1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the...

8
1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP An ICMP message is delivered (encapsulated) in the data field of an IP packet Types and Codes (Figure 3-2) Type: General category of supervisory message Code: Subcategory of type (set to zero if there is no code)

Transcript of 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the...

Page 1: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

1

Figure 3-33: Internet Control Message Protocol (ICMP)

ICMP is for Supervisory Messages at the Internet Layer

ICMP and IP An ICMP message is delivered (encapsulated) in

the data field of an IP packet

Types and Codes (Figure 3-2) Type: General category of supervisory message Code: Subcategory of type (set to zero if there is

no code)

Page 2: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

2

Figure 8.13: Internet Control Message Protocol (ICMP) for Supervisory Messages

“Host Unreachable”

Error Message

Router

“Echo”“EchoReply”

ICMP Message IP Header

Page 3: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

3

Figure 3-32: IP Packet with an ICMP Message Data Field

Bit 31

IP Header (Usually 20 Bytes)

Type (8 bits) Depends on Type and Code

Depends on Type and Code

Bit 0

Code (8 bits)

Page 4: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

4

Figure 3-32: Internet control Message Protocol (ICMP)

Network Analysis Messages Echo (Type 8, no code) asks target host if it is

operational and available Echo reply (Type 0, no code). Target host

responds to echo sender Ping program implements Echo and Echo Reply.

Like submarine pinging a target Ping is useful for network managers to diagnose

problems based on failures to reply Ping is useful for hackers to identify potential

targets: live ones reply

Page 5: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

5

Figure 3-32: Internet control Message Protocol (ICMP)

Error Advisement Messages Advise sender of error but there is no error

correction Host Unreachable (Type 3, multiple codes)

Many codes for specific reasons for host being unreachable

Host unreachable packet’s source IP address confirms to hackers that the IP address is live and therefore a potential victim

Usually sent by a router

Page 6: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

6

Figure 3-31: Internet control Message Protocol (ICMP)

Error Advisement Messages Time Exceeded (Type 11, no codes)

Router decrementing TTL to 0 discards packet, sends time exceeded message

IP header containing error message reveals router’s IP address

By progressively incrementing TTL values by 1 in successive packets, attacker can scan progressively deeper into the network, mapping the network

Also usually sent by a router

Page 7: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

7

Figure 3-31: Internet control Message Protocol (ICMP)

Control Codes Control network/host operation Source Quench (Type=4, no code)

Tells destination host to slow down its transmission rate

Legitimate use: Flow control if host sending source quench is overloaded

Attackers can use for denial-of-service attack

Page 8: 1 Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP  An ICMP message is delivered.

8

Figure 3-31: Internet control Message Protocol (ICMP)

Control Codes Redirect (Type 5, multiple codes)

Tells host or router to send packets in different way than they have

Attackers can disrupt network operations, for example, by sending packets down black holes

Many Other ICMP Messages