ICMP and TCP - La Salle University
Download
Report
Transcript ICMP and TCP - La Salle University
ICMP
Based on Chapter 23 in Computer
Networks and Internets, Comer
CSIT 220 (Blum)
1
ICMP
Internet Control Message Protocol is an
extension to the Internet Protocol (defined by
RFC 792).
ICMP packets convey information about
errors that occurred, or control information
(indicating that a source should transmit less
or reroute, etc.) and general information
about the IP delivery system.
ping and tracert use ICMP to provide
information about Internet connections.
“Messages for routers”
CSIT 220 (Blum)
2
RFC 792
CSIT 220 (Blum)
3
Quote from RFC 792
CSIT 220 (Blum)
4
ICMP categories
ICMP packets fall into two categories
Error messages: ICMP packets that are sent when
a non-ICMP packet encounters some difficulty.
Reply/request: ICMP packets requesting
information and ICMP packets replying to those
requests.
ICMP packets are handled like any ordinary
packet except that an ICMP packet that
encounters difficulty does not result in further
ICMP packets
CSIT 220 (Blum)
5
No ICMPs about ICMPs
CSIT 220 (Blum)
6
Nested encapsulations
An ICMP message is placed in an IP packet which
is placed in a Layer 2 frame, such as Ethernet. But
ICMP is considered a Layer 3 service.
ICMP is a Layer-3 message encapsulated in
another Layer-3 packet.
CSIT 220 (Blum)
7
Types of
ICMP
messages
CSIT 220 (Blum)
8
Source Quench
If a router’s buffer is full, it is forced to
drop a packet.
When routers drop a packet, they (may)
send a message to the source.
The source reduces the rate at which it
is transmitting messages.
This is part of “flow control.”
Analog of xon-xoff.
CSIT 220 (Blum)
9
Source Quench
Source Quench Message sends back header and some
data from packet being dropped.
CSIT 220 (Blum)
10
Destination Unreachable
Indicates that a packet cannot be delivered
because the destination cannot be reached.
There could be various reasons
the host is unreachable or unknown
the network is unreachable or unknown
the network or host is unreachable for this type of
service
the protocol or port is unknown or unusable
fragmentation is required but not allowed (DF-flag
is set)
CSIT 220 (Blum)
11
Destination Unreachable Message
CSIT 220 (Blum)
12
Ports (physical)
There are “physical” ports and “logical” ports.
A physical port is a specific place for
physically connecting to another device,
usually with a socket and plug of some kind.
Serial ports: data is sent through port and
corresponding connection bit-by-bit.
Parallel ports: data is sent through port and
corresponding connection several bits at a time on
parallel wires.
CSIT 220 (Blum)
13
Ports (logical)
A logical port is the software place (address)
for connecting.
In the client/server model, a computer acting
as a server typically has many services
available, so the client must specify not only
which computer but which port.
Port numbers are from 0 to 65536. Ports 0 to
1024 are reserved for use by certain
privileged services.
CSIT 220 (Blum)
14
Well-known ports
Certain services, like Hypertext Transfer
Protocol, have pre-assigned ports. These are
called "well-known ports" and have been
assigned by the Internet Assigned Numbers
Authority (IANA).
HTTP uses port 80 as a default, it does not have
to be specified in the URL.
Other applications are given port numbers
dynamically. When a service starts, it is said
to “bind” to its designated port. Clients
wanting to use the service, must request to
bind to the designated port number.
CSIT 220 (Blum)
15
Echo Request/Reply
Used to determine whether hosts are
reachable on the network.
A source sends an Echo (request) message to
a destination. The destination host responds
with an Echo Reply.
The request can contain some data, the reply
contains the same data.
When one pings, one issues a series (typically
four) ICMP echo requests. If there is a
successful echo from the destination, then
the network connection is fine.
CSIT 220 (Blum)
16
Echo
Read echo, think of request for echo
CSIT 220 (Blum)
17
Ping uses echo request/reply
CSIT 220 (Blum)
18
Time Exceeded
A packet has a TTL (time to live) field. It is
decremented by each router it passes through. If the
TTL field reaches zero, a TTL exceeded message is
sent to the source. (“Time” means hops here.)
This stops mislabeled packets from continuously
using bandwidth as they are passed around the
network.
Another time exceeded message occurs when a
destination receives a fragmented packet. It starts a
timer and sends a message to the source if all
fragments are not received within a certain amount
of time. (“Time” means time (seconds) here.)
