1 / 25

Wireshark Lab: ICMP

Wireshark Lab: ICMP. Computer Networking: A Topdown Approach, 4th edition. Wireshark Lab: ICMP. In this lab, we’ll explore several aspects of the ICMP protocol ICMP messages generating by the Ping program; ICMP messages generated by the Traceroute(tracert) program

idona-preston
Download Presentation

Wireshark Lab: ICMP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Wireshark Lab: ICMP Computer Networking: A Topdown Approach, 4th edition.

  2. Wireshark Lab: ICMP • In this lab, we’ll explore several aspects of the ICMP protocol • ICMP messages generating by the Ping program; • ICMP messages generated by the Traceroute(tracert) program • The format and contents of an ICMP message.

  3. ICMP Internet Control Message Protocol • 偵測遠端主機是否存在 • 建立及維護路由資料 • 重導資料傳送路徑 • 資料流量控制。

  4. ICMP封包

  5. ICMP封包的欄位

  6. Type & Code 定義 ICMP 封包的類型 (功能)。

  7. Code 每種類型可再根據 Code 欄位來定義各種不同用途。 大部份 ICMP 封包類型 (Type) 只定義一種 Code 欄位值。 Checksum(錯誤檢查碼): 長度為 2 Bytes,記錄 ICMP 封包的錯誤檢查碼。

  8. 常見的 ICMP 類型 Echo Request / Echo Reply Destination Unreachable Source Quench Redirect Time Exceeded

  9. Echo Request / Echo Reply 1. A 主動發出回應要求封包給 B。 2. B 收到回應要求後,被動發出回應答覆給 A。 request reply

  10. Destination Unreachable IP 路由過程中,若出現以下問題,路由器或目的裝置 便發出此類封包通知來源端: 1. 路由器無法將 IP 封包傳送出去。 2.目的裝置無法處理收到的 IP 封包。

  11. Source Quench 當路由器因為來往的 IP 封包太多,以致來不及處理時,便會發出此類的 ICMP 封包給來源端裝置。

  12. Redirect 1. A → B 的最佳路徑是 R1 路由器。 2.若 A 誤將封包送至 R2,則 R2 會發出 Redirect 的 ICMP 封包給 A,使其重送。

  13. Time Exceeded 路由器收到 TTL 值為 1 的 IP 封包時,會將此 IP 封包丟棄,並送出此類 ICMP 封包給來源裝置。 重組封包的過程中,若時間內未收到全部的 IP Fragment,目的裝置也會發出此類 的 ICMP 封包給來源裝置。

  14. ICMP工具程式 PING TRACERT

  15. 關於 PING Figure 1 Command Prompt window after entering Ping command

  16. 相關參數 • Options: -t Ping the specifed host until interrupted. -a Resolve addresses to hostnames.-n count Number of echo requests to send.-l size Send buffer size.-f Set Don‘t Fragment flag in packet.-i TTL Time To Live. • Localhost(127.0.0.1)

  17. In Wireshark

  18. In wireshark • Sender : echo-request( type 8 ) • Receiver : echo-reply( type 0 )

  19. 一、Linux、Solaris....這些 Linux/Unix 的機器,它們的 TTL 值大約都在 240~254 之間 二、Windows系列的機器,它們的 TTL 值大約都在 110~128 之間。 不同作業系統對於 TOS位元所設定的 IP TTL 欄位值,都不一樣,我們可以用它來作為作業系統的判斷。

  20. TRACERT Option: -d Do not resolve addresses to hostnames. -h maximum Maximum number of hops to search for target. -j host-list Loose source route along host-list. -w timeout Wait timeout milliseconds for each reply.

  21. How to traceroute What’s the “TTL”? Step1 TTL=1 Step 2 TTL=2 Step 3 TTL=3

  22. TRACERT 2

  23. following questions: • 1. What is the IP address of your host? What is the IP address of the destination host? • 2. Why is it that an ICMP packet does not have source and destination port numbers? • 3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields? • 4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

  24. 習題﹕ • 請問為何要有 ICMP ?其功能是甚麼? • 請列舉常見的 ICMP TYPE 有哪些。 • 請列舉 Distination Unreachable 的 ICMP CODE 有哪些。 • 請描述 ping 是如何運用 ICMP 機制的。 • 請描述 traceroute 是如何運用 ICMP 機制的。 • 請繪制其中一種 ICMP 的封包結構。 • 請說明 ICMP 與 IP 的關係。

More Related