Computer Networking Experiment ICMP??????

1
Computer Networking ExperimentICMP??????

• ?11?
• ??? ??? b91902011
• ??? ??? b91902029??? ??? b91902048??? ???
  b91902056

2
ICMPInternet Control Message Protocol

• Gateway Network connecting devices
• Gateway or destination host will communicate with
  a source host.
• ICMP, uses the basic support of IP as if it were
  a higher level protocol.

3
ICMPSituations to send ICMP message

• Datagram cannot reach its destination
• Gateway does not have the buffering capacity to
  forward a datagram
• Gateway can direct the host to send traffic on a
  shorter route.

4
ICMPPurpose

• IP is not reliable.
• Provide feedback about problems in the
  communication environment, not to make IP
  reliable.

5
ICMPCharacteristic

• Report errors in the processing of datagrams.
• No ICMP messages are sent about ICMP messages.
• Only sent about errors in handling fragment zero
  of fragemented datagrams. (Fragment zero has the
  fragment offeset equal zero).

6
ICMPFormat

• Using basic IP header.
• Version 4
• IHL internet header length in 32-bit words.
• Type of Service 0 (Routine, Delay, Throughput,
  Reliability)
• Total Length in bytes.
• Identification, Flags, Fragment Offset
• Time to Live in second (at least as great as
  number of gateway)
• Protocol ICMP 1
• Header Checksum 16-bit ones complement
• Source Address host that composes the ICMP
• Destination where ICMP should be sent
• Option

7
ICMPDestination Unreachable Message
8
ICMP Destination Unreachable MessageFormat

• Type 3
• Code
• 0 net unreachable
• 1 host unreachable
• 2 protocol unreachable
• 3 port unreachable
• 4 fragmentation needed and DF set
• 5 source route failed.

9
ICMP Destination Unreachable MessageFormat

• Checksum
• Internet Header(24 bytes) 64 bits (8 bytes )of
  Data Datagram
• match the message to the appropriate process.
• Source Port may be (assume to be) included. (for
  TCP Source port, Dest. port, sequence number,
  acknowledgement, for UDP Source port, Dest.
  Port, length, Checksum)

10
ICMP Destination Unreachable MessageWhen to
send?

• 0 Network Unreachable
• forwarding path (route) to the destination
  network is not available.
• 1 Host Unreachable
• forwarding path (route) to the destination host
  on a directly connected network is not available
  .
• 2 Protocol Unreachable
• transport protocol is not supported in the
  transport layer of the final destination

11
ICMP Destination Unreachable MessageWhen to
send?

• 3 Port Unreachable
• unable to demultiplex the datagram in the
  transport layer of the final destination but has
  no protocol mechanism to inform the sender
• 4 Fragmentation Needed and DF Set generate
• router needs to fragment a datagram but cannot
  since the DF flag is set
• 5 Source Route Failed
• router cannot forward a packet to the next
  hop(??????????? ) in a source route option

12
ICMP Destination Unreachable MessageWhen to
send?

• 6 Destination Network Unknown
• (net unreachable code 0 SHOULD be used in place
  of code 6)
• 7 Destination Host Unknown
• router can determine (from link layer advice)
  that the destination host does not exist
• 11 Network Unreachable For Type Of Service
• forwarding path (route) to the destination
  network with the requested or default TOS is not
  available

13
ICMP Destination Unreachable MessageWhen to
send?

• 12 Host Unreachable For Type Of Service
• the destination do not match either the TOS
  requested in the datagram or the default TOS (0).
  
• 13 Communication Administratively Prohibited
• router cannot forward a packet due to
  administrative filtering

14
ICMPTime Exceeded Message
15
ICMP Time Exceeded MessageFormat

• Type 11
• Code
• 0 time to live exceeded in transit
• 1 fragment reassembly time exceeded.
• Checksum
• Internet Header 64 bits of Data Datagram

16
ICMP Time Exceeded MessageWhen to send?

• 0 time to live exceeded in transit
• Time to live field is zero, discard the datagram
  ( by gateway).
• 1 fragment reassembly time exceeded
• host cannot complete the reassembly due to
  missing fragments within its time limit it
  discards the datagram.
• If fragment zero is not available then no time
  exceeded need be sent at all.

