600 likes | 768 Views
Computer Networking Experiment ICMP 封包協定分析. 第 11 組 張鶴齡 資訊三 b91902011 吳柏良 資訊三 b91902029 黃柏鈞 資訊三 b91902048 洪培堯 資訊三 b91902056. ICMP Internet Control Message Protocol. Gateway : Network connecting devices Gateway or destination host will communicate with a source host.
E N D
Computer Networking ExperimentICMP封包協定分析 第11組 張鶴齡 資訊三 b91902011 吳柏良 資訊三 b91902029黃柏鈞 資訊三 b91902048洪培堯 資訊三 b91902056
ICMPInternet Control Message Protocol • Gateway : Network connecting devices • Gateway or destination host will communicate with a source host. • ICMP, uses the basic support of IP as if it were a higher level protocol.
ICMPSituations to send ICMP message • Datagram cannot reach its destination • Gateway does not have the buffering capacity to forward a datagram • Gateway can direct the host to send traffic on a shorter route.
ICMPPurpose • IP is not reliable. • Provide feedback aboutproblems in the communication environment, not to make IP reliable.
ICMPCharacteristic • Report errors in the processing of datagrams. • No ICMP messages are sent about ICMP messages. • Only sent about errors in handling fragment zero of fragemented datagrams. (Fragment zero has the fragment offeset equal zero).
ICMPFormat • Using basic IP header. • Version : 4 • IHL : internet header length in 32-bit words. • Type of Service : 0 (Routine, Delay, Throughput, Reliability) • Total Length : in bytes. • Identification, Flags, Fragment Offset • Time to Live : in second (at least as great as number of gateway) • Protocol : ICMP = 1 • Header Checksum : 16-bit one’s complement • Source Address : host that composes the ICMP • Destination : where ICMP should be sent • Option
ICMP: Destination Unreachable MessageFormat • Type 3 • Code • 0 = net unreachable; • 1 = host unreachable; • 2 = protocol unreachable; • 3 = port unreachable; • 4 = fragmentation needed and DF set; • 5 = source route failed.
ICMP: Destination Unreachable MessageFormat • Checksum • Internet Header(24 bytes) + 64 bits (8 bytes )of Data Datagram • match the message to the appropriate process. • Source Port may be (assume to be) included. (for TCP: Source port, Dest. port, sequence number, acknowledgement, for UDP: Source port, Dest. Port, length, Checksum)
ICMP: Destination Unreachable MessageWhen to send? • 0 Network Unreachable • forwarding path (route) to the destination network is not available. • 1 Host Unreachable • forwarding path (route) to the destination host on a directly connected network is not available . • 2 Protocol Unreachable • transport protocol is not supported in the transport layer of the final destination;
ICMP: Destination Unreachable MessageWhen to send? • 3 Port Unreachable • unable to demultiplex the datagram in the transport layer of the final destination but has no protocol mechanism to inform the sender; • 4 Fragmentation Needed and DF Set generate • router needs to fragment a datagram but cannot since the DF flag is set; • 5 Source Route Failed • router cannot forward a packet to the next hop(二個節點之間的傳輸路程 ) in a source route option;
ICMP: Destination Unreachable MessageWhen to send? • 6 Destination Network Unknown • (net unreachable code 0 SHOULD be used in place of code 6); • 7 Destination Host Unknown • router can determine (from link layer advice) that the destination host does not exist; • 11 Network Unreachable For Type Of Service • forwarding path (route) to the destination network with the requested or default TOS is not available;
ICMP: Destination Unreachable MessageWhen to send? • 12 Host Unreachable For Type Of Service • the destination do not match either the TOS requested in the datagram or the default TOS (0). • 13 Communication Administratively Prohibited • router cannot forward a packet due to administrative filtering;
ICMP : Time Exceeded MessageFormat • Type 11 • Code • 0 = time to live exceeded in transit; • 1 = fragment reassembly time exceeded. • Checksum • Internet Header + 64 bits of Data Datagram
ICMP : Time Exceeded MessageWhen to send? • 0 time to live exceeded in transit • Time to live field is zero, discard the datagram ( by gateway). • 1 fragment reassembly time exceeded • host cannot complete the reassembly due to missing fragments within its time limit it discards the datagram. • If fragment zero is not available then no time exceeded need be sent at all.
