ICMP.pptx

advertisement
ICMP
(Internet Control Message Protocol)
Computer Networks
By: Saeedeh Zahmatkesh
90-91 spring
ICMP

ICMP is used to send debugging information
and error reports between hosts, routers and
other network devices

ICMP provides communication between the
Internet Protocol software on one machine and
the Internet Protocol software on another
ICMP
2
ICMP Error Message Data



Historically, ICMP errors returned the offending
IP header and the 1st 8 data bytes
No longer adequate with more complicated
headers like IP in IP
New rules say that it should contain as much as
original datagram as possible, without the length
of ICMP datagram being > 576 bytes (standard
Internet min size)
ICMP
3
ICMP Message Delivery



In all other respects, an ICMP message travels
as would any other datagram
No additional reliability or priority
The only difference between a normal datagram
and a datagram containing an ICMP message
occurs in the event that the datagram containing
the ICMP causes an error
 No
error messages are sent for ICMP error
message failures
ICMP
4
ICMP

ICMP messages can be lost or discarded


Errors in ICMP messages should not generate additional ICMP
messages
ICMP messages are not allowed to be sent in
response to (RFC1812):






an ICMP error message (ok for queries)
datagrams failing header validation tests
broadcast or multicast IP datagrams
link-layer broadcast or multicast frames
invalid source address
any fragment other than the first
ICMP
5
ICMP

ICMP is an integral part of IP

But it is actually encapsulated within IP (Protocol=1)
IP datagram
IP header
ICMP message
20 bytes
ICMP
6
ICMP Message Types
Type Field
ICMP Message Type
0
3
4
5
8
9
10
11
Echo Reply
Destination Unreachable
Source Quench
Redirect
Echo Request
Router Advertisement
Router Solicitation
Time Exceeded
ICMP
7
ICMP Message Types
Type Field
12
13
14
15
16
17
18
ICMP Message Type
Parameter Problem
Timestamp Request
Timestamp Reply
Info Request (obsolete)
Info Reply (obsolete)
Address Mask Request
Address Mask Reply
ICMP
8
The ping program

The ping program is a useful diagnostic
tool
 It
uses ICMP echo request/reply packets to test
whether a device is reachable
ICMP
9
The ping program

The identifier allows ping to identify multiple
instances of ping running at the same time on
the same host

The sequence number allows us to see if
packets disappeared

The round-trip time is also calculated
ICMP
10
ICMP Destination Unreachable Message

When a router cannot forward or deliver an IP
datagram, it sends a type 3 ICMP message
(destination unreachable)
ICMP
11
Destination Unreachable Codes
0
1
2
3
Network unreachable
generated by a router if a forwarding path (route) to the
destination network is not available
Host unreachable
generated by a router if a forwarding path (route) to the destination
host on a directly connected network is not available (does not
respond to ARP);
Protocol unreachable
generated if the transport protocol designated in a datagram is not
supported in the transport layer of the final destination
Port unreachable
generated if the designated transport protocol (e.g., UDP) is unable
to demultiplex the datagram in the transport layer of the final
destination but has no protocol mechanism to inform the sender
ICMP
12
Destination Unreachable Codes
4
5
6
7
Frag needed and DF set
generated if a router needs to fragment a datagram but
cannot since the DF flag is set
Source route failed
generated if a router cannot forward a packet to the next
hop in a source route option
Destination network unkown
This code SHOULD NOT be generated since it would imply on the
part of the router that the destination network does not exist (net
unreachable code 0 SHOULD be used in place of code 6);
Destination host unkown
generated only when a router can determine (from link layer advice)
that the destination host does not exist
…
ICMP
13
Congestion and Datagram Flow Control

Two common situations may cause a
router to become congested with packets
A
high-speed sender transmits packets faster than an
intermediate network (router) can handle them
 Many
senders transmit packets through the same
router
ICMP
14
Congestion and Datagram Flow Control
In order to signal senders that it can’t handle
the load, a router sends an ICMP source
quench message
Ideally, such a message should be sent
before a router is forced to drop packets
Senders reduce transmission rate upon
receipt of a source quench message
ICMP
15
ICMP Source Quench Message
Type (8-bit): 4
Code (8-bit): 0
Checksum (16-bit)
Unused (Zero Field, 32-bit)
ICMP
16
Route Change Requests

Routers (not hosts) are responsible for keeping routing
information up-to-date

Routers are assumed to know correct routes

Hosts begin with minimal routing information and learn
new routes from routers

A host may boot up knowing the address of only one
router – but that may not be the best route for a given
datagram
ICMP
17
Route Change Requests

When a router detects a host using a nonoptimal route it:
 Sends
an ICMP redirect message to the host
 Forwards the message

A host is expected to then update its routing
table
ICMP
18
Route Change Requests

Not applicable to intermediate routers
ICMP
19
ICMP Redirect Message
Redirect Codes
0
1
2
3
Redirect for the network (obsolete)
Redirect for the Host
Redirect for the type-of-service and network (obsolete)
Redirect for the type-of-service and Host
ICMP
20
Circular or Excessively Long Routes

To avoid cycles
 datagrams
contain a TTL field (also called the hop
count) which is decremented until it reaches zero

When fragmented datagrams are received a
reassembly timer is started

if all the fragments are not received before the timer
expires we say a timeout has occurred
ICMP
21
ICMP Time Exceeded Message

If either the TTL field reaches zero or a
fragmentation reassembly timeout occurs, an
ICMP time exceeded message is sent
ICMP
22
ICMP
23
Links

http://www.wiziq.com/tutorial/116986-Chapter-4-InternetControl-Message-Protocol

http://fab.cba.mit.edu/classes/MIT/961.04/people/neil/ip.
pdf

http://www.sans.org/securityresources/idfaq/icmp_misuse.php
ICMP
24
Download