Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 4 Internet Control Message...

Guide to TCP/IP, Second Edition 1

Guide To TCP/IP, Second Edition

Chapter 4

Internet Control Message Protocol (ICMP)


Objectives

• Understand the Internet Control Message Protocol

• Test and troubleshoot sequences for ICMP

• Work with ICMP packet fields and functions


Understanding The Internet Control Message Protocol

• Provides information about– Network Connectivity– Routing behavior– Reachability– Delivery error reports– Control information– Network congestion


Overview of RFC 792

• Specification of all ICMP messages• RFC 792 point about IP and ICMP

– Mechanism for gateways (routers) or destination hosts to communicate with source hosts

– Specially formatted IP datagrams, with specific associated message types and codes

– Essential part of IP’s support fabric

– ICMP reports errors only about processing of non-ICMP IP datagrams


ICMP’s Vital Role on IP Networks

• ICMP is used for network monitoring and troubleshooting


ICMP’s Vital Role on IP Networks (cont.)


Testing And Troubleshooting Sequences For ICMP

• Connectivity testing with PING– ICMP Echo Request– ICMP Echo Reply

• Windows XP command-line parameters used with PING– -l– -f– -i– -v– -w


Testing And Troubleshooting Sequences For ICMP (cont.)


Path Discovery with TRACEROUTE

• Identifies a path• Steps TRACEROUTE uses to identify a path

– Host sends ICMP Echo Request with a TTL value of 1– Router 1 discards the packet and sends an ICMP Time

Exceeded-TTL Exceeded in Transit message– Host sends ICMP Echo Request with a TTL value of 2– Router 1 decrements ICMP Echo Request packet by 1– Router 2 discards the packet and sends an ICMP Time

Exceeded-TTL Exceeded in Transit message– Destination host sends a ICMP Echo Reply


Path Discovery with TRACEROUTE (cont.)


Path Discovery with TRACEROUTE (cont.)

• Windows XP command-line parameters used with TRACERT– -d– -h– -w


Routing Sequences for ICMP

• Router Discovery– ICMP Router Solicitation– ICMP Router Discovery

• Router Advertising– Periodic ICMP Router Advertisements passively learn

about available routes– TTL route entry is 30 minutes then route entry is

removed from the route table– Advertising rate is between seven to ten minutes

• Redirection to a better router


Routing Sequences for ICMP (cont.)


Security Issues For ICMP

• ICMP is part of a reconnaissance process– IP host probe– Port probe


ICMP Packet Fields And Functions

• Two types of ICMP fields– Constant and Variable

• Constant ICMP fields– Type Field– Code Field– Checksum Field


ICMP Packet Fields And Functions (cont.)



• The variable ICMP structures and functions– Types 0 and 8: Echo Reply and Echo Packets– Type 3: Destination Unreachable Packets

• Code 0: Net Unreachable• Code 1: Host Unreachable• Code 2: Protocol Unreachable• Code 3: Port Unreachable• Code 4: Fragmentation Needed and Don’t Fragment Was Set• Code 5: Source Route Failed• Code 6: Destination Network Unknown• Code 7: Destination Host Unknown



• Type 3: Destination Unreachable Packets (cont.)– Code 8: Source Host Isolated– Code 9: Communication with Destination Network Is

Administratively Prohibited– Code 10:Communication with Destination Host Is

Administratively Prohibited– Code 11: Destination Network Unreachable for Type of Service– Code 12: Destination Host Unreachable for Type of Service– Code 13: Communication Administratively Prohibited– Code 14: Host Precedence Violation– Code 15: Precedence Cutoff in Effect


Chapter Summary

• ICMP provides vital feedback about IP routing and delivery problems

• ICMP also provides important IP diagnostic and control capabilities that include reachability analysis, congestion management, route optimization, and timeout error reports


Chapter Summary (cont.)

• Although ICMP messages fall within various well-documented types and behave as a separate protocol at the TCP/IP Network layer, ICMP is really part of IP itself, and its support is required in any standards-compliant IP implementation

• RFC 792 describes ICMP, but numerous other RFCs (such as 950, 1191, and 1812) describe additional details about how ICMP should behave, and how its messages should be generated and handled



• Two vital TCP/IP diagnostic utilities, known as PING and TRACEROUTE (invoked as TRACERT in the Windows environment), use ICMP to measure roundtrip times between a sending and receiving host, and to perform path discovery for a sending host and all intermediate hosts or routers between sender and receiver



• Although ICMP has great positive value as a diagnostic and reporting tool, those same capabilities can be turned to nefarious purposes as well, which makes security issues for ICMP important

• When hackers investigate networks, ICMP host probes often represent early stages of attack



• Understanding the meaning and significance of the ICMP Type and Code fields is essential to recognizing individual ICMP messages and what they are trying to communicate

• ICMP message structures and functions can vary, depending on the information that any such message seeks to convey

Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 4 Internet Control Message...

Documents

Transcript of Guide to TCP/IP, Second Edition1 Guide To TCP/IP, Second Edition Chapter 4 Internet Control Message...