Upload
kaustubh-ghaisas
View
250
Download
0
Embed Size (px)
Citation preview
8/12/2019 Working of ICMP
1/45
Internet Control Message Protocol
(ICMP),RFC 792Prof. Lin Weiguo
Copyleft 2009~2013, College of Computing, CUC
Oct. 2013
8/12/2019 Working of ICMP
2/45
Overview
Advanced Windows Network Programming
!The IP (Internet Protocol) relies on several otherprotocols to perform necessary control and routing
functions:
! Control functions (ICMP)! Multicast signaling (IGMP)! Setting up routing tables (RIP, OSPF, BGP, PIM, )
2 10/30/13
Control
Routing
ICMP IGMP
RIP OSPF BGP PIM
8/12/2019 Working of ICMP
3/45
Purpose of ICMP
Advanced Windows Network Programming
! The Internet Control Message Protocol (ICMP)is a helper protocol that supports IP with facility for! Error reporting! Simple queries
3 10/30/13
8/12/2019 Working of ICMP
4/45
Layering view
Advanced Windows Network Programming
! From a layering point of view, ICMP is aseparate protocol that sits above IP anduses IP to transport messages.
! In practice, ICMP is an integral part ofIP and all IP modules must support theICMP protocol.
! ICMP datagrams are encapsulatedwithin IP datagrams and processed by IPin the same way as TCP and UDP
datagrams;
4 10/30/13
IP
TransportTCP/UDP
ICMP
8/12/2019 Working of ICMP
5/45
Message Encapsulation
Advanced Windows Network Programming
!ICMP messages are encapsulated as IP datagrams:
5 10/30/13
IP header ICMP message
IP payload
Protocol field:ICMP:00000001
IGMP:00000010TCP: 00000110
UDP: 00010001
8/12/2019 Working of ICMP
6/45
ICMP message format
Advanced Windows Network Programming6 10/30/13
additional information
or
0x00000000
type code checksum
bit # 0 15 23 248 317 16
4 byte header:
Type (1 byte):type of ICMP message Code (1 byte):subtype of ICMP message Checksum (2 bytes):similar to IP header checksum. Checksum is calculated
over entire ICMP message
If there is no additional data, there are 4 bytes set to zero.
!each ICMP messages is at least 8 bytes long
8/12/2019 Working of ICMP
7/45
Types of ICMP Msges
Advanced Windows Network Programming
! Two general types of ICMP messages:! Information messages, where a sender sends a query to
another machine (either host or gateway) and expects an
answer. For example, a host might want to know if a gateway
is alive.! Error indication messages, where the IP software on a host
or gateway has encountered a problem processing an IP
datagram. For example, it may be unable to route a datagram
to its destination, or it may have had to drop a frame.
7 10/30/13
8/12/2019 Working of ICMP
8/45
ICMP messages type/code
Advanced Windows Network Programming8 10/30/13
Type Code description0 0 echo reply (ping)
3 0 dest network unreachable3 1 dest host unreachable
3 2 dest protocol unreachable3 3 dest port unreachable
3 6 dest network unknown3 7 dest host unknown4 0 source quench (congestion
control - not used)
8 0 echo request (ping)9 0 route advertisement
10 0 router discovery11 0 TTL expired
12 0 bad IP header
8/12/2019 Working of ICMP
9/45
ICMP Query message
Advanced Windows Network Programming
! ICMP query: Requestsent by host to a router or host Replysent back to querying host
9 10/30/13
Host
ICMP Request
Host or router
ICMP Reply
8/12/2019 Working of ICMP
10/45
Example of ICMP Queries
Advanced Windows Network Programming10 10/30/13
Type/Code Description8/0 Echo Request
0/0 Echo Reply
13/0 Timestamp Request
14/0 Timestamp Reply
10/0 Router Solicitation
9/0 Router Advertisement
The ping commanduses Echo Request/
Echo Reply
8/12/2019 Working of ICMP
11/45
Purpose of Req/Reply
Advanced Windows Network Programming
!The ICMP echo request and echo reply messages are usefulfor network debugging.
! If machine A sends an echo request message to machine B,machine B is required to respond with an ICMP echo reply.
! Most systems supply an application program that sends andreceives ICMP echo messages.
! In UNIX, the program ping allows a user to check whether amachine is reachable and functioning.
! Because ICMP messages are handled just like other IPdatagrams, ICMP echo messages test the reachability of any
host. Also, because ICMP is an integral part of IP, all hosts
and gateways must implement ICMP.
11 10/30/13
8/12/2019 Working of ICMP
12/45
12
!Format! pingip address (or ping for extended ping with CISCO IOS)! ping172.30.1.25
! Pings are handled directly by the kernel!
