Transcript ICMP IGMP %28ITA3564%29

Network Administration
Module 5
ICMP and IGMP
1
TCP/IP Protocol Structure
SMTP
FTP
Telnet
UDP
ICMP
IGMP
...
DNS
HTTP
Transport
Layer
TCP
ICMP
IP
DATA LINK
Application
Layer
ARP
RARP
Internet
Layer
Link Layer
PHYSICAL
2
ICMP (Reference RFC 792)





Internet Control Message Protocol (ICMP) is one of the core
protocols of the Internet Protocol Suite
ICMP is a protocol used for exchanging error or control
messages between routers or hosts
ICMP uses IP to deliver messages to the original source
ICMP messages are usually generated and processed by the IP
software, not the user process (i.e. it is not processed by
software application)
ICMP can only report error, congestion, or other network
condition. It does nothing to enhance IP’s best effort delivery
approach.
Note:
ICMP messages themselves are nothing more than specially formatted IP datagram, subject 3
to
the same conditions as other IP packets in the general network traffic.
Encapsulation of ICMP packet
ICMP
message
IP
header
Frame
header
IP
data
Frame data
Trailer
(if any)
4
ICMP Messages
ICMP message
Error-reporting
Query
5
General format of ICMP messages
8 bits
8 bits
Type
Code
8 bits
8 bits
Checksum
Rest of the header
Data Section
6
Type of ICMP Messages
ICMP Message Type
Use or Significance
ICMP Echo / Echo Reply
Supports functionality for reachability utilities like PING and
TRACEROUTE; essential when installing, configuring and
troubleshooting IP networks
ICMP Destination
Unreachable
Documents when routing or delivery errors prevents IP
datagrams from reaching their destinations; code values are
extremely important.
ICMP Source Quench
Permits a receiving host or intermediate gateway to instruct a
sending host to adjust (lower) its sending rate to ease
congestion problem
ICMP Redirect
Permits a gateway (router) on a non-optimal route between
sender and receiver to redirect traffic to a more optimal path
7
Type of ICMP Messages
ICMP Message Type
Use or Significance
ICMP router Discovery
Permits hosts to request information about local routers, and routers
to advertise their existence on an IP network
ICMP Time Exceeded
Indicates that an IP datagram’s TTL or a fragmented IP datagram’s
reassembly timer, has expired; can indicate either a too-short TTL,
or the presence of a router loop on a network (which must be
removed)
ICMP Parameter Problem
Indicates some error occurred while processing the IP header of an
incoming datagram, causing that datagram to be discarded; catchall
for ambiguous or miscellaneous errors, it indicates further
investigation is required
8
ICMP Functions

ICMP provides a way to return information to sender, in the
form of specific kind of ICMP messages, about route traveled
(including reachability information) as packet get forwarded
and a positive way to return error information to a sender
when routing or reachability problem prevent delivery of an
IP datagram.
9
Time-To-Live (TTL)



Time-to-live (TTL) field of the IP Header is defined to be a
timer limiting the lifetime of a datagram.
It is an 8-bit field and the units are seconds. Each router that
handles a packet MUST decrement the TTL by at least one,
even if the elapsed time was much less than a second.
Since this is very often the case (decrement for a second) the
TTL is effectively a hop count limit on how far a datagram
can propagate through the Internet.
10
ICMP Utilties


ICMP’s most common uses are testing and troubleshooting.
Two of the most well known utilities, ping and
traceroute rely on ICMP to perform connectivity test
and path discovery.
Other tools
e.g VisualRoute (http://www.visualroute.com)
WinMTR (http://winmtr.sourceforge.net)
11
traceroute


It prints the path a packet takes to reach its destination
showing the names of all the intermediate routers
Making use of the following ICMP messages


Time exceeded
Destination unreachable
[root@CimLinuxServer ~]# traceroute www.cisco.com
traceroute to www.cisco.com (198.133.219.25), 30 hops max, 38 byte packets
1 192.168.19.249 (192.168.19.249) 0.364 ms 0.279 ms 0.256 ms
2 fw17.vtc.edu.hk (192.168.16.176) 1.211 ms 1.172 ms 1.028 ms
3 cw7204.vtc.edu.hk (202.40.210.220) 1.819 ms 1.870 ms 2.380 ms
4 218.189.111.201 (218.189.111.201) 4.417 ms 4.738 ms 4.880 ms
5 210.0.247.6 (210.0.247.6) 5.706 ms 4.338 ms 5.259 ms
6 62.216.146.241 (62.216.146.241) 6.742 ms 5.772 ms 4.490 ms
Note: You may use the “-c” option to specify the no. of ping packets.
e.g. ping –c 4 172.21.2.30
12
traceroute (Linux / Unix)


It determines the path by sending a series of UDP probe
packets with TTL fields 1, 2, 3, …
This causes each intermediate router on the path to send a
Time Exceeded message back to the sender
13
Illustration: TTL=1
Extract information about router X from packet
Create a probe packet
A
IP
TTL=1
ICMP
B
Time Exceeded
Packet will be discarded
IP
TTL=0
Router X
Router Z
Router Y
14
Illustration: TTL=2
Extract information about router Y from packet
Create a probe packet
A
IP
B
TTL=2
Packet will be discarded
Router X
IP
TTL=1
IP
TTL=0
Router Z
Router Y
ICMP
15
Illustration: TTL=3
Extract information about router Z from packet
Create a probe packet
A
IP
B
TTL=3
IP
Router X
IP
TTL=0
ICMP
TTL=2
IP
TTL=1
Router Z
Router Y
16
Illustration: TTL=4
Destination
unreachable
Create a probe packet
Extract information from packet
A
IP
B
TTL=4
IP
Router X
ICMP
IP
TTL=3
IP
TTL=1
TTL=2
Router Z
Router Y
17
tracert (Windows)



