1.ICMP Introduction + Ping Attack description + TraceRoute
Download
Report
Transcript 1.ICMP Introduction + Ping Attack description + TraceRoute
Computer Networking Experiment
ICMP封包協定分析
第11組
張鶴齡
吳柏良
黃柏鈞
洪培堯
資訊三
資訊三
資訊三
資訊三
b91902011
b91902029
b91902048
b91902056
ICMP
Internet Control Message Protocol
Gateway : Network connecting devices
Gateway or destination host will
communicate with a source host.
ICMP, uses the basic support of IP as if it
were a higher level protocol.
ICMP
Situations to send ICMP message
Datagram cannot reach its destination
Gateway does not have the buffering
capacity to forward a datagram
Gateway can direct the host to send traffic on
a shorter route.
ICMP
Purpose
IP is not reliable.
Provide feedback about problems in the
communication environment, not to make IP
reliable.
ICMP
Characteristic
Report errors in the processing of datagrams.
No ICMP messages are sent about ICMP
messages.
Only sent about errors in handling fragment
zero of fragemented datagrams. (Fragment
zero has the fragment offeset equal zero).
ICMP
Format
Using basic IP header.
Version : 4
IHL : internet header length in 32-bit words.
Type of Service : 0 (Routine, Delay, Throughput, Reliability)
Total Length : in bytes.
Identification, Flags, Fragment Offset
Time to Live : in second (at least as great as number of gateway)
Protocol : ICMP = 1
Header Checksum : 16-bit one’s complement
Source Address : host that composes the ICMP
Destination : where ICMP should be sent
Option
ICMP
Destination Unreachable Message
ICMP: Destination
Unreachable Message
Format
Type 3
Code
0 = net unreachable;
1 = host unreachable;
2 = protocol unreachable;
3 = port unreachable;
4 = fragmentation needed and DF set;
5 = source route failed.
ICMP: Destination
Unreachable Message
Format
Checksum
Internet Header(24 bytes) + 64 bits (8
bytes )of Data Datagram
match the message to the appropriate process.
Source Port may be (assume to be) included. (for
TCP: Source port, Dest. port, sequence number,
acknowledgement, for UDP: Source port, Dest.
Port, length, Checksum)
ICMP: Destination
Unreachable Message
When to send?
0 Network Unreachable
1 Host Unreachable
forwarding path (route) to the destination network
is not available.
forwarding path (route) to the destination host on
a directly connected network is not available .
2 Protocol Unreachable
transport protocol is not supported in the transport
layer of the final destination;
ICMP: Destination
Unreachable Message
When to send?
3 Port Unreachable
4 Fragmentation Needed and DF Set generate
unable to demultiplex the datagram in the transport layer of
the final destination but has no protocol mechanism to
inform the sender;
router needs to fragment a datagram but cannot since the
DF flag is set;
5 Source Route Failed
router cannot forward a packet to the next hop(二個節點之
間的傳輸路程 ) in a source route option;
ICMP: Destination
Unreachable Message
When to send?
6 Destination Network Unknown
7 Destination Host Unknown
(net unreachable code 0 SHOULD be used in
place of code 6);
router can determine (from link layer advice) that
the destination host does not exist;
11 Network Unreachable For Type Of Service
forwarding path (route) to the destination network
with the requested or default TOS is not available;
ICMP: Destination
Unreachable Message
When to send?
12 Host Unreachable For Type Of Service
the destination do not match either the TOS
requested in the datagram or the default TOS (0).
13 Communication Administratively
Prohibited
router cannot forward a packet due to
administrative filtering;
ICMP
Time Exceeded Message
ICMP : Time
Exceeded Message
Format
Type 11
Code
0 = time to live exceeded in transit;
1 = fragment reassembly time exceeded.
Checksum
Internet Header + 64 bits of Data Datagram
ICMP : Time
Exceeded Message
When to send?
0 time to live exceeded in transit
1 fragment reassembly time exceeded
Time to live field is zero, discard the datagram ( by
gateway).
host cannot complete the reassembly due to
missing fragments within its time limit it discards
the datagram.
If fragment zero is not available then no time
exceeded need be sent at all.
ICMP
Parameter Problem Message
ICMP : Parameter
Problem Message
Format
Type 12
Code
Checksum
Pointer
0 = pointer indicates the error.
If code = 0, identifies the octet where an error was
detected.
Internet Header + 64 bits of Data Datagram
ICMP : Parameter
Problem Message
When to send?
Cannot complete processing the datagram
due to problem with the header parameters, it
must discard the datagram.
Only sent if the error caused the datagram to be
discarded.
Pointer
Identifies the octet of the original datagram’s
header where the error was detected
For example, 1 indicates something is wrong with
the Type of Service( the second byte in IP header).
