1 / 49

Guide to TCP/IP, Third Edition

Guide to TCP/IP, Third Edition. Chapter 4: Internet Control Message Protocol. Objectives. Understand the Internet Control Message Protocol Test and troubleshoot sequences for Internet Control Message Protocol Work with Internet Control Message Protocol packet fields and functions.

monreal
Download Presentation

Guide to TCP/IP, Third Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Guide to TCP/IP, Third Edition Chapter 4: Internet Control Message Protocol

  2. Objectives • Understand the Internet Control Message Protocol • Test and troubleshoot sequences for Internet Control Message Protocol • Work with Internet Control Message Protocol packet fields and functions Internet Control Message Protocol

  3. Understanding The Internet Control Message Protocol • ICMP • Provides information about network connectivity and routing behavior • Provides a way to return information to senders • Messages are nothing more than specially formatted IP datagrams Internet Control Message Protocol

  4. Overview of RFC 792 • RFC 792 • Provides basic specification for all ICMP messages • According to RFC 792, ICMP • Provides mechanism for gateways (routers) or destination hosts to communicate with source hosts • Takes the form of specially formatted IP datagrams • Required in some implementations of TCP/IP • Reports errors about processing of non-ICMP IP datagrams Internet Control Message Protocol

  5. ICMP’s Vital Role on IP Networks • ICMP’s job is to provide information about • IP routing behavior • Reachability • Routes between specific pairs of IP hosts • Delivery errors Internet Control Message Protocol

  6. Internet Control Message Protocol

  7. Internet Control Message Protocol

  8. Testing And Troubleshooting Sequences For ICMP: Connectivity Testing with Ping • PING and TRACEROUTE • Rely on ICMP to perform connectivity testsand path discovery • PING • Actually a form of ICMP Echo communication • ICMP Echo Request • Connectionless process with no guarantee of delivery Internet Control Message Protocol

  9. Internet Control Message Protocol

  10. Connectivity Testing with PING (continued) • Most PING utilities • Send series of several Echo Requests to the target in order to obtain average response time • PING utility • Sends series of four ICMP Echo Requests with a one-second ICMP Echo Reply Timeout value • Supports IP addresses and names • Uses traditional name resolution processes Internet Control Message Protocol

  11. Internet Control Message Protocol

  12. Connectivity Testing with PING (cont’d) • Parameters available with the PING utility • -l size • -f • -i TTL • -v TOS, • -w timeout Internet Control Message Protocol

  13. Path Discovery with TRACEROUTE • TRACEROUTE utility • Uses route tracingto identify a pathfrom sender to target host • Available parameters • -d • -h • -w Internet Control Message Protocol

  14. Internet Control Message Protocol

  15. Path Discovery with PATHPING • PATHPINGutility • Command-line utility • Uses ICMP Echo packets to test router and link latency, as well as packet loss • PMTU Discovery • Enables source to learn the currently supported MTU across an entire path Internet Control Message Protocol

  16. Path MTU Discovery with ICMP • PMTU process • Host A sends a 4,096-byte packet to Host B • Router 1 discards packet and sends Host A a “Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet • Host A re-sends packet using maximum MTU size of 1,500 • Router 1 strips off token ring header and applies Ethernet header before forwarding packet Internet Control Message Protocol

  17. Internet Control Message Protocol

  18. Internet Control Message Protocol

  19. Routing Sequences for ICMP • ICMP • Can provide some routing information to hosts • Used by routers to provide a default gateway setting to a host • Routers • Can send ICMP messages Internet Control Message Protocol

  20. Router Discovery • IP hosts • Typically learn about routes through manual configuration of • Default gateway parameter and redirection messages • Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements • By default • ICMP Router Solicitation packet is sent to the all-routers IP multicast address 224.0.0.2 Internet Control Message Protocol

  21. Internet Control Message Protocol

  22. Router Advertising • ICMP Router Advertisements • Allow hosts to passively learn about available routes • Default Lifetime value for route entries • 30 minutes • Default advertising rate • Between seven and ten minutes Internet Control Message Protocol

  23. Internet Control Message Protocol

  24. Security Issues For ICMP • ICMP • Can be used as an information-gathering tool • IP address scanning process • One method of obtaining a list of the active hosts • IP host probe • Performed by sending a PING packet to each host within a range and noting the responses Internet Control Message Protocol

