Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Guide to TCP/IP Fourth Edition

Chapter 5:Internet Control Message Protocol

2

Objectives

• Explain the basics of the Internet Control Message Protocol (ICMP) and the roles it plays on networks

• Describe the specifications listed in RFC 792, which define the original ICMPv4 protocol, including its header format and the different types and formats of ICMPv4 messages

• Provide a basic overview of the ICMPv6 protocol, covering its header format and the different types and formats of ICMPv6 messages, including how error messages and informational message types are organized

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

3

Objectives (cont’d.)

• List the details of the different ICMPv6 error messages, including those that existed in ICMPv4 and have been upgraded as well as message types that were newly created for ICMPv6

• Describe the intricacies of all the different ICMPv6 informational messages, including those that existed under ICMPv4 and have been upgraded and those that have been newly created for use in ICMPv6

• Understand the general differences between ICMPv4 and ICMPv6


4


• Explain how Path MTU Discovery operates between IPv4 nodes, including the involvement of default packet MTUs, packet fragmentation, and the effect of a packet being marked for no fragmentation relative to ICMPv4 messaging

• Describe how Path MTU Discovery has been changed for IPv6 and the associated changes to ICMPv6 messages for this technology


5


• Describe the various processes for testing and troubleshooting with ICMP, including the use of network utilities such as Ping, Traceroute, and Pathping as well as routing sequences and security issues

• Explain network protocol analyzer data and use the data to decode ICMPv4 and ICMPv6 packets in order to understand their versions, types, sequencing, and other information


6

ICMP Basics

• ICMP – Provides information about network connectivity and

routing behavior– Provides a way to return information to senders– Messages are nothing more than specially formatted

IP datagrams


7

Roles That ICMP Plays on IP Networks


8

ICMPv4

• Core protocol in the IP suite– Originally specified by RFC 777 (made obsolete by

RFC 792)

• ping command– Widely used to test the connection between

computers

• Supports a series of network testing and error messages– It carries no payload and is not used by computer

applications


9

Overview of RFC 792

• RFC 792 – Provides basic specification for all ICMP messages

• According to RFC 792, ICMP– Provides mechanism for gateways (routers) or

destination hosts to communicate with source hosts– Takes the form of specially formatted IP datagrams– Required in some implementations of TCP/IP– Reports errors about processing of non-ICMP IP

datagrams


10

ICMPv4 Header

• Value 1 in IP header Protocol field – Denotes that an ICMP header follows the IP header

• ICMP header portions– Constant portion– Variable portion


ICMPv4 Header (cont’d.)

11© 2013 Course Technology/Cengage Learning. All Rights Reserved.

12

Constant ICMP Fields

• ICMP packets contain three required fields after the IP header– Type– Code– Checksum

• Type Field– Identifies types of ICMP messages that can be sent

on the network– List is based on IANA documentation


13

Constant ICMP Fields (cont’d.)

• Code Field– Many ICMP packet types have a Code field

• Checksum Field– Provides error detection for the ICMP header only


14

Types of ICMPv4 Messages

• Fall into two general categories: – Error messages– Informational messages


15

Destination Unreachable Packets

• Returned to the source node– When a packet that was sent could not be delivered

to the destination address

• Sender can then use this information to decide how to correct the problem


16

Source Quench

• Used to tell the source node to reduce the rate of speed at which it sends packets to the destination node

• Source node responds by slowing down the transmission rate until it stops receiving Source Quench messages


17

Time Exceeded

• Sent in two circumstances– When a packet’s Time to Live (TTL) field is

decremented to zero– When some of the fragments of a message do not

reach the destination node


18

Redirect

• Routers – Send ICMP Redirect messages to hosts to indicate

that a preferable route exists

• Technically, this is not an error message– But for ICMPv4, it is classified as such


19

Parameter Problem

• “Generic” error message

• Can be sent back to the source node by any device on the network– When device detects an error in any header field in

an IP packet


20

Echo Request and Echo Reply

• Used for connectivity testing between network nodes

• Ping utility– Most common implementation of these messages


21

Timestamp and Timestamp Reply

• Routers use this pair of messages on a network to synchronize their system clocks for date and time

• Time synchronization method does not work very well on large networks


22

Router Advertisement and Router Solicitation

• Allow a network node not manually configured with the address of a first-hop router– To ask for and receive information about routers on

the local network


23

Address Mask Request and Address Mask Reply

• Intended to provide hosts with a method to determine their network mask information

• Most computers acquire information about what subnet mask they’re supposed to use via DHCP


24

Traceroute

• Similar to Echo Request and Echo Reply messages

• Traces the exact sequence of routers from source to destination – On a hop-by-hop basis


25

The Variable ICMP Structures and Functions

• ICMP Type 0 – Used for Echo Reply packets

• ICMP Type 8– Used for Echo Request packets

• RFC 792– Identifier and Sequence fields are used to aid in

matching Echo messages with Echo Replies


26

The Variable ICMP Structures and Functions (cont’d.)


The Variable ICMP Structures and Functions (cont’d.)