CSIT 220 (Blum)
19
Time Exceeded Message
Two kinds
CSIT 220 (Blum)
20
Recall the TTL field of an IP packet
CSIT 220 (Blum)
21
traceroute/tracert
TTL (time to live) plays an important role in
the traceroute command.
Traceroute sends out a series of ICMP
packets, the first has a TTL of 1. So that
packet makes one hop, its TTL is
decremented to zero and a Time Exceeded
packet is sent back to the source.
The source address of the Time Exceeded
packet is the first node of the packet’s route.
CSIT 220 (Blum)
22
traceroute (Cont.)
The source then issues successive ICMP
packets each with the TTL one higher
than the previous packet. Each packet
gets one hop further before a Time
Exceeded packet is sent to the source.
In this way the source collects
information on the nodes comprising
the packet’s route.
CSIT 220 (Blum)
23
Tracert
CSIT 220 (Blum)
24
tracert versus traceroute
Recall that traceroute is a Unix command and
that tracert is a Windows/DOS command.
They differ not only in which operating
system the command is issued from but also
in how the process is terminated.
The tracert (Windows/DOS) packets have an
echo request. So when the packet finally
reaches the destination, it does not issue a
Time Exceeded message but rather an echo
reply.
CSIT 220 (Blum)
25
Unix traceroute termination
A traceroute (Unix) packet requests a port
number that is outside the normal range.
When the packet reaches its destination
computer, the destination sends a Port
Unreachable message.
Destination Unreachable message with code 3,
port unreachable.
If you see an asterisk (*), this indicates a hop
that exceeded some time limit (real time, not
TTL time).
CSIT 220 (Blum)
26
tracert www.whatis.com
CSIT 220 (Blum)
27
Redirect
Used by a host or router to let the sending
host know that packets should be forwarded
to another address.
A network may have more than one router
connected. One router will serve as the
“default gateway” or “default router.” This is
where the computer sends messages if it
does not know where to send them.
CSIT 220 (Blum)
28
Default gateway
CSIT 220 (Blum)
29
Redirect
If the default router determines that the
host should have sent the message to
another router instead, it forwards the
message to that router but it also sends
an ICMP redirect message to the source
so that it will update its table and send
any future message with that
destination to the correct router.
CSIT 220 (Blum)
30
Redirect Message
Router address that should be used in the future.
CSIT 220 (Blum)
31
Address Mask Request/Reply
We discussed diskless workstation which do
not know their IP address when they boot
and use RARP to determine it.
There is an ICMP packet used if a host does
not know its subnet mask.
The host broadcasts an address mask request
when it boots, and routers that receive the
request send the network’s subnet mask.
CSIT 220 (Blum)
32
Timestamp/Timestamp Reply
Like Echo messages, but have a field for
the time to be entered (with millisecond
precision). This provides one with
a measure of how long remote systems
spend buffering and processing packets
a way for hosts to synchronize their clocks.
CSIT 220 (Blum)
33
Timestamp
CSIT 220 (Blum)
34
Determining path MTU
Recall that a path MTU is the smallest
MTU (maximum transmission unit, i.e.
maximum packet size) along a route
from source to destination.
One can use some ping options to
determine a path MTU.
Recall one obtains the ping options by
typing ping /?
CSIT 220 (Blum)
35
Ping options
CSIT 220 (Blum)
36
Ping options
The two relevant ping options for determining
path MTU are – l (ell) and –f.
The –l option is followed by a number which
is the size of the IP packet being sent.
The –f options sets a flag in the IP packet
that disallows fragmentation.
The packet will be dropped rather than
broken up.
A destination unreachable ICMP message is
sent to the source.
CSIT 220 (Blum)
37
Path MTU
CSIT 220 (Blum)
38
Determining path MTU
One can set the IP packet size to
something large and in addition set the
flag to block fragmentation.
Then do a (binary) search on the packet
sizes, to determine the largest packet
that gets through. This is the path
MTU.
CSIT 220 (Blum)
39
Set packet size/block fragmentation
CSIT 220 (Blum)
40
Set packet size/block fragmentation
CSIT 220 (Blum)
41
Determining path MTU with ping
CSIT 220 (Blum)
42
Determining path MTU with ping
CSIT 220 (Blum)
43
TCP
Based on Chapter 24 in Computer
Networks and Internets, Comer
CSIT 220 (Blum)
44
TCP
UDP (User Datagram Protocol) and TCP
(Transmission Control Protocol) sit on top of
IP (Internet Protocol) in the Transport layer of
the TCP/IP model.
