Post on 16-Jan-2016
Guide to TCP/IP, Second Edition 1
Guide To TCP/IP, Second Edition
Chapter 4
Internet Control Message Protocol (ICMP)
Guide to TCP/IP, Second Edition 2
Objectives
• Understand the Internet Control Message Protocol
• Test and troubleshoot sequences for ICMP
• Work with ICMP packet fields and functions
Guide to TCP/IP, Second Edition 3
Understanding The Internet Control Message Protocol
• Provides information about– Network Connectivity– Routing behavior– Reachability– Delivery error reports– Control information– Network congestion
Guide to TCP/IP, Second Edition 4
Overview of RFC 792
• Specification of all ICMP messages• RFC 792 point about IP and ICMP
– Mechanism for gateways (routers) or destination hosts to communicate with source hosts
– Specially formatted IP datagrams, with specific associated message types and codes
– Essential part of IP’s support fabric
– ICMP reports errors only about processing of non-ICMP IP datagrams
Guide to TCP/IP, Second Edition 5
ICMP’s Vital Role on IP Networks
• ICMP is used for network monitoring and troubleshooting
Guide to TCP/IP, Second Edition 6
ICMP’s Vital Role on IP Networks (cont.)
Guide to TCP/IP, Second Edition 7
Testing And Troubleshooting Sequences For ICMP
• Connectivity testing with PING– ICMP Echo Request– ICMP Echo Reply
• Windows XP command-line parameters used with PING– -l– -f– -i– -v– -w
Guide to TCP/IP, Second Edition 8
Testing And Troubleshooting Sequences For ICMP (cont.)
Guide to TCP/IP, Second Edition 9
Testing And Troubleshooting Sequences For ICMP (cont.)
Guide to TCP/IP, Second Edition 10
Path Discovery with TRACEROUTE
• Identifies a path• Steps TRACEROUTE uses to identify a path
– Host sends ICMP Echo Request with a TTL value of 1– Router 1 discards the packet and sends an ICMP Time
Exceeded-TTL Exceeded in Transit message– Host sends ICMP Echo Request with a TTL value of 2– Router 1 decrements ICMP Echo Request packet by 1– Router 2 discards the packet and sends an ICMP Time
Exceeded-TTL Exceeded in Transit message– Destination host sends a ICMP Echo Reply
Guide to TCP/IP, Second Edition 11
Path Discovery with TRACEROUTE (cont.)
Guide to TCP/IP, Second Edition 12
Path Discovery with TRACEROUTE (cont.)
• Windows XP command-line parameters used with TRACERT– -d– -h– -w
Guide to TCP/IP, Second Edition 13
Routing Sequences for ICMP
• Router Discovery– ICMP Router Solicitation– ICMP Router Discovery
• Router Advertising– Periodic ICMP Router Advertisements passively learn
about available routes– TTL route entry is 30 minutes then route entry is
removed from the route table– Advertising rate is between seven to ten minutes
• Redirection to a better router
Guide to TCP/IP, Second Edition 14
Routing Sequences for ICMP (cont.)
Guide to TCP/IP, Second Edition 15
Routing Sequences for ICMP (cont.)
Guide to TCP/IP, Second Edition 16
Security Issues For ICMP
• ICMP is part of a reconnaissance process– IP host probe– Port probe
Guide to TCP/IP, Second Edition 17
ICMP Packet Fields And Functions
• Two types of ICMP fields– Constant and Variable
• Constant ICMP fields– Type Field– Code Field– Checksum Field
Guide to TCP/IP, Second Edition 18
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 19
ICMP Packet Fields And Functions (cont.)
• The variable ICMP structures and functions– Types 0 and 8: Echo Reply and Echo Packets– Type 3: Destination Unreachable Packets
• Code 0: Net Unreachable• Code 1: Host Unreachable• Code 2: Protocol Unreachable• Code 3: Port Unreachable• Code 4: Fragmentation Needed and Don’t Fragment Was Set• Code 5: Source Route Failed• Code 6: Destination Network Unknown• Code 7: Destination Host Unknown
Guide to TCP/IP, Second Edition 20
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 21
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 22
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 23
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 24
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 25
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 26
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 27
ICMP Packet Fields And Functions (cont.)
Guide to TCP/IP, Second Edition 28
ICMP Packet Fields And Functions (cont.)
• Type 3: Destination Unreachable Packets (cont.)– Code 8: Source Host Isolated– Code 9: Communication with Destination Network Is
Administratively Prohibited– Code 10:Communication with Destination Host Is
Administratively Prohibited– Code 11: Destination Network Unreachable for Type of Service– Code 12: Destination Host Unreachable for Type of Service– Code 13: Communication Administratively Prohibited– Code 14: Host Precedence Violation– Code 15: Precedence Cutoff in Effect
Guide to TCP/IP, Second Edition 29
Chapter Summary
• ICMP provides vital feedback about IP routing and delivery problems
• ICMP also provides important IP diagnostic and control capabilities that include reachability analysis, congestion management, route optimization, and timeout error reports
Guide to TCP/IP, Second Edition 30
Chapter Summary (cont.)
• Although ICMP messages fall within various well-documented types and behave as a separate protocol at the TCP/IP Network layer, ICMP is really part of IP itself, and its support is required in any standards-compliant IP implementation
• RFC 792 describes ICMP, but numerous other RFCs (such as 950, 1191, and 1812) describe additional details about how ICMP should behave, and how its messages should be generated and handled
Guide to TCP/IP, Second Edition 31
Chapter Summary (cont.)
• Two vital TCP/IP diagnostic utilities, known as PING and TRACEROUTE (invoked as TRACERT in the Windows environment), use ICMP to measure roundtrip times between a sending and receiving host, and to perform path discovery for a sending host and all intermediate hosts or routers between sender and receiver
Guide to TCP/IP, Second Edition 32
Chapter Summary (cont.)
• Although ICMP has great positive value as a diagnostic and reporting tool, those same capabilities can be turned to nefarious purposes as well, which makes security issues for ICMP important
• When hackers investigate networks, ICMP host probes often represent early stages of attack
Guide to TCP/IP, Second Edition 33
Chapter Summary (cont.)
• Understanding the meaning and significance of the ICMP Type and Code fields is essential to recognizing individual ICMP messages and what they are trying to communicate
• ICMP message structures and functions can vary, depending on the information that any such message seeks to convey