Download 9781133019862_PPT_ch05

Guide to TCP/IP
Fourth Edition
Chapter 5:
Internet Control Message Protocol
Objectives
• Explain the basics of the Internet Control Message
Protocol (ICMP) and the roles it plays on networks
• Describe the specifications listed in RFC 792,
which define the original ICMPv4 protocol,
including its header format and the different types
and formats of ICMPv4 messages
• Provide a basic overview of the ICMPv6 protocol,
covering its header format and the different types
and formats of ICMPv6 messages, including how
error messages and informational message types
are organized
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
2
Objectives (cont’d.)
• List the details of the different ICMPv6 error
messages, including those that existed in ICMPv4
and have been upgraded as well as message types
that were newly created for ICMPv6
• Describe the intricacies of all the different ICMPv6
informational messages, including those that
existed under ICMPv4 and have been upgraded
and those that have been newly created for use in
ICMPv6
• Understand the general differences between
ICMPv4 and ICMPv6
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
3
Objectives (cont’d.)
• Explain how Path MTU Discovery operates
between IPv4 nodes, including the involvement of
default packet MTUs, packet fragmentation, and
the effect of a packet being marked for no
fragmentation relative to ICMPv4 messaging
• Describe how Path MTU Discovery has been
changed for IPv6 and the associated changes to
ICMPv6 messages for this technology
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
4
Objectives (cont’d.)
• Describe the various processes for testing and
troubleshooting with ICMP, including the use of
network utilities such as Ping, Traceroute, and
Pathping as well as routing sequences and security
issues
• Explain network protocol analyzer data and use the
data to decode ICMPv4 and ICMPv6 packets in
order to understand their versions, types,
sequencing, and other information
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
5
ICMP Basics
• ICMP
– Provides information about network connectivity and
routing behavior
– Provides a way to return information to senders
– Messages are nothing more than specially formatted
IP datagrams
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
6
Roles That ICMP Plays on IP
Networks
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
7
ICMPv4
• Core protocol in the IP suite
– Originally specified by RFC 777 (made obsolete by
RFC 792)
• ping command
– Widely used to test the connection between
computers
• Supports a series of network testing and error
messages
– It carries no payload and is not used by computer
applications
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
8
Overview of RFC 792
• RFC 792
– Provides basic specification for all ICMP messages
• According to RFC 792, ICMP
– Provides mechanism for gateways (routers) or
destination hosts to communicate with source hosts
– Takes the form of specially formatted IP datagrams
– Required in some implementations of TCP/IP
– Reports errors about processing of non-ICMP IP
datagrams
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
9
ICMPv4 Header
• Value 1 in IP header Protocol field
– Denotes that an ICMP header follows the IP header
• ICMP header portions
– Constant portion
– Variable portion
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
10
ICMPv4 Header (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
11
Constant ICMP Fields
• ICMP packets contain three required fields after the
IP header
– Type
– Code
– Checksum
• Type Field
– Identifies types of ICMP messages that can be sent
on the network
– List is based on IANA documentation
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
12
Constant ICMP Fields (cont’d.)
