problem
13 Timestamp Request
14 Timestamp Reply
15 Info Request (obsolete)
16 Info Reply (obsolete)
17 Address Mask Request
18 Address Mask Reply
ICMP Message Types
ICMP 9
The ping program
The ping program is a useful diagnostic tool It uses ICMP echo request/reply packets to test
whether a device is reachable
ICMP 10
The identifier allows ping to identify multiple instances of ping running at the same time on the same host
The sequence number allows us to see if packets disappeared
The round-trip time is also calculated
The ping program
ICMP 11
ICMP Destination Unreachable Message
When a router cannot forward or deliver an IP datagram, it sends a type 3 ICMP message (destination unreachable)
ICMP 12
Destination Unreachable Codes0 Network unreachable
generated by a router if a forwarding path (route) to the destination network is not available
1 Host unreachable
generated by a router if a forwarding path (route) to the destination host on a directly connected network is not available (does not respond to ARP);
2 Protocol unreachable
generated if the transport protocol designated in a datagram is not supported in the transport layer of the final destination
3 Port unreachable
generated if the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram in the transport layer of the final
destination but has no protocol mechanism to inform the sender
ICMP 13
4 Frag needed and DF set
generated if a router needs to fragment a datagram but cannot since the DF flag is set
5 Source route failed
generated if a router cannot forward a packet to the next hop in a source route option
6 Destination network unkown
This code SHOULD NOT be generated since it would imply on the part of the router that the destination network does not exist (net unreachable code 0 SHOULD be used in place of code 6);
7 Destination host unkown
generated only when a router can determine (from link layer advice) that the destination host does not exist
…
Destination Unreachable Codes
ICMP 14
Congestion and Datagram Flow Control
Two common situations may cause a router to become congested with packets
A high-speed sender transmits packets faster than an intermediate network (router) can handle them
Many senders transmit packets through the same router
ICMP 15
Congestion and Datagram Flow Control
In order to signal senders that it can’t handle the load, a router sends an ICMP source quench message
Ideally, such a message should be sent before a router is forced to drop packets
Senders reduce transmission rate upon receipt of a source quench message
ICMP 16
ICMP Source Quench Message
Type (8-bit): 4 Code (8-bit): 0 Checksum (16-bit) Unused (Zero Field, 32-bit)
ICMP 17
Route Change Requests
Routers (not hosts) are responsible for keeping routing information up-to-date
Routers are assumed to know correct routes
Hosts begin with minimal routing information and learn new routes from routers
A host may boot up knowing the address of only one router – but that may not be the best route for a given datagram
ICMP 18
When a router detects a host using a non-optimal route it: Sends an ICMP redirect message to the host Forwards the message
A host is expected to then update its routing table
Route Change Requests
ICMP 19
Not applicable to intermediate routers
Route Change Requests
ICMP 20
ICMP Redirect Message
Redirect Codes0 Redirect for the network (obsolete)1 Redirect for the Host2 Redirect for the type-of-service and network (obsolete)3 Redirect for the type-of-service and Host
ICMP 21
Circular or Excessively Long Routes
To avoid cycles datagrams contain a TTL field (also called the hop
count) which is decremented until it reaches zero
When fragmented datagrams are received a reassembly timer is started if all the fragments are not received before the timer
expires we say a timeout has occurred
ICMP 22
ICMP Time Exceeded Message
If either the TTL field reaches zero or a fragmentation reassembly timeout occurs, an ICMP time exceeded message is sent
ICMP 23
ICMP 24
Links
http://www.wiziq.com/tutorial/116986-Chapter-4-Internet-Control-Message-Protocol
http://fab.cba.mit.edu/classes/MIT/961.04/people/neil/ip.pdf
http://www.sans.org/security-resources/idfaq/icmp_misuse.php