Each Ping is translated into an ICMP Echo Request! The Pinged host responds with an ICMP Echo Reply
Ping: Echo Request and Reply
Host
or
Router
ICMPECHOREQUEST
Host
or
router
ICMPE
CHORE
PLY
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
13/45
Ping Frame Format
! Uses ICMP message within an IP Packet, Protocol field = 1!
Both are layer 3 protocols. (ICMP is considered as a networklayer protocol.)
! Does not use TCP or UDP, but may be acted upon by thereceiver using TCP or UDP.
13
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message
(Layer 3)
Ether.
Tr.EthernetDestination
Address
(MAC)
Ethernet
Source
Address
(MAC)
Frame
Type
Source IP Add.
Dest. IP Add.
Protocol field:1
Type
8 or 0
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
Optional Data
type code checksum
bit # 0 15 23 248 317 16
ID Seq Num
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
14/45
ICMP Echo(Ping) Request Message
Advanced Windows Network Programming14 10/30/13
8/12/2019 Working of ICMP
15/45
ICMP Echo(Ping) Reply Message
Advanced Windows Network Programming15 10/30/13
8/12/2019 Working of ICMP
16/45
Ping Q&A
Advanced Windows Network Programming
Q: Are pings forwarded by routers?A: Yes! This is why you can ping devices all over the Internet.
Q: Do all devices forward or respond to pings?
A: No, this is up to the network administrator of the device.Devices, including routers, can be configured not to reply to
pings (ICMP echo requests). This is why you may not always
be able to ping a device. Also, routers can be configured not
to forward pings destined for other devices.
16 10/30/13
8/12/2019 Working of ICMP
17/45
Timestamp Messages!
ICMP timestamp messages are used to estimate thetransmission delays between machines and to
synchronize clocks:
! Including both the receive and transmit timestamp allowsthe sending host to determine the fraction of time spenttransmitting vs. processing the request.
! By averaging the measurements of several messages, thesender can estimate the offset between its local clock and
that on the remote machine.! Note: it is quite feasible to synchronize the clocks of all
machines on a LAN to within several milliseconds of each
other.
17 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
18/45
18
Example of a Query:ICMP Timestamp
! A system (host or router) asks anothersystem for the current time.
! Time is measured in milliseconds aftermidnight UTC (Universal Coordinated
Time) of the current day
! Sender sends a request, receiverresponds with reply
Type
(= 17 or 18)
Code
(=0)Checksum
32-bit sender timestamp
identifier sequence number
32-bit receive timestamp
32-bit transmit timestamp
Sender
Receiver
Timestamp
Request
Timestamp
Reply
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
19/45
8/12/2019 Working of ICMP
20/45
20
ICMP Error message
ICMP error messages include the complete IP header and the first 8 bytes ofthe payload (typically: UDP, TCP)
Unused (0x00000000)
IP header ICMP header IP header 8 bytes of payload
ICMP Message
from IP datagram that triggered the error
type code checksum
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
21/45
Frequent ICMP Error message
Type Code Description
3
015 Destination
unreachable
Notification that an IP datagram could not be
forwarded and was dropped. The code field
contains an explanation.5 03 Redirect
Informs about an alternative route for the
datagram and should result in a routing table
update. The code field explains the reason for
the route change.
11 0, 1 Time
exceeded
Sent when the TTL field has reached zero
(Code 0) or when there is a timeout for the
reassembly of segments (Code 1)
12 0, 1 Parameter
problem
Sent when the IP header is invalid (Code 0) or
when an IP header option is missing (Code 1)
21 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
22/45
Some subtypes of the Destination Unreachable
Code Description Reason for Sending
0 NetworkUnreachable
No routing table entry is available for the destination
network.
1 HostUnreachable
Destination host should be directly reachable, but
does not respond to ARP Requests.
2 ProtocolUnreachable
The protocol in the protocol field of the IP header isnot supported at the destination.
3 Port Unreachable The transport protocol at the destination host cannot
pass the datagram to an application.
4 Fragmentation
Neededand DF Bit Set
IP datagram must be fragmented, but the DF bit in
the IP header is set.
13 CommunicationAdministratively
Prohibited
Generated if a router cannot forward a packet due to
administrative filtering;
22 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
23/45
ICMP TTL Exceeded Message
Advanced Windows Network Programming23 10/30/13
8/12/2019 Working of ICMP
24/45
ICMP Dest Unreachable (Filtered)
Advanced Windows Network Programming24 10/30/13
8/12/2019 Working of ICMP
25/45
25
Example: ICMP Port Unreachable
!RFC 792:
! If, in the destination host, the IP module cannot deliver the datagrambecause the indicated protocol module or process port is not active,the destination host may send a destination unreachable message to thesource host.