• Code Field
– Many ICMP packet types have a Code field
• Checksum Field
– Provides error detection for the ICMP header only
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
13
Types of ICMPv4 Messages
• Fall into two general categories:
– Error messages
– Informational messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
14
Destination Unreachable Packets
• Returned to the source node
– When a packet that was sent could not be delivered
to the destination address
• Sender can then use this information to decide how
to correct the problem
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
15
Source Quench
• Used to tell the source node to reduce the rate of
speed at which it sends packets to the destination
node
• Source node responds by slowing down the
transmission rate until it stops receiving Source
Quench messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
16
Time Exceeded
• Sent in two circumstances
– When a packet’s Time to Live (TTL) field is
decremented to zero
– When some of the fragments of a message do not
reach the destination node
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
17
Redirect
• Routers
– Send ICMP Redirect messages to hosts to indicate
that a preferable route exists
• Technically, this is not an error message
– But for ICMPv4, it is classified as such
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
18
Parameter Problem
• “Generic” error message
• Can be sent back to the source node by any device
on the network
– When device detects an error in any header field in
an IP packet
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
19
Echo Request and Echo Reply
• Used for connectivity testing between network
nodes
• Ping utility
– Most common implementation of these messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
20
Timestamp and Timestamp Reply
• Routers use this pair of messages on a network to
synchronize their system clocks for date and time
• Time synchronization method does not work very
well on large networks
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
21
Router Advertisement and Router
Solicitation
• Allow a network node not manually configured with
the address of a first-hop router
– To ask for and receive information about routers on
the local network
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
22
Address Mask Request and Address
Mask Reply
• Intended to provide hosts with a method to
determine their network mask information
• Most computers acquire information about what
subnet mask they’re supposed to use via DHCP
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
23
Traceroute
• Similar to Echo Request and Echo Reply
messages
• Traces the exact sequence of routers from source
to destination
– On a hop-by-hop basis
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
24
The Variable ICMP Structures and
Functions
• ICMP Type 0
– Used for Echo Reply packets
• ICMP Type 8
– Used for Echo Request packets
• RFC 792
– Identifier and Sequence fields are used to aid in
matching Echo messages with Echo Replies
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
25
The Variable ICMP Structures and
Functions (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
26
The Variable ICMP Structures and
Functions (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
27
Type 3: Destination Unreachable
Packets
• Network troubleshooters
– Often closely track ICMP Destination Unreachable
packets
• Host that sends Destination Unreachable packet
– Must return IP header and eight bytes of original
datagram that triggered this response
• Total of 16 (0 through 15) possible codes
– Currently assigned to ICMP Destination
Unreachable type number
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
28
Type 3: Destination Unreachable
Packets (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
29
Type 3: Destination Unreachable
Packets (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
30
Type 4: Source Quench
• Router or host
– May use Source Quench to indicate that it is
becoming congested or overloaded
• By default
– Most current routers do not issue Source Quench
messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
31
Type 4: Source Quench (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
32
Type 5: Redirect
• Routers
– Send ICMP Redirect messages to hosts to indicate
that a preferable route exists
• ICMP Redirect packet
– Four-byte field for the preferred gateway’s address
• Ideally
– Clients should update routing tables to indicate
optimal path
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
33
Types 9 and 10: Router Advertisement
and Router Solicitation
• ICMP Router Advertisement packets include the
following fields
–
–
–
–
–
–
# of Addresses
Address Size
Lifetime
Router Address 1
Precedence Level 1
Router Address 2 and Precedence Level 2
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
34
Type 11: Time Exceeded
• Routers or hosts
– Can send these ICMP packets
• Codes that can be used
– Code 0 and Code 1
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
35
Type 12: Parameter Problem
• Errors indicate problems not covered by other
ICMP error messages
• Codes used in ICMP Parameter Problem
messages
– Code 0: Pointer Indicates the Error
– Code 1: Missing a Required Option
– Code 2: Bad Length
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
36
Types 13 and 14: Timestamp and
Timestamp Reply
• Defined as a method for one IP host to obtain the
current time
• Value returned
– The number in milliseconds since midnight,
Universal Time (UT)
• ICMP Timestamp and Timestamp Reply packets
– Use the same structure
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
37
Types 15 and 16: Information Request
and Information Reply
• Provides a way for a host to find out what network
it is on
• ICMP Information Request and Information Reply
packets
– Use the same structure
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
38
Types 17 and 18: Address Mask
Request and Address Mask Reply