17
ICMPParameter Problem Message
18
ICMP Parameter Problem Message Format

• Type 12
• Code
• 0 pointer indicates the error.
• Checksum
• Pointer
• If code 0, identifies the octet where an error
  was detected.
• Internet Header 64 bits of Data Datagram

19
ICMP Parameter Problem Message When to send?

• Cannot complete processing the datagram due to
  problem with the header parameters, it must
  discard the datagram.
• Only sent if the error caused the datagram to be
  discarded.
• Pointer
• Identifies the octet of the original datagrams
  header where the error was detected
• For example, 1 indicates something is wrong with
  the Type of Service( the second byte in IP
  header).

20
ICMPSource Quench Message (Quench??)
21
ICMP Source Quench Message Format

• Type 4
• Code
• 0
• Checksum
• Internet Header 64 bits of Data Datagram

22
ICMP Source Quench Message When to send?

• Gateway
• Discard internet datagrams if it does not have
  the buffer space needed to queue the datagrams
  for output to the next network on the route.
• Destination host
• Datagrams arrive too fast to be processed.
• Gateway and Destination Host
• When it approaches its capacity limit rather than
  waiting until the capacity is exceeded. This
  means that the data datagram which triggered the
  source quench message may be delivered.

23
ICMP Source Quench Message Source Host
Response?

• Cut back the rate until it no longer receives
  source quench messages .
• The source host can then gradually increase the
  rate until it again receives source quench
  messages.
• Like flow-control and congestion-control in TCP,
  except that the message can also be sent by
  gateway.

24
ICMPRedirect Message
25
ICMP Redirect Message Format

• Type 5
• Code
• 0 Redirect for the Network.
• 1 Redirect for the Host.
• 2 Redirect for the Type of Service and Network.
• 3 Redirect for the Type of Service and Host.
• Checksum
• Gateway Internet Address
• Address of the gateway to which traffic for the
  network specified in the internet destination
  network field of the original datagrams data
  should be sent.
• Internet Header 64 bits of Data Datagram

26
ICMP Redirect Message When to send?

• A gateway, G1 checks its routing table and
  obtains the address of the next gateway, G2 such
  that G2 and the host identified by the internet
  source address of the datagram are on the same
  network.
• The redirect message advises the host to send its
  traffic directly to gateway G2 as this is a
  shorter path to the destination.
• The gateway forwards the original datagrams data
  to its internet destination.

27
ICMP Redirect Message When to send?

• For datagrams with the IP source route options
  and the gateway address in the destination
  address field, a redirect message is not sent
  even if there is a better route.

28
ICMPEcho or Echo Reply Message
29
ICMP Echo or Echo Reply Message Format

• IP Fields switch source and destination address
• ICMP Fields
• Type
• 8 for echo message
• 0 for echo reply message
• Code
• 0
• Checksum
• Identifier
• Aid in matching echos and replies, may be zero.
• Sequence Number
• Aid in matching echos and replies, may be zero.

30
ICMP Echo or Echo Reply Message Something need
to know?

• The data received in the echo message must be
  returned in the echo reply message.
• Identifier might be used like a port in TCP or
  UDP to identify a session.
• Sequence number might be incremented on each echo
  request sent. The echoer returns these same
  values in the echo reply.

31
ICMPTimestamp or Timestamp Reply Message
32
ICMP Timestamp or Timestamp Reply MessageFormat

• IP Fields switch source and destination address
• ICMP Fields
• Type
• 13 for timestamp message
• 14 for timestamp reply message
• Code
• 0
• Checksum
• Identifier
• Sequence Number

33
ICMP Timestamp or Timestamp Reply
MessageSomething need to know?

• Originate Timestamp
• sender last touched the message before sending
  it.
• Receive Timestamp
• echoer first touched it on receipt.
• Transmit Timestamp
• echoer last touched the message on sending it.

34
ICMP Timestamp or Timestamp Reply
MessageSomething need to know?

• The timestamp is 32 bits of milliseconds since
  midnight UT ( UT(0)GMT,UT(1),UT(2)) .
• If the time is not available in miliseconds or
  cannot be provided with respect to midnight UT
  then any time can be inserted in a timestamp
  provided the high order bit of the timestamp is
  also set to indicate this non-standard value.

