1 / 22

Internet Command Message Protocol (ICMP)

Internet Command Message Protocol (ICMP). CS-431 Dick Steflik. ICMP. Internet Command Message Protocol (ICMP) RFC 792 Used to communicate IP status and error messages between host and routers. ICMP. Used to communicate IP status and error messages between hosts and routers

Download Presentation

Internet Command Message Protocol (ICMP)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Internet Command Message Protocol(ICMP) CS-431 Dick Steflik

  2. ICMP • Internet Command Message Protocol (ICMP) • RFC 792 • Used to communicate IP status and error messages between host and routers

  3. ICMP • Used to communicate IP status and error messages between hosts and routers • Uses IP to route its messages between hosts • Must be implemented with IP • remember, IP is just a packet delivery system • transmits and routes datagrams from sources to destinations through a series of interconnected networks • it has a checksum in the IP header to detect lost bits • no error detection on the datagram payload though • but has no native mechanism for source host notification • This is where ICMP comes in • its used to report IP errors to the source host • ICMP data is carried as the payload of an IP datagram • specifies additional message formats within this area

  4. Basic ICMP Header • Headers are 32 bits in length; all contain same three fields • type - 8 bit message type code • thirteen message type are defined • code - 8 bit; indicating why message is being sent • checksum - standard internet checksum • 16 bit 1’s complement sum of the payload and header • for purpose of calculation the checksum field is set to zero

  5. ICMP Message types • 0 - Echo Reply • 3 - Destination Unreachable • 4 - Source Quench • 5 - Redirect • 8 - Echo • 11 - Time Exceeded • 12 - Parameter Problem • 13 - Timestamp • 14 - Timestamp Reply • 15 - Information Request • 16 - Information Reply • 17 - Address Mask Request • 18 - Address Mask Reply

  6. Destination Unreachable (3) • ICMP header (4 bytes) + unused 32 bits (4 bytes) + IP header (24 bytes) + first 64 bits of data (8 bytes) = 40 bytes • Codes: • 0 - net unreachable ; 1 - host unreachable • 2 - protocol unreachable ; 3 - port unreachable • sent by destination host IP module • 4 - fragmentation needed DF set ; 5 source route failed • 6 - destination network unknown ; 7 destination host unknown • 8 - source host isolated ; 9 - comm. with destn network prohibited • 10 - comm. With dest host prohibited ; 11 - network unreachable for service • 12 - host unreachable for service • Sent to originating host because destination is unreachable • may be determined by a router • destination IP may find the indicated protocol unavailable • Don’t Fragment (DF) bit in the IP header is set but fragmentation is required to continue forwarding

  7. Source Quench (4) • Same message format as type 3 • Code : 0 • Sent to a host when an intermediate router or the destination host with the source host’s transmission rate • may be sent to a source when a router is saturated • may be sent by a receiving host if it receive buffers are filling up • Upon receipt the source host should throttle back on its transmission rate until the Source Quench goes away. • Can then increase its transmission rate

  8. Redirect (5) • Same format as type 3 • Code: • 0 - redirect datagrams for the network • 1 - redirect datagrams for the host • 2 - redirect datagrams for the type of service and the network • 3 - redirect datagrams for the type of service and host • a router sends a message to a host when it determines a datagram that originated from the host must be forwarded to router that can be directly reached • allows the host to sent future datagrams to the optimal first-hop router increasing network efficiency • not used for datagrams that have source routing options

  9. Echo (8)/Echo Reply (0) • ICMP header (4 bytes) + identifier (2 bytes) + sequence number (2 bytes) + data (4 bytes) • identifier - used to match Echoes and Echo Replies • sequence - used to match Echoes with Echo Replies • Used to determine if a host is reachable • a host receiving an echo message • reverses the IP source and destination addresses • sets the ICMP type field to zero (echo reply) • recomputes the ICMP checksum • identifier, sequence and data are sent back unchanged