• Intended to provide diskless hosts with a method to
determine their network mask information
• ICMP Address Mask Request and Address Mask
Reply packets
– Use the same structure
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
39
Type 30: Traceroute
• Documented in RFC 1393 but not currently in use
• Requires some added functionality in the IP routers
it traverses
• Adding functionality to routers
– Costly and requires numerous resources to build,
implement, and test new code
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
40
Type 30: Traceroute (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
41
ICMPv6
• ICMPv6 provides the same basic mechanism for
error reporting and information exchange between
networked devices as ICMPv4
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
42
Overview of ICMPv6
• Originally specified by RFC 1885 (made obsolete
by RFC 2463)
• Current specification is RFC 4443
– Message types that previously used other protocols
now use ICMPv6
– New message types have been created that did not
exist in ICMPv4
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
43
Types of ICMPv6 Messages
• Type numbers 0–127 cover error messages
• Type numbers 128–255 cover informational
messages
• Some message names are the same as their
ICMPv4 counterparts
– But many of them are completely new
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
44
ICMPv6 Header
• RFC 4443 describes the general format of ICMPv6
messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
45
ICMPv6 Error Messages
• ICMPv6 error messages from Type values 0 to 127
• Type values are all defined in RFC 4443
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
46
Destination Unreachable Messages
• Router encountering this packet will send a
Destination Unreachable message back to the
source node
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
47
Packet Too Big Messages
• New ICMPv6 error message type
– Required because of how IPv6 manages data
fragmentation and reassembly
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
48
Time Exceeded Messages
• Substantially similar to its ICMPv4 counterpart
• Message format is identical to the Destination
Unreachable message
• Values for the Code field:
– 0—Hop limit exceeded in transit
– 1—Fragment reassembly time exceeded
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
49
Parameter Problem Messages
• ICMPv6 Parameter Problem messages are
considered “generic” messages
• Table 5-12: Parameter Problem message format
fields
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
50
ICMPv6 Informational Messages
• Type codes for informational messages
– Exist in the 128–255 range
• ICMPv6 messages are not used to report errors
– But to provide information to the source node
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
51
Echo Request and Echo Reply
Messages
• Specified in RFC 4443
• Perform basic connectivity test
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
52
Router Advertisement and Router
Solicitation Messages
• Specified in RFC 4861
• Router discovery function has been integrated into
the Neighbor Discovery (ND) protocol
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
53
Neighbor Solicitation and Neighbor
Advertisement Messages
• Specified in RFC 4861
• Part of the IPv6 Neighbor Discovery protocol
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
54
Redirect Messages
• Specified by RFC 4861 for ICMPv6
• Provide information to a node to change which
router it is using
• Figure 5-26: ICMPv6 Redirect message format
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
55
Router Renumbering Messages
• Specified in RFC 2894
• Allows address prefixes on routers to be configured
and reconfigured
• Three types of Router Renumbering messages:
– Commands
– Results
– Sequence Number Reset
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
56
A Short Comparison of ICMPv4 and
ICMPv6 Messages
• Common general message types:
–
–
–
–
Connectivity-checking messages
Error-checking messages
Informational messages
Fragmentation required messages
• ICMPv6 only general message types:
–
–
–
–
Address Assignment messages
Address Resolution messages
Multicast Group Management messages
Mobile IPv6 Support messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
57
Path MTU Discovery
• Path MTU (PMTU) Discovery in IPv4 networks
– Allows routers to notify nodes via ICMPv4 messages
if they need to change the MTU size of the packets
they are sending
• Common practice for IPv4 routers to fragment
packets
• If the packet MTU is too large
– Node will receive the ICMPv4 message Destination
Unreachable
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
58
Changes to PMTU
• IPv6 MTU sizing and fragmentation have been
updated
– Improve the efficiency and quality of sending and
receiving network traffic
• Used on IPv4 networks, it has been vastly
improved for IPv6
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
59
Testing And Troubleshooting
Sequences For ICMP
• ICMP’s most common uses are for testing and
troubleshooting
• Two well-known IP utilities
– Ping and Traceroute
– Rely on ICMP to perform connectivity tests and path
discovery
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
60
Connectivity Testing with Ping
• Ping
– Actually a form of ICMP Echo communication
• ICMP Echo Request
– Connectionless process with no guarantee of
delivery
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
61
Connectivity Testing with Ping (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
62
Connectivity Testing with Ping (cont’d.)
• Most Ping utilities
– Send series of several Echo Requests to the target
in order to obtain average response time
• Ping utility
– Sends series of four ICMP Echo Requests with a
one-second ICMP Echo Reply Timeout value
– Supports IP addresses and names
– Uses traditional name resolution processes
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
63
Connectivity Testing with Ping (cont’d.)