35
ICMPInformation Request or Information Reply
Message
36
ICMP Information Request or Information Reply
Message Format

• IP Fields switch source and destination address
• ICMP Fields
• Type
• 15 for information request message
• 16 for information reply message
• Code
• 0
• Checksum
• Identifier
• Sequence Number

37
ICMP Information Request or Information Reply
Message When to send?

• This message may be sent with the source network
  in the IP header source and destination address
  fields zero (which means "this network).
• The replying IP module should send the reply with
  the addresses fully specified. This message is a
  way for a host to find out the number of the
  network it is on.
• (Before RARP, the message is used to get network
  information when boot)

38
ICMPSummary of Mentioned Message Types

• 0 Echo Reply
• 3 Destination Unreachable
• 4 Source Quench
• 5 Redirect
• 8 Echo
• 11 Time Exceeded
• 12 Parameter Problem
• 13 Timestamp
• 14 Timestamp Reply
• 15 Information Request
• 16 Information Reply

39
ICMPSummary of Message Types

• 0 Echo Reply RFC792
• 1 Unassigned JBP
• 2 Unassigned JBP
• 3 Destination Unreachable RFC792
• 4 Source Quench RFC792
• 5 Redirect RFC792
• 6 Alternate Host Address JBP
• 7 Unassigned JBP
• 8 Echo RFC792
• 9 Router Advertisement RFC1256
• 10 Router Solicitation RFC1256
• 11 Time Exceeded RFC792
• 12 Parameter Problem RFC792
• 13 Timestamp RFC792
• 14 Timestamp Reply RFC792
• 15 Information Request RFC792
• 16 Information Reply RFC792

40
ICMPSummary of Message Types

• 17 Address Mask Request RFC950
• 18 Address Mask Reply RFC950
• 19 Reserved (for Security) Solo
• 20-29 Reserved (for Robustness Experiment) ZSu
• 30 Traceroute RFC1393
• 31 Datagram Conversion Error RFC1475
• 32 Mobile Host Redirect David Johnson
• 33 IPv6 Where-Are-You Bill Simpson
• 34 IPv6 I-Am-Here Bill Simpson
• 35 Mobile Registration Request Bill Simpson
• 36 Mobile Registration Reply Bill Simpson
• 37 Domain Name Request RFC1788
• 38 Domain Name Reply RFC1788
• 39 SKIP Markson
• 40 Photuris RFC2521
• 41 ICMP messages utilized by experimental
  RFC-ietf-seamoby-iana-02.txt mobility protocols
  such as Seamoby
• 42-255 Reserved JBP

41
ICMPReference

• RFC 792 INTERNET CONTROL MESSAGE PROTOCOL
• James F. Kurose and Keith W. Ross, "Computer
  Networks A Top-Down Approach Featuring the
  Internet 3/e, 2002.
• http//www.freesoft.org/
• http//www.iana.org/
• http//www.ipv6.org.tw/
• http//www.google.com.tw/

42
ICMP??-Ping
ping process
140.112.91.84
140.112.91.86
ICMP_ECHO
current time
Type8
Code0
43
ICMP??-Ping
kernel
140.112.91.84
140.112.91.86
ICMP_ECHOREPLY
Type0
Code0
44
Smurf Attack

• The kernel automatically send ICMP_ECHOREPLY when
  receiving ICMP_ECHO
• Broadcast

45
Smurf Attack
Broadcast the subnet with ICMP_ECHO
BUT source IP 140.112.91.84
MANY ICMP_ECHOREPLYs
140.112.91.84
46
Demo Smurf Attack
Broadcast the subnet 140.112.91.255 with
ICMP_ECHO twice
source IP 140.112.91.84
140.112.91.86
MANY ICMP_ECHOREPLYs
140.112.91.84
47
Smurf Attack

• How to prevent ?
• Turn off broadcast
• ICMP_ECHOREREPLY
• Filter the packet

48
Visual TraceRoute

• A tool for web administration in the new
  generation

49
TraceRoute Where Everything Starts from
Long long ago, there is a ping and a traceroute
50
What Does TraceRoute Do?

• Trace the paths ( i.e. , routes ) from local host
  to a destination host or server.
• Can be used to evaluate and debug web routing
  algorithms.