!Scenario:
Client
Requestaserviceataport80
Server
No process
is waiting
at port 80
Type=3c
ode=3
Port
Unreachab
le
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
26/45
UDP Datagram on Linux
Advanced Windows Network Programming26 10/30/13
8/12/2019 Working of ICMP
27/45
ICMP Port Unreachable Error Message
Advanced Windows Network Programming27 10/30/13
8/12/2019 Working of ICMP
28/45
Traceroute
! Trace (traceroute, tracert, tracepath) is used to trace theprobablepath a packet takes between source and destination.
! Probable, because IP is a connectionless protocol, and differentpackets may take different paths between the same source anddestination networks, although this is not usually the case.
! Trace will show the path the packet takes to the destination,but the return path may be different.! This is more likely the case in the Internet, and less likely within your
own autonomous system.
! Uses ICMP message within an IP Packet (on Windows)! Uses UDP in the transport layer (on Unix/Linux/Cisco IOS).
28 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
29/45
Example(on Windows)
!HostA> TraceRT ip_address
HostA> TraceRT 192.168.10.2
29
10 0 0 0/8 172 16 0 0/16 192 168 10 0/24
1
1
1
2
2
2
Host A RTB RTC Host D
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
30/45
30
How it works - Fooling the routers & host!
! Traceroute uses ping (echo requests)! Traceroute sets the TTL (Time To Live) field in the IP Header, initially
to 1
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL1
Type8
Code0
Chksum
ID Seq.Num
Data FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.2
.2
Host A RTB RTC Host D.1
.2
DA = 192.168.10.2 TTL = 1
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
31/45
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
31
RTB - TTL:
!When a router receives an IP Packet, it decrements the TTL by 1.
! If the TTL is 0, it will not forward the IP Packet, and send back to thesource an ICMP time exceeded message.
! using its IP header and first 8 bytes of ICMP header as Data! ICMP Message: Type = 11, Code = 0
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data Link
Destination
Address
Data Link
Source
Address
!. Source IPAdd.10.0.0.2
Dest. IP Add.10.0.0.1
Protocol field1
Type11
Code0
Chk
sum
0 0 Data FCS
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
32/45
TraceRT output -1
HostA, Sending Host
! The traceroute program of the sending host (Host A) will usethe source IP address of this ICMP Time Exceeded packet todisplay at the first hop.
HostA> tracert 192.168.10.2Type escape sequence to abort.
Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
32 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
33/45
33
HostA! The traceroute program increments the TTL by 1(now 2 ) and
resends the ICMP Echo Request packet.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
!!
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
34/45
34
RTB! This time RTB decrements the TTL by 1 and it is NOT 0. (It is 1.)! So it looks up the destination ip address in its routing table and forwards
it on to the next router.
RTC
! RTC however decrements the TTL by 1 and it is 0.! RTC notices the TTL is 0 and sends back the I MP Time Exceededmessageback to the source.! RTCs IP header includes its own IP address (source IP) and the
sending hosts IP address (destination IP address of RTA).
! The sending host, RTA, will use the source IP address of this I MPTime Exceededmessage to display at the second hop.
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2ICMP Time Exceeded SA = 172.16.0.2
Advanced Windows Network Programming 10/30/13
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
8/12/2019 Working of ICMP
35/45
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2ICMP Time Exceeded SA = 172.16.0.2
35
.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2
Protocol field1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2
Protocol field1TTL1
Type8
Code0
Chksum
ID Seq.Num
Data FCS
HostA to RTB
RTB to RTC
Advanced Windows Network Programming 10/30/13
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data Link
Destination
Address
Data Link
Source
Address
!. Source IPAdd.172.16.0.2
Dest. IP Add.10.0.0.1
Protocol field
1
Type11
Code0
Chk
sum
0 0 Data FCS
8/12/2019 Working of ICMP
36/45
TraceRT output -2
The sending host, Host A:
! The traceroute program uses this information (Source IPAddress) and displays the second hop.
HostA> tracert 192.168.10.2
Type escape sequence to abort.Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
2 172.16.0.2 20 msec 16 msec 16 msec
36 Advanced Windows Network Programming 10/30/13
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
8/12/2019 Working of ICMP
37/45
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2ICMP Time Exceeded SA = 172.16.0.2
DA = 192.168.10.2 TTL = 3
37
The sending host, HostA:! The traceroute program increments the TTL by 1 (now 3 ) and
resends the Packet.