While IP is responsible for delivering the
packets, TCP is in charge of ensuring that
messages were received (reliability) and
delivered to the correct application (demultiplexes).
CSIT 220 (Blum)
45
RFC 793
CSIT 220 (Blum)
46
RFC 793 Introduction
CSIT 220 (Blum)
47
Somewhat Connection-Oriented
TCP provides some of the features (especially
reliability) of a connection-oriented scheme to
the underlying connectionless IP delivery system.
Recall the TCP/IP Model’s transport layer is
“thicker” than OSI Model’s transport layer, this is
because TCP takes on some of the responsibilities
of the OSI Model’s Session Layer (which
establishes and terminates a communication
session – agreements to communicate).
CSIT 220 (Blum)
48
TCP Example
When an HTML file is sent to you (the client)
from a Web server, the server’s TCP layer
breaks the file into packets, numbers the
packets, and then passes them one-by-one to
its IP layer.
The packets may follow different routes.
Your (the client’s) TCP layer collects and
reassembles the individual packets and hands
a single file to your HTTP program in the
Application Layer.
CSIT 220 (Blum)
49
TCP
TCP compensates for loss and/or delay of
packets in an internet.
It hides the loss or delay of packets from the
higher layers.
TCP provides reliability without sacrificing
efficiency.
TCP allows applications on different
computers to interact without regard for the
details of the connection between them.
CSIT 220 (Blum)
50
Segments and streams and ports, oh my
In TCP, the message unit is known as a
segment (instead of a packet).
TCP is logically connection-oriented, and all of
the segments belonging to a session make up
what is called a stream.
Applications treat a stream essentially the same
whether it comes from the Internet, a file or the
keyboard.
The “address” the message is delivered to
within a computer is known as a port.
CSIT 220 (Blum)
51
Ports
Since port numbers are the TCP address scheme, a TCP
segment has a field for both the source and destination port.
CSIT 220 (Blum)
52
Some Well Known Ports
Service
Port
Protocol
FTP data
FTP control
telnet
SMTP
DNS
TFTP
HTTP
20
21
23
25
53
69
80
TCP
TCP
TCP
TCP
UDP, TCP
UDP
TCP
CSIT 220 (Blum)
53
Initiating a session
A client (a.k.a. an active client) initiates a
session (connection) by sending a server
(a.k.a. passive client) a SYN segment with
an arbitrary sequence number (e.g. 123)
A segment is identified as a SYN segment by the
value of its SYN bit which is in with the code bits
on the TCP segment header.
The sequence number should uniquely identify the
session.
This is the first step in what is called a “threeway handshake.”
CSIT 220 (Blum)
54
TCP segment
In TCP they are called segments instead of packets. Among the
code bits is the SYN bit used in initiating a session.
CSIT 220 (Blum)
55
CSIT 220 (Blum)
56
Initiating a session: Parts II & III
The passive client (server) responds with a
SYN segment
It adds one to the active client’s sequence number
(124=123+1) and places it in the segment as the
acknowledgment number.
It generates its own “arbitrary” sequence number K
The active client responds to that by sending
an ACK(nowledge) segment with an
acknowledgment number K+1
CSIT 220 (Blum)
57
Acknowledgement
In the second stage of a three-way handshake, the destination lets
the source know it is accepting communication by using the
acknowledgement field.
CSIT 220 (Blum)
58
Three-way handshake
Server
Client
SYN J=123
SYN K + ACK
J+1 =124
ACK K+1
CSIT 220 (Blum)
59
Three-way handshake analogy
Client
Dial number, Server
phone rings
Phone picked
up, “Hello”
CSIT 220 (Blum)
Original party,
hears “Hello”
and replies with
“Hello”
60
TCP Provides
Reliability: Data will be delivered exactly as sent.
Full Duplex Communication: The conversation is two
way without either side having to wait its turn.
Stream Interface: until the session ends, all of the
data is treated the same; it belongs to one stream.
Reliable Connection Startup: sessions are not
confused with simultaneous or previous sessions.
Graceful Connection Shutdown: both participants are
aware of the ending of a session.
CSIT 220 (Blum)
61
Other References
http://www.webopedia.com
http://www.whatis.com
http://www.scit.wlv.ac.uk/~jphb/comms
/tcp.html
Computer Dictionary, Shnier
http://www.wildpackets.com/compendi
um/IP/ICM-Redr.html
CSIT 220 (Blum)
62