28

Type 3: Destination Unreachable Packets

• Network troubleshooters – Often closely track ICMP Destination Unreachable

packets

• Host that sends Destination Unreachable packet – Must return IP header and eight bytes of original

datagram that triggered this response

• Total of 16 (0 through 15) possible codes– Currently assigned to ICMP Destination Unreachable

type number


29

Type 3: Destination Unreachable Packets (cont’d.)


30

Type 3: Destination Unreachable Packets (cont’d.)


31

Type 4: Source Quench

• Router or host – May use Source Quench to indicate that it is

becoming congested or overloaded

• By default– Most current routers do not issue Source Quench

messages


Type 4: Source Quench (cont’d.)


33

Type 5: Redirect

• Routers – Send ICMP Redirect messages to hosts to indicate

that a preferable route exists

• ICMP Redirect packet– Four-byte field for the preferred gateway’s address

• Ideally– Clients should update routing tables to indicate

optimal path


34

Types 9 and 10: Router Advertisement and Router Solicitation

• ICMP Router Advertisement packets include the following fields – # of Addresses– Address Size– Lifetime– Router Address 1– Precedence Level 1– Router Address 2 and Precedence Level 2


35

Type 11: Time Exceeded

• Routers or hosts– Can send these ICMP packets

• Codes that can be used – Code 0 and Code 1


36

Type 12: Parameter Problem

• Errors indicate problems not covered by other ICMP error messages

• Codes used in ICMP Parameter Problem messages– Code 0: Pointer Indicates the Error– Code 1: Missing a Required Option– Code 2: Bad Length


37

Types 13 and 14: Timestamp and Timestamp Reply

• Defined as a method for one IP host to obtain the current time

• Value returned – The number in milliseconds since midnight,

Universal Time (UT)

• ICMP Timestamp and Timestamp Reply packets – Use the same structure


38

Types 15 and 16: Information Request and Information Reply

• Provides a way for a host to find out what network it is on

• ICMP Information Request and Information Reply packets – Use the same structure


39

Types 17 and 18: Address Mask Request and Address Mask Reply

• Intended to provide diskless hosts with a method to determine their network mask information

• ICMP Address Mask Request and Address Mask Reply packets – Use the same structure


40

Type 30: Traceroute

• Documented in RFC 1393 but not currently in use

• Requires some added functionality in the IP routers it traverses

• Adding functionality to routers– Costly and requires numerous resources to build,

implement, and test new code


Type 30: Traceroute (cont’d.)


ICMPv6

• ICMPv6 provides the same basic mechanism for error reporting and information exchange between networked devices as ICMPv4


Overview of ICMPv6

• Originally specified by RFC 1885 (made obsolete by RFC 2463)

• Current specification is RFC 4443– Message types that previously used other protocols

now use ICMPv6– New message types have been created that did not

exist in ICMPv4


Types of ICMPv6 Messages

• Type numbers 0–127 cover error messages

• Type numbers 128–255 cover informational messages

• Some message names are the same as their ICMPv4 counterparts– But many of them are completely new


ICMPv6 Header

• RFC 4443 describes the general format of ICMPv6 messages


ICMPv6 Error Messages

• ICMPv6 error messages from Type values 0 to 127

• Type values are all defined in RFC 4443


Destination Unreachable Messages

• Router encountering this packet will send a Destination Unreachable message back to the source node


Packet Too Big Messages

• New ICMPv6 error message type– Required because of how IPv6 manages data

fragmentation and reassembly


Time Exceeded Messages

• Substantially similar to its ICMPv4 counterpart

• Message format is identical to the Destination Unreachable message

• Values for the Code field:– 0—Hop limit exceeded in transit– 1—Fragment reassembly time exceeded


Parameter Problem Messages

• ICMPv6 Parameter Problem messages are considered “generic” messages

• Table 5-12: Parameter Problem message format fields


ICMPv6 Informational Messages

• Type codes for informational messages– Exist in the 128–255 range

• ICMPv6 messages are not used to report errors– But to provide information to the source node


Echo Request and Echo Reply Messages

• Specified in RFC 4443

• Perform basic connectivity test


Router Advertisement and Router Solicitation Messages


• Router discovery function has been integrated into the Neighbor Discovery (ND) protocol


Neighbor Solicitation and Neighbor Advertisement Messages


• Part of the IPv6 Neighbor Discovery protocol


Redirect Messages

• Specified by RFC 4861 for ICMPv6

• Provide information to a node to change which router it is using

• Figure 5-26: ICMPv6 Redirect message format


Router Renumbering Messages


• Allows address prefixes on routers to be configured and reconfigured

• Three types of Router Renumbering messages:– Commands– Results– Sequence Number Reset


A Short Comparison of ICMPv4 and ICMPv6 Messages

• Common general message types:– Connectivity-checking messages– Error-checking messages– Informational messages– Fragmentation required messages

• ICMPv6 only general message types:– Address Assignment messages– Address Resolution messages– Multicast Group Management messages– Mobile IPv6 Support messages


