Guide to TCP/IP, Third Edition : Guide to TCP/IP, Third Edition Chapter 4:
Internet Control Message Protocol
Objectives : Internet Control Message Protocol 2 Objectives Understand the Internet Control Message Protocol
Test and troubleshoot sequences for Internet Control Message Protocol
Work with Internet Control Message Protocol packet fields and functions
Understanding The Internet Control Message Protocol : Internet Control Message Protocol 3 Understanding The Internet Control Message Protocol ICMP
Provides information about network connectivity and routing behavior
Provides a way to return information to senders
Messages are nothing more than specially formatted IP datagrams
Overview of RFC 792 : Internet Control Message Protocol 4 Overview of RFC 792 RFC 792
Provides basic specification for all ICMP messages
According to RFC 792, ICMP
Provides mechanism for gateways (routers) or destination hosts to communicate with source hosts
Takes the form of specially formatted IP datagrams
Required in some implementations of TCP/IP
Reports errors about processing of non-ICMP IP datagrams
ICMP’s Vital Role on IP Networks : Internet Control Message Protocol 5 ICMP’s Vital Role on IP Networks ICMP’s job is to provide information about
IP routing behavior
Reachability
Routes between specific pairs of IP hosts
Delivery errors
Slide 6 : Internet Control Message Protocol 6
Slide 7 : Internet Control Message Protocol 7
Testing And Troubleshooting Sequences For ICMP: Connectivity Testing with Ping : Internet Control Message Protocol 8 Testing And Troubleshooting Sequences For ICMP: Connectivity Testing with Ping PING and TRACEROUTE
Rely on ICMP to perform connectivity tests and path discovery
PING
Actually a form of ICMP Echo communication
ICMP Echo Request
Connectionless process with no guarantee of delivery
Slide 9 : Internet Control Message Protocol 9
Connectivity Testing with PING (continued) : Internet Control Message Protocol 10 Connectivity Testing with PING (continued) Most PING utilities
Send series of several Echo Requests to the target in order to obtain average response time
PING utility
Sends series of four ICMP Echo Requests with a one-second ICMP Echo Reply Timeout value
Supports IP addresses and names
Uses traditional name resolution processes
Slide 11 : Internet Control Message Protocol 11
Connectivity Testing with PING (cont’d) : Internet Control Message Protocol 12 Connectivity Testing with PING (cont’d) Parameters available with the PING utility
-l size
-f
-i TTL
-v TOS,
-w timeout
Path Discovery with TRACEROUTE : Internet Control Message Protocol 13 Path Discovery with TRACEROUTE TRACEROUTE utility
Uses route tracing to identify a path from sender to target host
Available parameters
-d
-h
-w
Slide 14 : Internet Control Message Protocol 14
Path Discovery with PATHPING : Internet Control Message Protocol 15 Path Discovery with PATHPING PATHPING utility
Command-line utility
Uses ICMP Echo packets to test router and link latency, as well as packet loss
PMTU Discovery
Enables source to learn the currently supported MTU across an entire path
Path MTU Discovery with ICMP : Internet Control Message Protocol 16 Path MTU Discovery with ICMP PMTU process
Host A sends a 4,096-byte packet to Host B
Router 1 discards packet and sends Host A a “Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet
Host A re-sends packet using maximum MTU size of 1,500
Router 1 strips off token ring header and applies Ethernet header before forwarding packet
Slide 17 : Internet Control Message Protocol 17
Slide 18 : Internet Control Message Protocol 18
Routing Sequences for ICMP : Internet Control Message Protocol 19 Routing Sequences for ICMP ICMP
Can provide some routing information to hosts
Used by routers to provide a default gateway setting to a host
Routers
Can send ICMP messages
Router Discovery : Internet Control Message Protocol 20 Router Discovery IP hosts
Typically learn about routes through manual configuration of
Default gateway parameter and redirection messages
Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements
By default
ICMP Router Solicitation packet is sent to the all-routers IP multicast address 224.0.0.2
Slide 21 : Internet Control Message Protocol 21
Router Advertising : Internet Control Message Protocol 22 Router Advertising ICMP Router Advertisements
Allow hosts to passively learn about available routes
Default Lifetime value for route entries
30 minutes
Default advertising rate
Between seven and ten minutes
Slide 23 : Internet Control Message Protocol 23
Security Issues For ICMP : Internet Control Message Protocol 24 Security Issues For ICMP ICMP
Can be used as an information-gathering tool
IP address scanning process
One method of obtaining a list of the active hosts
IP host probe
Performed by sending a PING packet to each host within a range and noting the responses
ICMP Redirect Attack : Internet Control Message Protocol 25 ICMP Redirect Attack ICMP
Used to manipulate traffic flow between hosts
Attacker can
Redirect traffic to his machine and perform any number of man-in-the-middle style attacks
ICMP Router Discovery : Internet Control Message Protocol 26 ICMP Router Discovery Susceptible to attack on the local network segment