  25. ICMP Redirect Attack • ICMP • Used to manipulate traffic flow between hosts • Attacker can • Redirect traffic to his machine and perform any number of man-in-the-middle style attacks Internet Control Message Protocol

  26. ICMP Router Discovery • Susceptible to attack on the local network segment • During discovery process • Router solicitation message finds its way to attacker’s machine • Timing is critical Internet Control Message Protocol

  27. Inverse Mapping • One method of determining live targets on a network • Firewalking • Describes the concept of walking a firewall ACL or ruleset to determine what it filters and how • A two-phase attack method Internet Control Message Protocol

  28. ICMP Packet Fields and Functions • Value 1 in IP header Protocol field • Denotes that an ICMP header follows the IP header • ICMP header portions • Constant portion • Variable portion Internet Control Message Protocol

  29. Internet Control Message Protocol

  30. Constant ICMP Fields • ICMP packets contain three required fields after the IP header • Type • Code • Checksum Internet Control Message Protocol

  31. The Variable ICMP Structures and Functions • ICMP Type 0 • Used for Echo Reply packets • ICMP Type 8 • Used for Echo Request packets • RFC 792 • Identifier and Sequence fields are used to aid in matching Echo messages with Echo Replies Internet Control Message Protocol

  32. Internet Control Message Protocol

  33. Internet Control Message Protocol

  34. Type 3: Destination Unreachable Packets • Network troubleshooters • Often closely track ICMP Destination Unreachable packets • Host that sends Destination Unreachable packet • Must return IP header and eight bytes of original datagram that triggered this response • Total of 16 (0 through 15) possible codes • Currently assigned to ICMP Destination Unreachable type number Internet Control Message Protocol

  35. Internet Control Message Protocol

  36. Internet Control Message Protocol

  37. Type 4: Source Quench • Router or host • May use Source Quench to indicate that it is becoming congested or overloaded • By default • Most current routers do not issue Source Quench messages Internet Control Message Protocol

  38. Internet Control Message Protocol

  39. Type 5: Redirect • Routers • Send ICMP Redirect messages to hosts to indicate that a preferable route exists • ICMP Redirect packet • Four-byte field for the preferred gateway’s address • Ideally • Clients should update routing tables to indicate optimal path Internet Control Message Protocol

  40. Types 9 and 10: Router Advertisement and Router Solicitation • ICMP Router Advertisement packets include the following fields • # of Addresses • Address Size • Lifetime • Router Address 1 • Precedence Level 1 • Router Address 2 and Precedence Level 2 Internet Control Message Protocol

  41. Type 11: Time Exceeded • Routers or hosts • Can send these ICMP packets • Codes that can be used • Code 0 and Code 1 Internet Control Message Protocol

  42. Type 12: Parameter Problem • Errors indicate problems not covered by other ICMP error messages • Codes used in ICMP Parameter Problem messages • Code 0: Pointer Indicates the Error • Code 1: Missing a Required Option • Code 2: Bad Length Internet Control Message Protocol

  43. Types 13 and 14: Timestamp and Timestamp Reply • Defined as a method for one IP host to obtain the current time • Value returned • The number in milliseconds since midnight, Universal Time (UT) • ICMP Timestamp and Timestamp Reply packets • Use the same structure Internet Control Message Protocol

  44. Types 15 and 16: Information Requestand Information Reply • Provides a way for a host to find out what network it is on • ICMP Information Request and Information Reply packets • Use the same structure Internet Control Message Protocol

  45. Types 17 and 18: Address Mask Request and Address Mask Reply • Intended to provide diskless hosts with a method to determine their network mask information • ICMP Address Mask Request and Address Mask Reply packets • Use the same structure Internet Control Message Protocol

  46. Type 30: TRACEROUTE • Documented in RFC 1393 but not currently in use • Requires some added functionality in the IP routers it traverses • Adding functionality to routers • Costly and requires numerous resources to build, implement, and test new code Internet Control Message Protocol

  47. Internet Control Message Protocol

  48. Summary • ICMP • Provides vital feedback about IP routing and delivery problems • Really part of IP itself • Support is required in any standards-compliant IP implementation • Used by PING and TRACEROUTE to measure round-trip times • Supports PMTU Discovery between a sender and a receiver Internet Control Message Protocol

  49. Summary (continued) • Route and routing error information from ICMP • Derives from numerous types of ICMP messages • ICMP • Supports route optimization through its ICMP Redirect message type • Security issues are important • Message structures and functions can vary Internet Control Message Protocol

More Related