Windows equivalent of traceroute
Use ICMP echo requests and echo replies
Send packets to port 7 instead of a high port
18
Illustration: TTL=4 (tracert)
echo-reply
Create a probe packet
Extract information from packet
A
IP
ICMP
It is a echo-request
TTL=4
IP
Router X
IP
TTL=3
IP
B
TTL=1
TTL=2
Router Z
Router Y
19
ping



A utility to check whether other machines are reachable
It sends out a series of ICMP echo-request and then captures
echo-reply messages
It provides statistical information for network testing,
measurement and management
[root@CimLinuxServer ~]# ping www.yahoo.com
PING www.yahoo-ht2.akadns.net (209.131.36.158) 56(84) bytes of
data.
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=0
ttl=55 time=162 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=1
ttl=55 time=156 ms
64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=2
ttl=54 time=172 ms
20
Stop responding from ping

You may use the following command to stop your machine from
responding to ping from other machine
[root]#echo 1 > /proc/sys/net/ipv4/echo_icmp_ignore_all
Note:
A ping of death (abbreviated "POD") is a type of attack on a computer that involves
sending a malformed or otherwise malicious ping to a computer.
21
IGMP


The Internet Group Message Protocol (IGMP) has been
designed to help a multicast router identify the hosts in a
LAN that are members of a multicast group
IGMP has only 2 types of messages: report and query
 The report message is sent from the host to router
 The query message is sent from the router to the hosts
22
Unicast


Unicast is the term used to describe communication where a
piece of information is sent from one point to another point.
In this case there is just one sender, and one receiver.
Unicast transmission, in which a packet is sent from a single
source to a specified destination, is still the predominant form
of transmission on LANs and within the Internet. All LANs
(e.g. Ethernet) and IP networks support the unicast transfer
mode, and most users are familiar with the standard unicast
applications (e.g. http, smtp, ftp and telnet) which employ the
TCP transport protocol.
23
Broadcast


Broadcast is the term used to describe communication where
a piece of information is sent from one point to all other
points. In this case there is just one sender, but the
information is sent to all connected receivers.
Broadcast transmission is supported on most LANs (e.g.
Ethernet), and may be used to send the same message to all
computers on the LAN (e.g. the address resolution protocol
(arp) uses this to send an address resolution query to all
computers on a LAN). Network layer protocols (such as IP)
also support a form of broadcast which allows the same
packet to be sent to every system in a logical network.
24
Multicast

Multicast is the term used to describe communication
where a piece of information is sent from one or more
points to a set of other points. In this case there is may be
one or more senders, and the information is distributed to
a set of receivers (there may be no receivers, or any other
number of receivers).
25
Multicast

Multicasting is the networking technique of delivering the
same packet simultaneously to a group of clients. IP
multicast provides dynamic many-to-many connectivity
between a set of senders (at least 1) and a group of
receivers. The format of IP multicast packets is identical to
that of unicast packets and is distinguished only by the use
of a special class of destination address (class D IP
address) which denotes a specific multicast group. Since
TCP supports only the unicast mode, multicast
applications must use the UDP transport protocol.
26
Operation of IGMP in a single
network

A Mrouter connected to a LAN has a list of multicast address of the groups for
which there is at least one loyal member
List of groups
having loyal members
...
Host
Host
225.70.8.20
231.24.60.9
.
.
229.60.12.8
Host
LAN
R
Multicast router
27
Operation of IGMP in a single
network (Cont)

Joining a group
 Each host maintains a list of processes with membership
in a group
 When a process want to join a group, it sends its request to
the host, the host will add the name of the process and the
name of the requested group to its list
 Then the host sends a IGMP report to the multicast router
28
Operation of IGMP in a single
network (Cont)

Monitoring group membership
 A multicast router is responsible for monitoring all of the
hosts in a LAN to see if they want to continue their
membership
 The router periodically sends a query message
29
Operation of IGMP in a single
network (Cont)

Continue membership
 The host keeps a list of processes that wish to continue
membership in a group
 When a host receive a query, it checks this list
 For each group with at least one process still interested in
continuing the membership, the host must send a report
30
Operation of IGMP in a single
network (Cont)

Leaving a group
 When a host receives a query and finds that there is not a
process interested in that group anymore, it does not
respond and does not send a report about that group
 If no host on the LAN sends a report for a specific group,
the address of that group is deleted
31
Operation of IGMP in Internet
To the rest of the Internet
R1
Host
Host
Network A
Host
Host
R2
Host
R3
Host
Host
Network A
Host
Host
Network A
Host
Host
Host
32
Operation of IGMP in Internet (Cont)


Multicast routing in an Internet is accomplished by using the
spanning tree algorithm
The spanning tree algorithm is used in data structures to
create a tree out of a group
33
RFC (Request for Comments)
Request for Comments, a series of notes about the Internet,
started in 1969. An Internet Document can be submitted to
the IETF by anyone, but the IETF decides if the document
becomes an RFC. Eventually, if it gains enough interest, it
may evolve into an Internet standard.
 Each RFC is designated by an RFC number. Once published,
an RFC never changes. Modifications to an original RFC are
assigned a new RFC number.
e.g.
rfc792
– ICMP

rfc2236
rfc2612
…
…
– IGMP
– HTTP version 1.1
34