51
To Invoke the Traditional ( Build-In ) TraceRoute
Program

• Under Windows
• tracert destination_address
• Under Linux
• traceroute destination_address
• Lets run a sample quickly.

52
How TraceRoute Did This Get Our Hands Dirty

• TraceRoute works through playing a game throwing
  and receiving ICMP packages in type 30.

53
Format of the ICMP Package Type 30
Bit 00 - 07 08 - 15 16 - 31
Type Code ICMP header checksum
Identifier Identifier Unused
Outbound Hop Count Outbound Hop Count Return Hop Count
Output Link Speed Output Link Speed Output Link Speed
Output Link MTU Output Link MTU Output Link MTU
Type. 8 bits. Set to 30, specifying the type of
ICMP packages. Code. 8 bits. Can only be 0 (
Outbound Packet successfully forwarded. ) or 1 (
No route for Outbound Packet. The packet was
discarded. )
54
Format of the ICMP Package Type30 ( Cont.1 )
Bit 00 - 07 08 - 15 16 - 31
Type Code ICMP header checksum
Identifier Identifier Unused
Outbound Hop Count Outbound Hop Count Return Hop Count
Output Link Speed Output Link Speed Output Link Speed
Output Link MTU Output Link MTU Output Link MTU
ICMP Header Checksum. 16 bits.The 16 bit one's
complement of sum of all 16 bit words in the
message. When the checksum is computed, the
checksum field should first be set to 0. When the
data packet is transmitted, the checksum is
computed and inserted into this field. When the
data packet is received, the checksum is again
computed and verified against the checksum field.
If the two checksums do not match then an error
has occurred.
55
Format of the ICMP Package Type30 ( Cont.2 )
Bit 00 - 07 08 - 15 16 - 31
Type Code ICMP header checksum
Identifier Identifier Unused
Outbound Hop Count Outbound Hop Count Return Hop Count
Output Link Speed Output Link Speed Output Link Speed
Output Link MTU Output Link MTU Output Link MTU
Identifier. 16 bits.The ID Number as copied from
the ICMP Traceroute option of the packet which
caused this Traceroute message to be sent. This
is NOT related to the ID number in the IP
header. Outbound Hop Count. 16 bits.The Outbound
Hop Count as copied from the IP Traceroute option
of the packet which caused this Traceroute
message to be sent.
56
Format of the ICMP Package Type30 ( Cont.3 )
Bit 00 - 07 08 - 15 16 - 31
Type Code ICMP header checksum
Identifier Identifier Unused
Outbound Hop Count Outbound Hop Count Return Hop Count
Output Link Speed Output Link Speed Output Link Speed
Output Link MTU Output Link MTU Output Link MTU
Return Hop Count. 16 bits.The Return Hop Count
as copied from the IP Traceroute option of the
packet which caused this Traceroute message to be
sent.
57
Format of the ICMP Package Type30 ( Cont.4 )
Bit 00 - 07 08 - 15 16 - 31
Type Code ICMP header checksum
Identifier Identifier Unused
Outbound Hop Count Outbound Hop Count Return Hop Count
Output Link Speed Output Link Speed Output Link Speed
Output Link MTU Output Link MTU Output Link MTU
Output Link Speed. 32 bits.The speed in bytes
per second of the link over which the
Outbound/Return Packet will be sent. If this
value cannot be determined, the field should be
set to zero. Output Link MTU. 32 bits.The MTU in
bytes of the link over which the Outbound/Return
Packet will be sent. MTU refers to the data
portion of the packet. If this value cannot be
determined, this field should be set to zero.
58
Our GUI Shell for TraceRoute

• Base Framework Java Swing.
• A command line traceroute implementation called
  trace under Linux.
• Development Tool Java Tiger, NetBeans.
• Goal Visualize the traceroute process and make
  route monitoring easier.

59
Demo Time
60
Thank You!