ICMP
Source Quench Message (Quench:抑制)
ICMP : Source
Quench Message
Format
Type 4
Code
0
Checksum
Internet Header + 64 bits of Data Datagram
ICMP : Source
Quench Message
When to send?
Gateway
Destination host
Discard internet datagrams if it does not have the buffer
space needed to queue the datagrams for output to the
next network on the route.
Datagrams arrive too fast to be processed.
Gateway and Destination Host
When it approaches its capacity limit rather than waiting
until the capacity is exceeded. This means that the data
datagram which triggered the source quench message may
be delivered.
ICMP : Source
Quench Message
Source Host Response?
Cut back the rate until it no longer receives
source quench messages .
The source host can then gradually increase
the rate until it again receives source quench
messages.
Like flow-control and congestion-control in
TCP, except that the message can also be
sent by gateway.
ICMP
Redirect Message
ICMP : Redirect
Message
Format
Type 5
Code
Checksum
Gateway Internet Address
0 = Redirect for the Network.
1 = Redirect for the Host.
2 = Redirect for the Type of Service and Network.
3 = Redirect for the Type of Service and Host.
Address of the gateway to which traffic for the network
specified in the internet destination network field of the
original datagram’s data should be sent.
Internet Header + 64 bits of Data Datagram
ICMP : Redirect
Message
When to send?
A gateway, G1 checks its routing table and
obtains the address of the next gateway, G2
such that G2 and the host identified by the
internet source address of the datagram are on
the same network.
The redirect message advises the host to send its
traffic directly to gateway G2 as this is a shorter
path to the destination.
The gateway forwards the original datagram’s data
to its internet destination.
ICMP : Redirect
Message
When to send?
For datagrams with the IP source route
options and the gateway address in the
destination address field, a redirect message
is not sent even if there is a better route.
ICMP
Echo or Echo Reply Message
ICMP : Echo
or Echo Reply Message
Format
IP Fields: switch source and destination address
ICMP Fields:
Type
Code
0
Checksum
Identifier
8 for echo message
0 for echo reply message
Aid in matching echos and replies, may be zero.
Sequence Number
Aid in matching echos and replies, may be zero.
ICMP : Echo
or Echo Reply Message
Something need to know?
The data received in the echo message must
be returned in the echo reply message.
Identifier might be used like a port in TCP or
UDP to identify a session.
Sequence number might be incremented on
each echo request sent. The echoer returns
these same values in the echo reply.
ICMP
Timestamp or Timestamp Reply Message
ICMP : Timestamp or Timestamp Reply Message
Format
IP Fields: switch source and destination address
ICMP Fields:
Type
Code
13 for timestamp message
14 for timestamp reply message
0
Checksum
Identifier
Sequence Number
ICMP : Timestamp or Timestamp Reply Message
Something need to know?
Originate Timestamp
sender last touched the message before
sending it.
Receive Timestamp
echoer first touched it on receipt.
Transmit Timestamp
echoer last touched the message on sending it.
ICMP : Timestamp or Timestamp Reply Message
Something need to know?
The timestamp is 32 bits of milliseconds since
midnight UT ( UT(0)==GMT,UT(1),UT(2)) .
If the time is not available in miliseconds or
cannot be provided with respect to midnight UT
then any time can be inserted in a timestamp
provided the high order bit of the timestamp is
also set to indicate this non-standard value.
ICMP
Information Request or Information Reply Message
ICMP : Information Request or Information Reply Message
Format
IP Fields: switch source and destination address
ICMP Fields:
Type
Code
15 for information request message
16 for information reply message
0
Checksum
Identifier
Sequence Number
ICMP : Information Request or Information Reply Message
When to send?
This message may be sent with the source
network in the IP header source and
destination address fields zero (which means
"this“ network).
The replying IP module should send the reply
with the addresses fully specified. This
message is a way for a host to find out the
number of the network it is on.
(Before RARP, the message is used to get
network information when boot)
ICMP
Summary of Mentioned Message Types
0 Echo Reply
3 Destination Unreachable
4 Source Quench
5 Redirect
8 Echo
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
15 Information Request
16 Information Reply
ICMP
Summary of Message Types
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Solicitation [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
ICMP
Summary of Message Types
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37 Domain Name Request [RFC1788]
38 Domain Name Reply [RFC1788]
39 SKIP [Markson]
40 Photuris [RFC2521]
41 ICMP messages utilized by experimental [RFC-ietf-seamoby-iana-02.txt] mobility
protocols such as Seamoby
42-255 Reserved [JBP]
ICMP
Reference
RFC 792 : INTERNET CONTROL MESSAGE
PROTOCOL
James F. Kurose and Keith W. Ross,
"Computer Networks: A Top-Down Approach
Featuring the Internet 3/e“, 2002.