  10. Time Exceeded (11) • Same format as type 3 • Code: • 0 - time to live exceeded in transit • 1 - fragment reassembly time exceeded • Time exceeded message is sent if: • a router finds a datagram with TTL set to zero • router discards the datagram and sends message with code field set to 0 • a host does not receive all of the fragments of a datagram before its local reassemble timer expires • host discards all fragments and return message with code field set to 1

  11. Parameter Problem (12) • ICMP Header (4 bytes) + pointer (1 byte) + unused (3 bytes) + IP header (24 bytes) + first 64 bits of data (8 bytes) • pointer - identifies octet where error occurred • Code: • 0 - misc parameter problem • 2 - required option missing • sent to a host when a router or host processing a datagram finds a problem with the information in the datagram. • Only sent if the datagram had to be discarded • pointer field is zero based • ex: 1 indicates problem with type of service; 20 indicates first option

  12. Timestamp(13)/Timstamp Reply(14) • ICMP Header (4 bytes) + identifier (2 bytes) + seq num (2 bytes) + Originate Timestamp (4 bytes) + Receive Timestamp (4 bytes) + Transmit Timestamp (4 bytes) • Timestamps are number of msec past midnight UTC • used to determine the latency between the sender and receiver • receiver forms a message by • reversing the originate and destination addr in the IP header • setting ICMP type code to 14 • updating the timestamp fields • recomput the ICMP checksum

  13. Info Request (15)/Info Reply(16) • Same as type 8, but no data • Code: 0 • used by a host to determine the network number the host resides on • receiver • reverses the source and destination addresses in the IP header • set the correct network number • set ICMP type to 16 • recompute the ICMP checksum • Obsolete; shouldn’t be used replaced by BOOTP and RARP

  14. Addr Mask Rqst (17)/Addr Mask Reply(18) • ICMP Header (4 bytes) + identifier (2 bytes) + seq.num. (2 bytes) + addr mask (4 bytes) • identifier - used to match requests with replies. • seq.num. - used to match requests with replies. • Hosts and routers can request the subnet address mask for the network they reside on at boot time. • Host or router broadcasts it on the local network • a receiving router should return it in a reply message • This message is defined in RFC 950

  15. ICMPv6 • New version of ICMP to go along with IPv6 • Absorbs many IGMP and ARP functions • Used for: • Reporting errors in IP packet processing • Performing diagnostics • performing Neighbor Discovery and reporting IPv6 multicast memberships • Two types of messages: • Error messages • Information messages

  16. Error Message Categories • Destination Unreachable • Packet too big • Time exceeded • Parameter problem

  17. Informational Messages • Diagnostic messages • Multicast group management messages • Neighbor discovery messages

  18. Every ICMPv6 message is preceeded by an IPv6 header and 0 or more IPv6 extension headers. • A next header field of 58 nidentifies the ICMPv6 message (different than IPv4)

  19. Message Format 0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | Type | Code | Checksum | |-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-| | | | Message Body | | | | +-------------------------------------------------------------+

  20. ICMP Tunneling • - ICMPTX • Establish a covert tunnel between two remote computers using ICMP Echo request and reply packets (Pings) • Can be used to bypass firewall rules through obfuscation of the actual network traffic. • This is hard to detect without deep packet inspection or log file analysis • Block all ICMP packets (unrealistic); only allow fixed sized packets through the firewall. • read : Tunneling IP traffic over ICMP (hackaday.com) • read: ICMPTX Howto ( thomer.com/icmptx) • read: wikipedia – tun/tap devices

  21. Smurf Attack • - Denial of Service • Flood a victim with ICMP packets by spoofing the victim's IP address and sending the packet to the network broadcast address, this causes all reciever's to respond by echoing back the packet to the source address (victim's spoofed IP) • Configure hosts to not respond to ICP requests or broadcasts; configure routers to not forward to broadcast addresses

More Related