ICMP : Parameter Problem MessageFormat • Type 12 • Code • 0 = pointer indicates the error. • Checksum • Pointer • If code = 0, identifies the octet where an error was detected. • Internet Header + 64 bits of Data Datagram
ICMP : Parameter Problem MessageWhen to send? • Cannot complete processing the datagram due to problem with the header parameters, it must discard the datagram. • Only sent if the error caused the datagram to be discarded. • Pointer • Identifies the octet of the original datagram’s header where the error was detected • For example, 1 indicates something is wrong with the Type of Service( the second byte in IP header).
ICMP : Source Quench MessageFormat • Type 4 • Code • 0 • Checksum • Internet Header + 64 bits of Data Datagram
ICMP : Source Quench MessageWhen to send? • Gateway • Discard internet datagrams if it does not have the buffer space needed to queue the datagrams for output to the next network on the route. • Destination host • Datagrams arrive too fast to be processed. • Gateway and Destination Host • When it approaches its capacity limit rather than waiting until the capacity is exceeded. This means that the data datagram which triggered the source quench message may be delivered.
ICMP : Source Quench MessageSource Host Response? • Cut back the rate until it no longer receives source quench messages . • The source host can then gradually increase the rate until it again receives source quench messages. • Like flow-control and congestion-control in TCP, except that the message can also be sent by gateway.
ICMP : Redirect MessageFormat • Type 5 • Code • 0 = Redirect for the Network. • 1 = Redirect for the Host. • 2 = Redirect for the Type of Service and Network. • 3 = Redirect for the Type of Service and Host. • Checksum • Gateway Internet Address • Address of the gateway to which traffic for the network specified in the internet destination network field of the original datagram’s data should be sent. • Internet Header + 64 bits of Data Datagram
ICMP : Redirect MessageWhen to send? • A gateway, G1 checks its routing table and obtains the address of the next gateway, G2 such thatG2 and the host identified by the internet source address of the datagram are on the same network. • The redirect message advises the host to send its traffic directly to gateway G2 as this is a shorter path to the destination. • The gateway forwards the original datagram’s data to its internet destination.
ICMP : Redirect MessageWhen to send? • For datagrams with the IP source route options and the gateway address in the destination address field, a redirect message is not sent even if there is a better route.
ICMP : Echo or Echo Reply MessageFormat • IP Fields: switch source and destination address • ICMP Fields: • Type • 8 for echo message • 0 for echo reply message • Code • 0 • Checksum • Identifier • Aid in matching echos and replies, may be zero. • Sequence Number • Aid in matching echos and replies, may be zero.
ICMP : Echo or Echo Reply Message Something need to know? • The data received in the echo message must be returned in the echo reply message. • Identifier might be used like a port in TCP or UDP to identify a session. • Sequence number might be incremented on each echo request sent. The echoer returns these same values in the echo reply.
ICMP : Timestamp or Timestamp Reply MessageFormat • IP Fields: switch source and destination address • ICMP Fields: • Type • 13 for timestamp message • 14 for timestamp reply message • Code • 0 • Checksum • Identifier • Sequence Number
ICMP : Timestamp or Timestamp Reply MessageSomething need to know? • Originate Timestamp • sender last touched the message before sending it. • Receive Timestamp • echoer first touched it on receipt. • Transmit Timestamp • echoer last touched the message on sending it.
ICMP : Timestamp or Timestamp Reply MessageSomething need to know? • The timestamp is 32 bits of milliseconds since midnight UT ( UT(0)==GMT,UT(1),UT(2)) . • If the time is not available in miliseconds or cannot be provided with respect to midnight UT then any time can be inserted in a timestamp provided the high order bit of the timestamp is also set to indicate this non-standard value.
