Transcript ch04
Guide to TCP/IP, Third Edition Chapter 4: Internet Control Message Protocol Objectives • Understand the Internet Control Message Protocol • Test and troubleshoot sequences for Internet Control Message Protocol • Work with Internet Control Message Protocol packet fields and functions Internet Control Message Protocol 2 Understanding The Internet Control Message Protocol • ICMP – Provides information about network connectivity and routing behavior – Provides a way to return information to senders – Messages are nothing more than specially formatted IP datagrams Internet Control Message Protocol 3 Overview of RFC 792 • RFC 792 – Provides basic specification for all ICMP messages • According to RFC 792, ICMP – Provides mechanism for gateways (routers) or destination hosts to communicate with source hosts – Takes the form of specially formatted IP datagrams – Required in some implementations of TCP/IP – Reports errors about processing of non-ICMP IP datagrams Internet Control Message Protocol 4 ICMP’s Vital Role on IP Networks • ICMP’s job is to provide information about – – – – IP routing behavior Reachability Routes between specific pairs of IP hosts Delivery errors Internet Control Message Protocol 5 Internet Control Message Protocol 6 Internet Control Message Protocol 7 Testing And Troubleshooting Sequences For ICMP: Connectivity Testing with Ping • PING and TRACEROUTE – Rely on ICMP to perform connectivity tests and path discovery • PING – Actually a form of ICMP Echo communication • ICMP Echo Request – Connectionless process with no guarantee of delivery Internet Control Message Protocol 8 Internet Control Message Protocol 9 Connectivity Testing with PING (continued) • Most PING utilities – Send series of several Echo Requests to the target in order to obtain average response time • PING utility – Sends series of four ICMP Echo Requests with a one-second ICMP Echo Reply Timeout value – Supports IP addresses and names – Uses traditional name resolution processes Internet Control Message Protocol 10 Internet Control Message Protocol 11 Connectivity Testing with PING (cont’d) • Parameters available with the PING utility – – – – – -l size -f -i TTL -v TOS, -w timeout Internet Control Message Protocol 12 Path Discovery with TRACEROUTE • TRACEROUTE utility – Uses route tracing to identify a path from sender to target host – Available parameters • -d • -h • -w Internet Control Message Protocol 13 Internet Control Message Protocol 14 Path Discovery with PATHPING • PATHPING utility – Command-line utility – Uses ICMP Echo packets to test router and link latency, as well as packet loss • PMTU Discovery – Enables source to learn the currently supported MTU across an entire path Internet Control Message Protocol 15 Path MTU Discovery with ICMP • PMTU process – Host A sends a 4,096-byte packet to Host B – Router 1 discards packet and sends Host A a “Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet – Host A re-sends packet using maximum MTU size of 1,500 – Router 1 strips off token ring header and applies Ethernet header before forwarding packet Internet Control Message Protocol 16 Internet Control Message Protocol 17 Internet Control Message Protocol 18 Routing Sequences for ICMP • ICMP – Can provide some routing information to hosts – Used by routers to provide a default gateway setting to a host • Routers – Can send ICMP messages Internet Control Message Protocol 19 Router Discovery • IP hosts – Typically learn about routes through manual configuration of • Default gateway parameter and redirection messages – Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements • By default – ICMP Router Solicitation packet is sent to the allrouters IP multicast address 224.0.0.2 Internet Control Message Protocol 20 Internet Control Message Protocol 21 Router Advertising • ICMP Router Advertisements – Allow hosts to passively learn about available routes • Default Lifetime value for route entries – 30 minutes • Default advertising rate – Between seven and ten minutes Internet Control Message Protocol 22 Internet Control Message Protocol 23 Security Issues For ICMP • ICMP – Can be used as an information-gathering tool • IP address scanning process – One method of obtaining a list of the active hosts • IP host probe – Performed by sending a PING packet to each host within a range and noting the responses Internet Control Message Protocol 24 ICMP Redirect Attack • ICMP – Used to manipulate traffic flow between hosts • Attacker can – Redirect traffic to his machine and perform any number of man-in-the-middle style attacks Internet Control Message Protocol 25 ICMP Router Discovery • Susceptible to attack on the local network segment • During discovery process – Router solicitation message finds its way to attacker’s machine • Timing is critical Internet Control Message Protocol 26 Inverse Mapping • One method of determining live targets on a network • Firewalking – Describes the concept of walking a firewall ACL or ruleset to determine what it filters and how – A two-phase attack method Internet Control Message Protocol 27 ICMP Packet Fields and Functions • Value 1 in IP header Protocol field – Denotes that an ICMP header follows the IP header • ICMP header portions – Constant portion – Variable portion Internet Control Message Protocol 28 Internet Control Message Protocol 29 Constant ICMP Fields • ICMP packets contain three required fields after the IP header – Type – Code – Checksum Internet Control Message Protocol 30 The Variable ICMP Structures and Functions • ICMP Type 0 – Used for Echo Reply packets • ICMP Type 8 – Used for Echo Request packets • RFC 792 – Identifier and Sequence fields are used to aid in matching Echo messages with Echo Replies Internet Control Message Protocol 31 Internet Control Message Protocol 32 Internet Control Message Protocol 33 Type 3: Destination Unreachable Packets • Network troubleshooters – Often closely track ICMP Destination Unreachable packets • Host that sends Destination Unreachable packet – Must return IP header and eight bytes of original datagram that triggered this response • Total of 16 (0 through 15) possible codes – Currently assigned to ICMP Destination Unreachable type number Internet Control Message Protocol 34 Internet Control Message Protocol 35 Internet Control Message Protocol 36 Type 4: Source Quench • Router or host – May use Source Quench to indicate that it is becoming congested or overloaded • By default – Most current routers do not issue Source Quench messages Internet Control Message Protocol 37 Internet Control Message Protocol 38 Type 5: Redirect • Routers – Send ICMP Redirect messages to hosts to indicate that a preferable route exists • ICMP Redirect packet – Four-byte field for the preferred gateway’s address • Ideally – Clients should update routing tables to indicate optimal path Internet Control Message Protocol 39 Types 9 and 10: Router Advertisement and Router Solicitation • ICMP Router Advertisement packets include the following fields – – – – – – # of Addresses Address Size Lifetime Router Address 1 Precedence Level 1 Router Address 2 and Precedence Level 2 Internet Control Message Protocol 40 Type 11: Time Exceeded • Routers or hosts – Can send these ICMP packets • Codes that can be used – Code 0 and Code 1 Internet Control Message Protocol 41 Type 12: Parameter Problem • Errors indicate problems not covered by other ICMP error messages • Codes used in ICMP Parameter Problem messages – Code 0: Pointer Indicates the Error – Code 1: Missing a Required Option – Code 2: Bad Length Internet Control Message Protocol 42 Types 13 and 14: Timestamp and Timestamp Reply • Defined as a method for one IP host to obtain the current time • Value returned – The number in milliseconds since midnight, Universal Time (UT) • ICMP Timestamp and Timestamp Reply packets – Use the same structure Internet Control Message Protocol 43 Types 15 and 16: Information Request and Information Reply • Provides a way for a host to find out what network it is on • ICMP Information Request and Information Reply packets – Use the same structure Internet Control Message Protocol 44 Types 17 and 18: Address Mask Request and Address Mask Reply • Intended to provide diskless hosts with a method to determine their network mask information • ICMP Address Mask Request and Address Mask Reply packets – Use the same structure Internet Control Message Protocol 45 Type 30: TRACEROUTE • Documented in RFC 1393 but not currently in use • Requires some added functionality in the IP routers it traverses • Adding functionality to routers – Costly and requires numerous resources to build, implement, and test new code Internet Control Message Protocol 46 Internet Control Message Protocol 47 Summary • ICMP – Provides vital feedback about IP routing and delivery problems – Really part of IP itself – Support is required in any standards-compliant IP implementation – Used by PING and TRACEROUTE to measure round-trip times – Supports PMTU Discovery between a sender and a receiver Internet Control Message Protocol 48 Summary (continued) • Route and routing error information from ICMP – Derives from numerous types of ICMP messages • ICMP – Supports route optimization through its ICMP Redirect message type – Security issues are important – Message structures and functions can vary Internet Control Message Protocol 49