http://www.freesoft.org/
http://www.iana.org/
http://www.ipv6.org.tw/
http://www.google.com.tw/
ICMP應用-Ping
ping process
140.112.91.84
140.112.91.86
ICMP_ECHO
current time
Type:8
Code:0
ICMP應用-Ping
kernel
140.112.91.84
140.112.91.86
ICMP_ECHOREPLY
Type:0
Code:0
Smurf Attack
The kernel automatically send
ICMP_ECHOREPLY when receiving
ICMP_ECHO
Broadcast
Smurf Attack
Broadcast the subnet with ICMP_ECHO
BUT source IP = 140.112.91.84
MANY ICMP_ECHOREPLYs
140.112.91.84
Demo Smurf Attack
Broadcast the subnet “140.112.91.255” with ICMP_ECHO twice
source IP = 140.112.91.84
140.112.91.86
MANY ICMP_ECHOREPLYs
140.112.91.84
Smurf Attack
How to prevent ?
Turn off broadcast
ICMP_ECHOREREPLY
Filter the packet
Visual TraceRoute
A tool for web administration in the new
generation
TraceRoute –
Where Everything Starts from
Long long ago, there is a ping and a traceroute…
What Does TraceRoute Do?
Trace the paths ( i.e. , routes ) from local
host to a destination host or server.
Can be used to evaluate and debug web
routing algorithms.
To Invoke the Traditional ( Build-In )
TraceRoute Program
Under Windows:
tracert destination_address
Under Linux:
traceroute destination_address
Let’s run a sample quickly.
How TraceRoute Did This:
Get Our Hands Dirty
TraceRoute works through playing a
game throwing and receiving ICMP
packages in type 30.
Format of the ICMP Package Type 30
Bit 00 - 07
08 - 15
16 - 31
Type
Code
ICMP header checksum
Identifier
Unused
Outbound Hop Count
Return Hop Count
Output Link Speed
Output Link MTU
Type. 8 bits. Set to 30, specifying the type of ICMP
packages.
Code. 8 bits. Can only be 0 ( Outbound Packet
successfully forwarded. ) or 1 ( No route for Outbound
Packet. The packet was discarded. )
Format of the ICMP Package Type30 ( Cont.1 )
Bit 00 - 07
08 - 15
16 - 31
Type
Code
ICMP header checksum
Identifier
Unused
Outbound Hop Count
Return Hop Count
Output Link Speed
Output Link MTU
ICMP Header Checksum. 16 bits.
The 16 bit one's complement of sum of all 16 bit words in the
message. When the checksum is computed, the checksum
field should first be set to 0. When the data packet is
transmitted, the checksum is computed and inserted into this
field. When the data packet is received, the checksum is again
computed and verified against the checksum field. If the two
checksums do not match then an error has occurred.
Format of the ICMP Package Type30 ( Cont.2 )
Bit 00 - 07
08 - 15
16 - 31
Type
Code
ICMP header checksum
Identifier
Unused
Outbound Hop Count
Return Hop Count
Output Link Speed
Output Link MTU
Identifier. 16 bits.
The ID Number as copied from the ICMP Traceroute option
of the packet which caused this Traceroute message to be
sent. This is NOT related to the ID number in the IP header.
Outbound Hop Count. 16 bits.
The Outbound Hop Count as copied from the IP Traceroute
option of the packet which caused this Traceroute message
to be sent.
Format of the ICMP Package Type30 ( Cont.3 )
Bit 00 - 07
08 - 15
16 - 31
Type
Code
ICMP header checksum
Identifier
Unused
Outbound Hop Count
Return Hop Count
Output Link Speed
Output Link MTU
Return Hop Count. 16 bits.
The Return Hop Count as copied from the IP Traceroute
option of the packet which caused this Traceroute message
to be sent.
Format of the ICMP Package Type30 ( Cont.4 )
Bit 00 - 07
08 - 15
16 - 31
Type
Code
ICMP header checksum
Identifier
Unused
Outbound Hop Count
Return Hop Count
Output Link Speed
Output Link MTU
Output Link Speed. 32 bits.
The speed in bytes per second of the link over which the
Outbound/Return Packet will be sent. If this value cannot be determined,
the field should be set to zero.
Output Link MTU. 32 bits.
The MTU in bytes of the link over which the Outbound/Return Packet
will be sent. MTU refers to the data portion of the packet. If this value
cannot be determined, this field should be set to zero.
Our GUI Shell for TraceRoute
Base Framework: Java Swing.
A command line traceroute implementation
called trace under Linux.
Development Tool: Java Tiger, NetBeans.
Goal: Visualize the traceroute process and
make route monitoring easier.
Demo Time
Thank You!