Guide to TCP/IP, Third Edition Chapter 4: Internet Control Message Protocol.

Guide to TCP/IP, Third Edition

Chapter 4: Internet Control Message Protocol

Internet Control Message Protocol 2

Objectives

• Understand the Internet Control Message Protocol

• Test and troubleshoot sequences for Internet Control Message Protocol

• Work with Internet Control Message Protocol packet fields and functions


Understanding The Internet Control Message Protocol

• ICMP – Provides information about network connectivity and

routing behavior– Provides a way to return information to senders– Messages are nothing more than specially formatted

IP datagrams


Overview of RFC 792

• RFC 792 – Provides basic specification for all ICMP messages

• According to RFC 792, ICMP– Provides mechanism for gateways (routers) or

destination hosts to communicate with source hosts– Takes the form of specially formatted IP datagrams– Required in some implementations of TCP/IP– Reports errors about processing of non-ICMP IP

datagrams


ICMP’s Vital Role on IP Networks

• ICMP’s job is to provide information about– IP routing behavior– Reachability– Routes between specific pairs of IP hosts– Delivery errors




Testing And Troubleshooting Sequences For ICMP: Connectivity

Testing with Ping

• PING and TRACEROUTE– Rely on ICMP to perform connectivity tests and path

discovery

• PING– Actually a form of ICMP Echo communication

• ICMP Echo Request– Connectionless process with no guarantee of

delivery



Connectivity Testing with PING (continued)

• Most PING utilities – Send series of several Echo Requests to the target

in order to obtain average response time

• PING utility– Sends series of four ICMP Echo Requests with a

one-second ICMP Echo Reply Timeout value– Supports IP addresses and names– Uses traditional name resolution processes



Connectivity Testing with PING (cont’d)

• Parameters available with the PING utility– -l size– -f– -i TTL– -v TOS, – -w timeout


Path Discovery with TRACEROUTE

• TRACEROUTE utility– Uses route tracing to identify a path from sender to

target host– Available parameters

• -d• -h• -w



Path Discovery with PATHPING

• PATHPING utility – Command-line utility– Uses ICMP Echo packets to test router and link

latency, as well as packet loss

• PMTU Discovery – Enables source to learn the currently supported MTU

across an entire path


Path MTU Discovery with ICMP

• PMTU process– Host A sends a 4,096-byte packet to Host B– Router 1 discards packet and sends Host A a

“Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet

– Host A re-sends packet using maximum MTU size of 1,500

– Router 1 strips off token ring header and applies Ethernet header before forwarding packet




Routing Sequences for ICMP

• ICMP – Can provide some routing information to hosts– Used by routers to provide a default gateway setting

to a host• Routers

– Can send ICMP messages


Router Discovery

• IP hosts – Typically learn about routes through manual

configuration of • Default gateway parameter and redirection messages

– Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements

• By default– ICMP Router Solicitation packet is sent to the all-

routers IP multicast address 224.0.0.2



Router Advertising

• ICMP Router Advertisements – Allow hosts to passively learn about available routes

• Default Lifetime value for route entries– 30 minutes

• Default advertising rate – Between seven and ten minutes



Security Issues For ICMP

• ICMP – Can be used as an information-gathering tool

• IP address scanning process– One method of obtaining a list of the active hosts

• IP host probe – Performed by sending a PING packet to each host

within a range and noting the responses


ICMP Redirect Attack

• ICMP– Used to manipulate traffic flow between hosts

• Attacker can – Redirect traffic to his machine and perform any

number of man-in-the-middle style attacks


ICMP Router Discovery

• Susceptible to attack on the local network segment

• During discovery process– Router solicitation message finds its way to

attacker’s machine

• Timing is critical


Inverse Mapping

• One method of determining live targets on a network

• Firewalking– Describes the concept of walking a firewall ACL or

ruleset to determine what it filters and how– A two-phase attack method


ICMP Packet Fields and Functions

• Value 1 in IP header Protocol field – Denotes that an ICMP header follows the IP header

• ICMP header portions– Constant portion– Variable portion



Constant ICMP Fields

• ICMP packets contain three required fields after the IP header– Type– Code– Checksum


The Variable ICMP Structures and Functions

• ICMP Type 0 – Used for Echo Reply packets

• ICMP Type 8– Used for Echo Request packets

• RFC 792– Identifier and Sequence fields are used to aid in

matching Echo messages with Echo Replies




Type 3: Destination Unreachable Packets

• Network troubleshooters – Often closely track ICMP Destination Unreachable

packets

• Host that sends Destination Unreachable packet – Must return IP header and eight bytes of original

datagram that triggered this response

• Total of 16 (0 through 15) possible codes– Currently assigned to ICMP Destination Unreachable

type number




Type 4: Source Quench

• Router or host – May use Source Quench to indicate that it is

becoming congested or overloaded

• By default– Most current routers do not issue Source Quench

messages



Type 5: Redirect

• Routers – Send ICMP Redirect messages to hosts to indicate

that a preferable route exists

• ICMP Redirect packet– Four-byte field for the preferred gateway’s address

• Ideally– Clients should update routing tables to indicate

optimal path


Types 9 and 10: Router Advertisement and Router Solicitation

• ICMP Router Advertisement packets include the following fields – # of Addresses– Address Size– Lifetime– Router Address 1– Precedence Level 1– Router Address 2 and Precedence Level 2


Type 11: Time Exceeded

• Routers or hosts– Can send these ICMP packets

• Codes that can be used – Code 0 and Code 1


Type 12: Parameter Problem

• Errors indicate problems not covered by other ICMP error messages

• Codes used in ICMP Parameter Problem messages– Code 0: Pointer Indicates the Error– Code 1: Missing a Required Option– Code 2: Bad Length


Types 13 and 14: Timestamp and Timestamp Reply

• Defined as a method for one IP host to obtain the current time

• Value returned – The number in milliseconds since midnight,

Universal Time (UT)

• ICMP Timestamp and Timestamp Reply packets – Use the same structure


Types 15 and 16: Information Request and Information Reply

• Provides a way for a host to find out what network it is on

• ICMP Information Request and Information Reply packets – Use the same structure


Types 17 and 18: Address Mask Request and Address Mask Reply

• Intended to provide diskless hosts with a method to determine their network mask information

• ICMP Address Mask Request and Address Mask Reply packets – Use the same structure


Type 30: TRACEROUTE

• Documented in RFC 1393 but not currently in use

• Requires some added functionality in the IP routers it traverses

• Adding functionality to routers– Costly and requires numerous resources to build,

implement, and test new code



Summary

• ICMP – Provides vital feedback about IP routing and delivery

problems– Really part of IP itself– Support is required in any standards-compliant IP

implementation– Used by PING and TRACEROUTE to measure

round-trip times– Supports PMTU Discovery between a sender and a

receiver


Summary (continued)

• Route and routing error information from ICMP – Derives from numerous types of ICMP messages

• ICMP– Supports route optimization through its ICMP

Redirect message type– Security issues are important– Message structures and functions can vary

Guide to TCP/IP, Third Edition Chapter 4: Internet Control Message Protocol.

Documents

icmp icmp

packet slide

icmp packet

entire path slide

icmp messages

ping ping

icmp echo requests

w timeout slide