During discovery process
Router solicitation message finds its way to attacker’s machine
Timing is critical
Inverse Mapping : Internet Control Message Protocol 27 Inverse Mapping One method of determining live targets on a network
Firewalking
Describes the concept of walking a firewall ACL or ruleset to determine what it filters and how
A two-phase attack method
ICMP Packet Fields and Functions : Internet Control Message Protocol 28 ICMP Packet Fields and Functions Value 1 in IP header Protocol field
Denotes that an ICMP header follows the IP header
ICMP header portions
Constant portion
Variable portion
Slide 29 : Internet Control Message Protocol 29
Constant ICMP Fields : Internet Control Message Protocol 30 Constant ICMP Fields ICMP packets contain three required fields after the IP header
Type
Code
Checksum
The Variable ICMP Structures and Functions : Internet Control Message Protocol 31 The Variable ICMP Structures and Functions ICMP Type 0
Used for Echo Reply packets
ICMP Type 8
Used for Echo Request packets
RFC 792
Identifier and Sequence fields are used to aid in matching Echo messages with Echo Replies
Slide 32 : Internet Control Message Protocol 32
Slide 33 : Internet Control Message Protocol 33
Type 3: Destination Unreachable Packets : Internet Control Message Protocol 34 Type 3: Destination Unreachable Packets Network troubleshooters
Often closely track ICMP Destination Unreachable packets
Host that sends Destination Unreachable packet
Must return IP header and eight bytes of original datagram that triggered this response
Total of 16 (0 through 15) possible codes
Currently assigned to ICMP Destination Unreachable type number
Slide 35 : Internet Control Message Protocol 35
Slide 36 : Internet Control Message Protocol 36
Type 4: Source Quench : Internet Control Message Protocol 37 Type 4: Source Quench Router or host
May use Source Quench to indicate that it is becoming congested or overloaded
By default
Most current routers do not issue Source Quench messages
Slide 38 : Internet Control Message Protocol 38
Type 5: Redirect : Internet Control Message Protocol 39 Type 5: Redirect Routers
Send ICMP Redirect messages to hosts to indicate that a preferable route exists
ICMP Redirect packet
Four-byte field for the preferred gateway’s address
Ideally
Clients should update routing tables to indicate optimal path
Types 9 and 10: Router Advertisement and Router Solicitation : Internet Control Message Protocol 40 Types 9 and 10: Router Advertisement and Router Solicitation ICMP Router Advertisement packets include the following fields
# of Addresses
Address Size
Lifetime
Router Address 1
Precedence Level 1
Router Address 2 and Precedence Level 2
Type 11: Time Exceeded : Internet Control Message Protocol 41 Type 11: Time Exceeded Routers or hosts
Can send these ICMP packets
Codes that can be used
Code 0 and Code 1
Type 12: Parameter Problem : Internet Control Message Protocol 42 Type 12: Parameter Problem Errors indicate problems not covered by other ICMP error messages
Codes used in ICMP Parameter Problem messages
Code 0: Pointer Indicates the Error
Code 1: Missing a Required Option
Code 2: Bad Length
Types 13 and 14: Timestamp and Timestamp Reply : Internet Control Message Protocol 43 Types 13 and 14: Timestamp and Timestamp Reply Defined as a method for one IP host to obtain the current time
Value returned
The number in milliseconds since midnight, Universal Time (UT)
ICMP Timestamp and Timestamp Reply packets
Use the same structure
Types 15 and 16: Information Request and Information Reply : Internet Control Message Protocol 44 Types 15 and 16: Information Request and Information Reply Provides a way for a host to find out what network it is on
ICMP Information Request and Information Reply packets
Use the same structure
Types 17 and 18: Address Mask Request and Address Mask Reply : Internet Control Message Protocol 45 Types 17 and 18: Address Mask Request and Address Mask Reply Intended to provide diskless hosts with a method to determine their network mask information
ICMP Address Mask Request and Address Mask Reply packets
Use the same structure
Type 30: TRACEROUTE : Internet Control Message Protocol 46 Type 30: TRACEROUTE Documented in RFC 1393 but not currently in use
Requires some added functionality in the IP routers it traverses
Adding functionality to routers
Costly and requires numerous resources to build, implement, and test new code
Slide 47 : Internet Control Message Protocol 47
Summary : Internet Control Message Protocol 48 Summary ICMP
Provides vital feedback about IP routing and delivery problems
Really part of IP itself
Support is required in any standards-compliant IP implementation
Used by PING and TRACEROUTE to measure round-trip times
Supports PMTU Discovery between a sender and a receiver
Summary (continued) : Internet Control Message Protocol 49 Summary (continued) Route and routing error information from ICMP
Derives from numerous types of ICMP messages
ICMP
Supports route optimization through its ICMP Redirect message type
Security issues are important
Message structures and functions can vary