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
64
Connectivity Testing with Ping (cont’d.)
• Parameters available with the Ping utility
–
–
–
–
–
-l size
-f
-i TTL
-v TOS
-w timeout
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
65
Path Discovery with Traceroute
• Traceroute utility
– Uses route tracing to identify a path from sender to
target host
– Available parameters
• -d
• -h
• -w
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
66
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
67
Path Discovery with Pathping
• Pathping utility
– Command-line utility
– Uses ICMP Echo packets to test router and link
latency, as well as packet loss
• PMTU Discovery
– Enables source to learn the currently supported
MTU across an entire path
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
68
Path MTU Discovery with ICMP
• Defined in RFC 1191
• PMTU Discovery
– Enables source to learn the currently supported
MTU across an entire path
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
69
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
70
Path MTU Discovery with ICMP
(cont’d.)
• PMTU process
– Host A sends a 4,096-byte packet to Host B
– Router 1 discards packet and sends Host A a
“Fragmentation Needed and Don’t Fragment Flag
was Set” ICMP packet
– Host A re-sends packet using maximum MTU size of
1,500
– Router 1 forwards packet across Network 2 to
Router 2
– Router 2 receives packet and forwards it to Network
3, where it arrives at Host B
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
71
Routing Sequences for ICMP
• ICMP
– Can provide some routing information to hosts
– Used by routers to provide a default gateway setting
to a host
• Routers
– Can send ICMP messages
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
72
Router Discovery
• IP hosts
– Typically learn about routes through manual
configuration of
• Default gateway parameter and redirection messages
– Send ICMP Router Solicitations and routers reply
with ICMP Router Advertisements
• By default
– ICMP Router Solicitation packet is sent to the allrouters IP multicast address 224.0.0.2
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
73
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
74
Router Advertising
• ICMP router advertisements
– Allow hosts to passively learn about available routes
• Default Lifetime value for route entries
– 30 minutes
• Default advertising rate
– Between seven and ten minutes
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
75
Redirection to a Better Router
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
76
Security Issues For ICMPv4
• ICMP
– Can be used as an information-gathering tool
• IP address scanning process
– One method of obtaining a list of the active hosts
• IP host probe
– Performed by sending a ping packet to each host
within a range and noting the responses
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
77
ICMP Redirect Attack
• ICMP
– Used to manipulate traffic flow between hosts
• Attacker can
– Redirect traffic to his machine and perform any
number of man-in-the-middle style attacks
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
78
ICMP Router Discovery
• Susceptible to attack on the local network segment
• During discovery process
– Router Solicitation message finds its way to
attacker’s machine
• Timing is critical
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
79
Inverse Mapping
• One method of determining live targets on a
network
• Firewalking
– Describes the concept of walking a firewall ACL or
ruleset to determine what it filters and how
– A two-phase attack method
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
80
Security Issues for ICMPv6
• ICMPv6 built-in security features
– Designed to prevent attacks sent from another
network segment
• Features include:
– Value in Hop Limit field being set at 255
– Source address of ICMPv6 packets must be either
link-local or unspecified
– Authentication for ICMPv6 packet exchanges is
managed using IPv6-AUTH or IPv6-ESP
– ICMPv6 is protected by IPsec
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
81
Decoding ICMP Packets
• Tools such as Wireshark can capture and decode
ICMP packets for examination
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
82
ICMPv4
• Table 5-21: ICMPv4 Echo Request and Echo Reply
Message format fields
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
83
ICMPv6
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
84
Summary
• ICMP
– Provides vital feedback about IP routing and delivery
problems
– Really part of IP itself
– Support is required in any standards-compliant IP
implementation
– Used by Ping and Traceroute to measure round-trip
times
– Supports PMTU Discovery between a sender and a
receiver
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
85
Summary (cont’d.)
• Route and routing error information from ICMP
– Derives from numerous types of ICMP messages
• ICMP
– Supports route optimization through its ICMP
Redirect message type
– Security issues are important
– Message structures and functions can vary
• ICMPv4 and ICMPv6 Echo messages have a very
similar format
© 2013 Course Technology/Cengage Learning. All Rights Reserved.
86