Download ICMP

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
Document related concepts

Computer network wikipedia , lookup

Distributed firewall wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Internet protocol suite wikipedia , lookup

I²C wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Real-Time Messaging Protocol wikipedia , lookup

Routing in delay-tolerant networking wikipedia , lookup

Transcript 
BCIS 4630 Fundamentals of IT Security
Instructor: Andy Wu
Internet Control Message Protocol
Excerpt from T. W. Ogletree, Upgrading and Repairing Networks (4/e) The Internet Control Message Protocol is a required part of any TCP/IP implementation, and the functions it performs are very important to routers and other network devices that communicate through TCP/IP. Like TCP and UPD, this protocol also uses the IP protocol to send its messages through the network. If you have used the ping or traceroute commands, you have used ICMP. ICMP was first defined in RFC 792. Whereas TCP can usually recover from dropped datagrams simply by requesting that IP retransmit them, ICMP is used as a reporting mechanism that can be used by IP (and thus the protocols that use IP). There are many kinds of ICMP messages, but all share a similar format. These are the fields of an ICMP message: •
•
•
•
Type— This 1‐byte field is used to indicate the kind of ICMP message (see Table 25.10). Code— This 1‐byte field is used as a subcode to further identify a message. This field is set to zero if the particular message type does not need to be further delineated. Checksum— This 2‐byte field is used to provide an error‐checking code for the entire ICMP message. Type‐Specific Data— This field can vary in length and is used to provide further data specific to the ICMP message type. ICMP Message Types Table 25.10 shows the different types of messages that make up ICMP. The numbers listed in the Message Type field are what will be found in the Type field of the ICMP message. Table 25.10. ICMP Message Types
Message Type
Description
0
Echo Reply
3
Destination Unreachable
4
Source Quench
5
Redirect Message
6
Alternate Host Address
8
Echo Request
BCIS 4630 Fundamentals of IT Security ICMP ‐ 1
9
Router Advertisement
10
Router Solicitation
11
Time Exceeded
12
Parameter Problem
13
Timestamp Request
14
Timestamp Reply
15
Information Request (no longer used)
16
Information Reply (no longer used)
17
Address Mask Request
18
Address Mask Reply
19
Reserved for Security
20–29
Reserved for Robustness Experiment
30
Traceroute
31
Datagram Conversion Error
32
Mobile Host Redirect
33
IPv6 Where-Are-You
34
IPv6 I-Am-Here
35
Mobile Registration Request
36
Mobile Registration Reply
37
Domain Name Request
38
Domain Name Reply
39
SKIP
40
Photuris
41–255
Reserved
The ping command uses the echo request and echo reply messages to determine whether a physical connection exists between systems. Another important function on the Internet is traffic control, and the source quench message can be sent to tell a sending host that the destination host cannot keep up with the speed at which it is sending packets. The transmitting computer can keep sending these quench messages until the sender scales back its transmissions to an acceptable rate. A router uses another valuable function ICMP (the Redirect Message) to tell another router that it knows of a better path to a destination. Routers also can use the time‐exceeded messages to report to another device as to why a packet was discarded. Routers are not the only devices that use ICMP. Host computers can use ICMP. For example, when a computer boots and does not know what the network mask is for the local LAN, it can generate an address mask request message. Another device on the network can reply to assist the computer. BCIS 4630 Fundamentals of IT Security ICMP ‐ 2
Note
The Information Request and Information Reply message types are shown in Table 25.10 only for
completeness. Their functionality was originally developed to allow a host to obtain an IP address.
This function is now supplied by the BOOTP protocol and by the Dynamic Host Configuration
Protocol (DHCP). For more information about these protocols, see Chapter 29.
The Code field in the ICMP message is used for only some of the ICMP message types. The Destination Unreachable message has the largest number of code types. Table 25.11 lists these codes. Table 25.11. ICMP Message Codes
Message Type
Code Field
Description
3
0
Network unreachable
1
Host unreachable
2
Protocol unreachable
3
Port unreachable
4
Fragmentation needed but the Don't Fragment bit is set
5
Source route failed
6
Destination network unknown
7
Destination host unknown
8
Source host isolated (no longer used)
9
Destination network administratively prohibited
10
Destination host administratively prohibited
11
Network unreachable for TOS
12
Host unreachable for TOS
13
Communication administratively prohibited by filtering
14
Host precedence violation
15
Precedence cutoff in effect
0
Redirect for network
1
Redirect for host
2
Redirect for type of service and network
3
Redirect for type of service and host
0
TTL equals zero during transit
1
TTL equals zero during reassembly
0
IP header bad
1
Required option missing
5
11
12
As you can see, ICMP can be used to compose quite detailed messages to indicate error conditions, offer advice on routing possibilities, and perform other functions that help make the Internet easier to manage. BCIS 4630 Fundamentals of IT Security ICMP ‐ 3
Some situations will cause an ICMP message to not be generated. For example, ICMP messages are never created in response to an error in another ICMP message. That doesnʹt mean that ICMP messages canʹt be created in response to other ICMP messages, however. For example, the echo request and echo reply messages work together in a query/response format. Other instances that usually donʹt generate ICMP messages include these: •
•
•
•
IP broadcast and multicast messages Link‐layer broadcast messages (that is, Ethernet frame broadcast messages) Datagrams that have a source address that is not for a unique host, such as the loopback address Messages that have been fragmented, except for the first fragment If ICMP messages were allowed to correct problems with multicast or broadcast messages, a large number could be generated, causing the problem to become worse. This is the reason for most of the preceding conditions limiting the use of ICMP.
BCIS 4630 Fundamentals of IT Security ICMP ‐ 4
Related documents
Chapter 3
Chapter 3
Network Protocols
Network Protocols
Computer Networks and Internets
Computer Networks and Internets
Chapter 9
Chapter 9
Internet Control Message Protocol (ICMP) Chapter 7
Internet Control Message Protocol (ICMP) Chapter 7
lecture07
lecture07
Ch.8 Error And Control Messages (ICMP)
Ch.8 Error And Control Messages (ICMP)
WWW Tutorial
WWW Tutorial
Chapter 8 ICMP Echo Request (PING)
Chapter 8 ICMP Echo Request (PING)
Internet Control Message Protocol
Internet Control Message Protocol
ICMP
ICMP
Networking-1
Networking-1
CCNA2 3.1-08 TCPIP Suite Error and Control Messages
CCNA2 3.1-08 TCPIP Suite Error and Control Messages
d (p1, p2)
d (p1, p2)
Internet Control Message Protocol
Internet Control Message Protocol
Error Messages
Error Messages
ReviewSheet Midterm2 Last modified January 7
ReviewSheet Midterm2 Last modified January 7
Internet Control Message Protocol
Internet Control Message Protocol
Denial of Service Attacks
Denial of Service Attacks
DNA GENETIC TESTING AND PROCESSING INFORMATION
DNA GENETIC TESTING AND PROCESSING INFORMATION
Solution to test 2
Solution to test 2
Hands-On Ethical Hacking and Network Security
Hands-On Ethical Hacking and Network Security