Computer Networking Experiment ICMP 封包協定分析

Computer Networking Experiment

ICMP 封包協定分析第 11 組張鶴齡資訊三 b91902011吳柏良資訊三 b91902029黃柏鈞資訊三 b91902048洪培堯資訊三 b91902056

ICMP

Internet Control Message Protocol Gateway : Network connecting devices Gateway or destination host will

communicate with a source host. ICMP, uses the basic support of IP as if it

were a higher level protocol.

ICMP

Situations to send ICMP message Datagram cannot reach its destination Gateway does not have the buffering

capacity to forward a datagram Gateway can direct the host to send traffic on

a shorter route.

ICMP

Purpose IP is not reliable. Provide feedback about problems in the

communication environment, not to make IP reliable.

ICMPCharacteristic

Report errors in the processing of datagrams. No ICMP messages are sent about ICMP

messages. Only sent about errors in handling fragment

zero of fragemented datagrams. (Fragment zero has the fragment offeset equal zero).

ICMP

Format Using basic IP header.

Version : 4 IHL : internet header length in 32-bit words. Type of Service : 0 (Routine, Delay, Throughput, Reliability) Total Length : in bytes. Identification, Flags, Fragment Offset Time to Live : in second (at least as great as number of gateway) Protocol : ICMP = 1 Header Checksum : 16-bit one’s complement Source Address : host that composes the ICMP Destination : where ICMP should be sent Option

ICMP

Destination Unreachable Message

ICMP: Destination Unreachable MessageFormat Type 3 Code

0 = net unreachable; 1 = host unreachable; 2 = protocol unreachable; 3 = port unreachable; 4 = fragmentation needed and DF set; 5 = source route failed.

ICMP: Destination Unreachable MessageFormat Checksum Internet Header(24 bytes) + 64 bits (8

bytes )of Data Datagram match the message to the appropriate process. Source Port may be (assume to be) included. (for

TCP: Source port, Dest. port, sequence number, acknowledgement, for UDP: Source port, Dest. Port, length, Checksum)

ICMP: Destination Unreachable MessageWhen to send? 0 Network Unreachable

forwarding path (route) to the destination network is not available.

1 Host Unreachable forwarding path (route) to the destination host on

a directly connected network is not available . 2 Protocol Unreachable

transport protocol is not supported in the transport layer of the final destination;

ICMP: Destination Unreachable MessageWhen to send? 3 Port Unreachable

unable to demultiplex the datagram in the transport layer of the final destination but has no protocol mechanism to inform the sender;

4 Fragmentation Needed and DF Set generate router needs to fragment a datagram but cannot since the

DF flag is set; 5 Source Route Failed

router cannot forward a packet to the next hop( 二個節點之間的傳輸路程 ) in a source route option;

ICMP: Destination Unreachable MessageWhen to send? 6 Destination Network Unknown

(net unreachable code 0 SHOULD be used in place of code 6);

7 Destination Host Unknown router can determine (from link layer advice) that

the destination host does not exist; 11 Network Unreachable For Type Of Service

forwarding path (route) to the destination network with the requested or default TOS is not available;

ICMP: Destination Unreachable MessageWhen to send? 12 Host Unreachable For Type Of Service

the destination do not match either the TOS requested in the datagram or the default TOS (0).

13 Communication Administratively Prohibited router cannot forward a packet due to

administrative filtering;

ICMP

Time Exceeded Message

ICMP : Time Exceeded MessageFormat Type 11 Code

0 = time to live exceeded in transit; 1 = fragment reassembly time exceeded.

Checksum Internet Header + 64 bits of Data Datagram

ICMP : Time Exceeded MessageWhen to send? 0 time to live exceeded in transit

Time to live field is zero, discard the datagram ( by gateway).

1 fragment reassembly time exceeded host cannot complete the reassembly due to

missing fragments within its time limit it discards the datagram.

If fragment zero is not available then no time exceeded need be sent at all.

ICMP

Parameter Problem Message

ICMP : Parameter Problem Message Format Type 12 Code

0 = pointer indicates the error. Checksum Pointer

If code = 0, identifies the octet where an error was detected.

Internet Header + 64 bits of Data Datagram

ICMP : Parameter Problem Message When to send? Cannot complete processing the datagram

due to problem with the header parameters, it must discard the datagram. Only sent if the error caused the datagram to be

discarded. Pointer

Identifies the octet of the original datagram’s header where the error was detected

For example, 1 indicates something is wrong with the Type of Service( the second byte in IP header).

ICMP

Source Quench Message (Quench: 抑制 )

ICMP : Source Quench Message Format Type 4 Code

0 Checksum Internet Header + 64 bits of Data Datagram

ICMP : Source Quench Message When to send? Gateway

Discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route.