Path MTU Discovery

• Path MTU (PMTU) Discovery in IPv4 networks – Allows routers to notify nodes via ICMPv4 messages

if they need to change the MTU size of the packets they are sending

• Common practice for IPv4 routers to fragment packets

• If the packet MTU is too large– Node will receive the ICMPv4 message Destination

Unreachable


Changes to PMTU

• IPv6 MTU sizing and fragmentation have been updated– Improve the efficiency and quality of sending and

receiving network traffic

• Used on IPv4 networks, it has been vastly improved for IPv6


60

Testing And Troubleshooting Sequences For ICMP

• ICMP’s most common uses are for testing and troubleshooting

• Two well-known IP utilities– Ping and Traceroute– Rely on ICMP to perform connectivity tests and path

discovery


Connectivity Testing with Ping

• Ping– Actually a form of ICMP Echo communication

• ICMP Echo Request– Connectionless process with no guarantee of

delivery


Connectivity Testing with Ping (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved. 62

63


• Most Ping utilities – Send series of several Echo Requests to the target

in order to obtain average response time

• Ping utility– Sends series of four ICMP Echo Requests with a

one-second ICMP Echo Reply Timeout value– Supports IP addresses and names– Uses traditional name resolution processes



© 2013 Course Technology/Cengage Learning. All Rights Reserved. 64

65


• Parameters available with the Ping utility– -l size– -f– -i TTL– -v TOS – -w timeout


Path Discovery with Traceroute

• Traceroute utility– Uses route tracing to identify a path from sender to

target host– Available parameters

• -d

• -h

• -w

© 2013 Course Technology/Cengage Learning. All Rights Reserved. 66© 2013 Course Technology/Cengage Learning. All Rights Reserved.


68

Path Discovery with Pathping

• Pathping utility – Command-line utility– Uses ICMP Echo packets to test router and link

latency, as well as packet loss

• PMTU Discovery – Enables source to learn the currently supported MTU

across an entire path


69

Path MTU Discovery with ICMP

• Defined in RFC 1191

• PMTU Discovery – Enables source to learn the currently supported MTU

across an entire path



71

Path MTU Discovery with ICMP (cont’d.)

• PMTU process– Host A sends a 4,096-byte packet to Host B– Router 1 discards packet and sends Host A a

“Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet

– Host A re-sends packet using maximum MTU size of 1,500

– Router 1 forwards packet across Network 2 to Router 2

– Router 2 receives packet and forwards it to Network 3, where it arrives at Host B


72

Routing Sequences for ICMP

• ICMP – Can provide some routing information to hosts– Used by routers to provide a default gateway setting

to a host• Routers

– Can send ICMP messages


73

Router Discovery

• IP hosts – Typically learn about routes through manual

configuration of • Default gateway parameter and redirection messages

– Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements

• By default– ICMP Router Solicitation packet is sent to the all-

routers IP multicast address 224.0.0.2



75

Router Advertising

• ICMP router advertisements – Allow hosts to passively learn about available routes

• Default Lifetime value for route entries– 30 minutes

• Default advertising rate – Between seven and ten minutes


Redirection to a Better Router


77

Security Issues For ICMPv4

• ICMP – Can be used as an information-gathering tool

• IP address scanning process– One method of obtaining a list of the active hosts

• IP host probe – Performed by sending a ping packet to each host

within a range and noting the responses


78

ICMP Redirect Attack

• ICMP– Used to manipulate traffic flow between hosts

• Attacker can – Redirect traffic to his machine and perform any

number of man-in-the-middle style attacks


79

ICMP Router Discovery

• Susceptible to attack on the local network segment

• During discovery process– Router Solicitation message finds its way to

attacker’s machine

• Timing is critical


80

Inverse Mapping

• One method of determining live targets on a network

• Firewalking– Describes the concept of walking a firewall ACL or

ruleset to determine what it filters and how– A two-phase attack method


Security Issues for ICMPv6

• ICMPv6 built-in security features– Designed to prevent attacks sent from another

network segment

• Features include:– Value in Hop Limit field being set at 255– Source address of ICMPv6 packets must be either

link-local or unspecified– Authentication for ICMPv6 packet exchanges is

managed using IPv6-AUTH or IPv6-ESP– ICMPv6 is protected by IPsec


Decoding ICMP Packets

• Tools such as Wireshark can capture and decode ICMP packets for examination


ICMPv4

• Table 5-21: ICMPv4 Echo Request and Echo Reply Message format fields


ICMPv6


85

Summary

• ICMP – Provides vital feedback about IP routing and delivery

problems– Really part of IP itself– Support is required in any standards-compliant IP

implementation– Used by Ping and Traceroute to measure round-trip

times– Supports PMTU Discovery between a sender and a

receiver


86

Summary (cont’d.)

• Route and routing error information from ICMP – Derives from numerous types of ICMP messages

• ICMP– Supports route optimization through its ICMP

Redirect message type– Security issues are important– Message structures and functions can vary

• ICMPv4 and ICMPv6 Echo messages have a very similar format


Documents

Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol