Transcript Chapter 3
Figure 3-33: Internet Control Message Protocol (ICMP) ICMP is for Supervisory Messages at the Internet Layer ICMP and IP An ICMP message is delivered (encapsulated) in the data field of an IP packet Types and Codes (Figure 3-2) Type: General category of supervisory message Code: Subcategory of type (set to zero if there is no code) 1 Figure 8.13: Internet Control Message Protocol (ICMP) for Supervisory Messages Router “Host Unreachable” Error Message ICMP Message “Echo Reply” IP Header “Echo” 2 Figure 3-32: IP Packet with an ICMP Message Data Field Bit 0 Bit 31 IP Header (Usually 20 Bytes) Type (8 bits) Code (8 bits) Depends on Type and Code Depends on Type and Code 3 Figure 3-32: Internet control Message Protocol (ICMP) Network Analysis Messages Echo (Type 8, no code) asks target host if it is operational and available Echo reply (Type 0, no code). Target host responds to echo sender Ping program implements Echo and Echo Reply. Like submarine pinging a target Ping is useful for network managers to diagnose problems based on failures to reply Ping is useful for hackers to identify potential targets: live ones reply 4 Figure 3-32: Internet control Message Protocol (ICMP) Error Advisement Messages Advise sender of error but there is no error correction Host Unreachable (Type 3, multiple codes) Many codes for specific reasons for host being unreachable Host unreachable packet’s source IP address confirms to hackers that the IP address is live and therefore a potential victim Usually sent by a router 5 Figure 3-31: Internet control Message Protocol (ICMP) Error Advisement Messages Time Exceeded (Type 11, no codes) Router decrementing TTL to 0 discards packet, sends time exceeded message IP header containing error message reveals router’s IP address By progressively incrementing TTL values by 1 in successive packets, attacker can scan progressively deeper into the network, mapping the network Also usually sent by a router 6 Figure 3-31: Internet control Message Protocol (ICMP) Control Codes Control network/host operation Source Quench (Type=4, no code) Tells destination host to slow down its transmission rate Legitimate use: Flow control if host sending source quench is overloaded Attackers can use for denial-of-service attack 7 Figure 3-31: Internet control Message Protocol (ICMP) Control Codes Redirect (Type 5, multiple codes) Tells host or router to send packets in different way than they have Attackers can disrupt network operations, for example, by sending packets down black holes Many Other ICMP Messages 8