Destination host Datagrams arrive too fast to be processed.

Gateway and Destination Host When it approaches its capacity limit rather than waiting

until the capacity is exceeded. This means that the data datagram which triggered the source quench message may be delivered.

ICMP : Source Quench Message Source Host Response? Cut back the rate until it no longer receives

source quench messages . The source host can then gradually increase

the rate until it again receives source quench messages.

Like flow-control and congestion-control in TCP, except that the message can also be sent by gateway.

ICMP

Redirect Message

ICMP : Redirect Message Format Type 5 Code

0 = Redirect for the Network. 1 = Redirect for the Host. 2 = Redirect for the Type of Service and Network. 3 = Redirect for the Type of Service and Host.

Checksum Gateway Internet Address

Address of the gateway to which traffic for the network specified in the internet destination network field of the original datagram’s data should be sent.

Internet Header + 64 bits of Data Datagram

ICMP : Redirect Message When to send? A gateway, G1 checks its routing table and

obtains the address of the next gateway, G2 such that G2 and the host identified by the internet source address of the datagram are on the same network. The redirect message advises the host to send its

traffic directly to gateway G2 as this is a shorter path to the destination.

The gateway forwards the original datagram’s data to its internet destination.

ICMP : Redirect Message When to send? For datagrams with the IP source route

options and the gateway address in the destination address field, a redirect message is not sent even if there is a better route.

ICMP

Echo or Echo Reply Message

ICMP : Echo or Echo Reply Message Format IP Fields: switch source and destination address ICMP Fields: Type

8 for echo message 0 for echo reply message

Code 0

Checksum Identifier

Aid in matching echos and replies, may be zero. Sequence Number

Aid in matching echos and replies, may be zero.

ICMP : Echo or Echo Reply Message Something need to know? The data received in the echo message must

be returned in the echo reply message. Identifier might be used like a port in TCP or

UDP to identify a session. Sequence number might be incremented on

each echo request sent. The echoer returns these same values in the echo reply.

ICMP

Timestamp or Timestamp Reply Message

ICMP : Timestamp or Timestamp Reply Message

Format IP Fields: switch source and destination address ICMP Fields: Type

13 for timestamp message 14 for timestamp reply message

Code 0

Checksum Identifier Sequence Number


Something need to know? Originate Timestamp sender last touched the message before

sending it. Receive Timestamp

echoer first touched it on receipt. Transmit Timestamp

echoer last touched the message on sending it.


Something need to know? The timestamp is 32 bits of milliseconds since midnight UT ( UT(0)==GMT,UT(1),UT(2)) .

If the time is not available in miliseconds or cannot be provided with respect to midnight UT then any time can be inserted in a timestamp provided the high order bit of the timestamp is also set to indicate this non-standard value.

ICMPInformation Request or Information Reply Message

ICMP : Information Request or Information Reply Message

Format IP Fields: switch source and destination address ICMP Fields: Type

15 for information request message 16 for information reply message

Code 0

Checksum Identifier Sequence Number

ICMP : Information Request or Information Reply Message

When to send? This message may be sent with the source

network in the IP header source and destination address fields zero (which means "this“ network).

The replying IP module should send the reply with the addresses fully specified. This message is a way for a host to find out the number of the network it is on. (Before RARP, the message is used to get

network information when boot)

ICMP

Summary of Mentioned Message Types 0 Echo Reply 3 Destination Unreachable 4 Source Quench 5 Redirect 8 Echo 11 Time Exceeded 12 Parameter Problem 13 Timestamp 14 Timestamp Reply 15 Information Request 16 Information Reply

ICMP

Summary of Message Types 0 Echo Reply [RFC792] 1 Unassigned [JBP] 2 Unassigned [JBP] 3 Destination Unreachable [RFC792] 4 Source Quench [RFC792] 5 Redirect [RFC792] 6 Alternate Host Address [JBP] 7 Unassigned [JBP] 8 Echo [RFC792] 9 Router Advertisement [RFC1256] 10 Router Solicitation [RFC1256] 11 Time Exceeded [RFC792] 12 Parameter Problem [RFC792] 13 Timestamp [RFC792] 14 Timestamp Reply [RFC792] 15 Information Request [RFC792] 16 Information Reply [RFC792]