ICMP : Information Request or Information Reply Message Format • IP Fields: switch source and destination address • ICMP Fields: • Type • 15 for information request message • 16 for information reply message • Code • 0 • Checksum • Identifier • Sequence Number
ICMP : Information Request or Information Reply Message When to send? • This message may be sent with the source network in the IP header source and destination address fields zero (which means "this“ network). • The replying IP module should send the reply with the addresses fully specified. This message is a way for a host to find out the number of the network it is on. • (Before RARP, the message is used to get network information when boot)
ICMPSummary of Mentioned Message Types • 0 Echo Reply • 3 Destination Unreachable • 4 Source Quench • 5 Redirect • 8 Echo • 11 Time Exceeded • 12 Parameter Problem • 13 Timestamp • 14 Timestamp Reply • 15 Information Request • 16 Information Reply
ICMPSummary of Message Types • 0 Echo Reply [RFC792] • 1 Unassigned [JBP] • 2 Unassigned [JBP] • 3 Destination Unreachable [RFC792] • 4 Source Quench [RFC792] • 5 Redirect [RFC792] • 6 Alternate Host Address [JBP] • 7 Unassigned [JBP] • 8 Echo [RFC792] • 9 Router Advertisement [RFC1256] • 10 Router Solicitation [RFC1256] • 11 Time Exceeded [RFC792] • 12 Parameter Problem [RFC792] • 13 Timestamp [RFC792] • 14 Timestamp Reply [RFC792] • 15 Information Request [RFC792] • 16 Information Reply [RFC792]
ICMPSummary of Message Types • 17 Address Mask Request [RFC950] • 18 Address Mask Reply [RFC950] • 19 Reserved (for Security) [Solo] • 20-29 Reserved (for Robustness Experiment) [ZSu] • 30 Traceroute [RFC1393] • 31 Datagram Conversion Error [RFC1475] • 32 Mobile Host Redirect [David Johnson] • 33 IPv6 Where-Are-You [Bill Simpson] • 34 IPv6 I-Am-Here [Bill Simpson] • 35 Mobile Registration Request [Bill Simpson] • 36 Mobile Registration Reply [Bill Simpson] • 37 Domain Name Request [RFC1788] • 38 Domain Name Reply [RFC1788] • 39 SKIP [Markson] • 40 Photuris [RFC2521] • 41 ICMP messages utilized by experimental [RFC-ietf-seamoby-iana-02.txt] mobility protocols such as Seamoby • 42-255 Reserved [JBP]
ICMPReference • RFC 792 : INTERNET CONTROL MESSAGE PROTOCOL • James F. Kurose and Keith W. Ross, "Computer Networks: A Top-Down Approach Featuring the Internet 3/e“, 2002. • http://www.freesoft.org/ • http://www.iana.org/ • http://www.ipv6.org.tw/ • http://www.google.com.tw/
ICMP應用-Ping ping process 140.112.91.84 140.112.91.86 ICMP_ECHO current time Type:8 Code:0
ICMP應用-Ping kernel 140.112.91.84 140.112.91.86 ICMP_ECHOREPLY Type:0 Code:0
Smurf Attack • The kernel automatically send ICMP_ECHOREPLY when receiving ICMP_ECHO • Broadcast
Smurf Attack Broadcast the subnet with ICMP_ECHO BUT source IP = 140.112.91.84 MANY ICMP_ECHOREPLYs 140.112.91.84
Demo Smurf Attack Broadcast the subnet “140.112.91.255” with ICMP_ECHO twice source IP = 140.112.91.84 140.112.91.86 MANY ICMP_ECHOREPLYs 140.112.91.84
Smurf Attack • How to prevent ? • Turn off broadcast ICMP_ECHOREREPLY • Filter the packet
Visual TraceRoute A tool for web administration in the new generation
TraceRoute –Where Everything Starts from Long long ago, there is a ping and a traceroute…
What Does TraceRoute Do? Trace the paths ( i.e. , routes ) from local host to a destination host or server. Can be used to evaluate and debug web routing algorithms.