Data Link Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message - Echo Request (trace) DataLink
Tr.Data LinkDestinationAddress
Data LinkSourceAddress
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL3
Type8
Code0
Chksum
ID Seq.Num
Data FCS
Advanced Windows Network Programming 10/30/13
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24Host A
8/12/2019 Working of ICMP
38/45
.1
.1
.1
.2
.2
.2
RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2ICMP Time Exceeded SA = 172.16.0.2
DA = 192.168.10.2 TTL = 3
10/30/13Advanced Windows Network Programming
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1
TTL1
Type8
Code0
Chksum
ID Seq.Num
Data FCS
38
.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field
1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!! Source IPAdd.
10.0.0.1Dest. IP Add.192.168.10.2Protocol field
1TTL3
Type8
Code0
Chksum
ID Seq.Num
Data FCS
HostA to RTB
RTB to RTC
RTC to HostD
8/12/2019 Working of ICMP
39/45
HostD !HostA
Advanced Windows Network Programming39 10/30/13
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.1
.2
.2
.2
Host A RTB RTC Host D
DA = 192.168.10.2 TTL = 1ICMP Time Exceeded SA = 10.0.0.2
DA = 192.168.10.2 TTL = 2ICMP Time Exceeded SA = 172.16.0.2
ICMP Echo Request DA = 192.168.10.2 TTL = 3
ICMP Echo Reply SA = 192.168.10.2
Data Link Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message Echo Reply DataLink
Tr.Data LinkDestinationAddress
Data LinkSourceAddress
!. Source IPAdd.192.168.10.2Dest. IP Add.10.0.0.1Protocol field1
Type0
Code0
Chksum
ID Seq.Num
Data FCS
8/12/2019 Working of ICMP
40/45
Tracing to HostDRTB
! This time RTB decrements the TTL by 1 and it is NOT 0. (It is 2.)! So it looks up the destination ip address in its routing table and forwards it on
to the next router.
RTC
! This time RTC decrements the TTL by 1 and it is NOT 0. (It is 1.)! So it looks up the destination ip address in its routing table and forwards it on
to the next router.
HostD
! HostD however decrements the TTL by 1 and it is 0.! However, HostD notices that the Destination IP Address of 192.168.0.2 is its
own interface.
! Since it does not need to forward the packet, the TTL of 0 has no affect.! HostD sends the ICMP Echo Reply message to HostA.
40 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
41/45
TraceRT output -3Sending host, HostA
! HostA receives the ICMP Echo Reply message.! The traceroute program uses this information (Source IP Address) and
displays the third hop.
! The traceroute program also recognizes this ICMP Echo Replyasmeaning this is the destination it was tracing ( it knows this is the final hopand does not send any more echo requests).
! HostA, the sending host, now displays the third hop.HostA> tracert 192.168.10.2
Type escape sequence to abort.
Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
2 172.16.0.2 20 msec 16 msec 16 msec
3 192.168.10.2 16 msec 16 msec 16 msec
41 Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
42/45
UDP tracing on Linux/Cisco IOS
42
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1
.1
.1
.2
.2
.2
DA = 192.168.10.2 TTL = 1
DA = 192.168.10.2 TTL = 2
UDP Port=35000DA = 192.168.10.2 TTL = 3
ICMP Time Exceeded SA = 10.0.0.2
ICMP Time Exceeded SA = 172.16.0.2
ICMP Port Unreachable SA = 192.168.10.2
RTA RTB RTC RTD
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
43/45
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message Port Unreachable DataLinkTr.
Data Link
Destination
Address
Data Link
Source
Address
!. Source IPAdd.192.168.10.2
Dest. IP Add.10.0.0.1
Protocol field1
Type3
Code3
Chk
sum
0 0 Data FCS
ICMP Port Unreachable on RTD
RTD
! RTD sends the packet to the UDP process.! UDP examines the unrecognizable port number of 35,000 and sends back
an ICMP Port Unreachable messageto the sender, RTA, using Type 3and Code 3.
43
Data Link Header(Layer 2)
IP Header(Layer 3)
UDP(Layer 4)
DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
!!
Source IPAdd.10.0.0.1
Dest. IP Add.192.168.10.2
Protocol field0x11
TTL1
DestPort35,000
FCS
Advanced Windows Network Programming 10/30/13
8/12/2019 Working of ICMP
44/45
TraceRoute
Advanced Windows Network Programming44 10/30/13
8/12/2019 Working of ICMP
45/45
References
! RFC 792 - Internet Control Message Protocol! RFC1393 - Traceroute Using an IP Option! Internet Control Message Protocol (ICMP) Parameters:
http://www.iana.org/assignments/icmp-parameters/icmp-parameters.xml
! RFC1574 - Essential Tools for the OSI Internet! http://en.wikipedia.org/wiki/Traceroute! http://www.cs.virginia.edu/~itlab/book/! CISCO: Understanding the Ping and Traceroute Commands:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6057.shtml