ICMP

Summary of Message Types 17 Address Mask Request [RFC950] 18 Address Mask Reply [RFC950] 19 Reserved (for Security) [Solo] 20-29 Reserved (for Robustness Experiment) [ZSu] 30 Traceroute [RFC1393] 31 Datagram Conversion Error [RFC1475] 32 Mobile Host Redirect [David Johnson] 33 IPv6 Where-Are-You [Bill Simpson] 34 IPv6 I-Am-Here [Bill Simpson] 35 Mobile Registration Request [Bill Simpson] 36 Mobile Registration Reply [Bill Simpson] 37 Domain Name Request [RFC1788] 38 Domain Name Reply [RFC1788] 39 SKIP [Markson] 40 Photuris [RFC2521] 41 ICMP messages utilized by experimental [RFC-ietf-seamoby-iana-02.txt] mobility

protocols such as Seamoby 42-255 Reserved [JBP]

ICMPReference

RFC 792 : INTERNET CONTROL MESSAGE PROTOCOL

James F. Kurose and Keith W. Ross, "Computer Networks: A Top-Down Approach Featuring the Internet 3/e“, 2002.

http://www.freesoft.org/ http://www.iana.org/ http://www.ipv6.org.tw/ http://www.google.com.tw/

ICMP 應用－ Ping

140.112.91.86 140.112.91.84

current time

Type:8

Code:0

ICMP_ECHO

ping process

ICMP 應用－ Ping

140.112.91.86 140.112.91.84

ICMP_ECHOREPLY

Type:0

Code:0

kernel

Smurf Attack

The kernel automatically send ICMP_ECHOREPLY when receiving ICMP_ECHO

Broadcast

Smurf Attack

140.112.91.84

BUT source IP = 140.112.91.84

Broadcast the subnet with ICMP_ECHO

MANY ICMP_ECHOREPLYs

Demo Smurf Attack

140.112.91.84

source IP = 140.112.91.84

Broadcast the subnet “140.112.91.255” with ICMP_ECHO twice

MANY ICMP_ECHOREPLYs

140.112.91.86

Smurf Attack

How to prevent ? Turn off broadcast

ICMP_ECHOREREPLY Filter the packet

Visual TraceRoute

A tool for web administration in the new generation

TraceRoute – Where Everything Starts from

Long long ago, there is a ping and a traceroute…

What Does TraceRoute Do?

Trace the paths ( i.e. , routes ) from local host to a destination host or server.

Can be used to evaluate and debug web routing algorithms.

To Invoke the Traditional ( Build-In ) TraceRoute Program

Under Windows:

tracert destination_address Under Linux:

traceroute destination_address

Let’s run a sample quickly.

How TraceRoute Did This: Get Our Hands Dirty

TraceRoute works through playing a game throwing and receiving ICMP packages in type 30.

Format of the ICMP Package Type 30Bit 00 - 07 08 - 15 16 - 31

Type Code ICMP header checksum

Identifier Unused

Outbound Hop Count Return Hop Count

Output Link Speed

Output Link MTU

Type. 8 bits. Set to 30, specifying the type of ICMP packages. Code. 8 bits. Can only be 0 ( Outbound Packet successfully forwarded. ) or 1 ( No route for Outbound Packet. The packet was discarded. )

Format of the ICMP Package Type30 ( Cont.1 )Bit 00 - 07 08 - 15 16 - 31


Identifier Unused


Output Link Speed

Output Link MTU

ICMP Header Checksum. 16 bits.The 16 bit one's complement of sum of all 16 bit words in the message. When the checksum is computed, the checksum field should first be set to 0. When the data packet is transmitted, the checksum is computed and inserted into this field. When the data packet is received, the checksum is again computed and verified against the checksum field. If the two checksums do not match then an error has occurred.



Identifier Unused


Output Link Speed

Output Link MTUIdentifier. 16 bits.The ID Number as copied from the ICMP Traceroute option of the packet which caused this Traceroute message to be sent. This is NOT related to the ID number in the IP header.Outbound Hop Count. 16 bits.The Outbound Hop Count as copied from the IP Traceroute option of the packet which caused this Traceroute message to be sent.



Identifier Unused


Output Link Speed

Output Link MTU

Return Hop Count. 16 bits.The Return Hop Count as copied from the IP Traceroute option of the packet which caused this Traceroute message to be sent.



Identifier Unused


Output Link Speed

Output Link MTU

Output Link Speed. 32 bits.The speed in bytes per second of the link over which the Outbound/Return Packet will be sent. If this value cannot be determined, the field should be set to zero.Output Link MTU. 32 bits.The MTU in bytes of the link over which the Outbound/Return Packet will be sent. MTU refers to the data portion of the packet. If this value cannot be determined, this field should be set to zero.

Our GUI Shell for TraceRoute Base Framework: Java Swing. A command line traceroute implementation

called trace under Linux. Development Tool: Java Tiger, NetBeans. Goal: Visualize the traceroute process and

make route monitoring easier.

Demo Time

Thank You!

Documents

Computer Networking Experiment ICMP 封包協定分析