86
Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Embed Size (px)

Citation preview

Page 1: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Guide to TCP/IP Fourth Edition

Chapter 5:Internet Control Message Protocol

Page 2: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

2

Objectives

• Explain the basics of the Internet Control Message Protocol (ICMP) and the roles it plays on networks

• Describe the specifications listed in RFC 792, which define the original ICMPv4 protocol, including its header format and the different types and formats of ICMPv4 messages

• Provide a basic overview of the ICMPv6 protocol, covering its header format and the different types and formats of ICMPv6 messages, including how error messages and informational message types are organized

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 3: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

3

Objectives (cont’d.)

• List the details of the different ICMPv6 error messages, including those that existed in ICMPv4 and have been upgraded as well as message types that were newly created for ICMPv6

• Describe the intricacies of all the different ICMPv6 informational messages, including those that existed under ICMPv4 and have been upgraded and those that have been newly created for use in ICMPv6

• Understand the general differences between ICMPv4 and ICMPv6

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 4: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

4

Objectives (cont’d.)

• Explain how Path MTU Discovery operates between IPv4 nodes, including the involvement of default packet MTUs, packet fragmentation, and the effect of a packet being marked for no fragmentation relative to ICMPv4 messaging

• Describe how Path MTU Discovery has been changed for IPv6 and the associated changes to ICMPv6 messages for this technology

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 5: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

5

Objectives (cont’d.)

• Describe the various processes for testing and troubleshooting with ICMP, including the use of network utilities such as Ping, Traceroute, and Pathping as well as routing sequences and security issues

• Explain network protocol analyzer data and use the data to decode ICMPv4 and ICMPv6 packets in order to understand their versions, types, sequencing, and other information

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 6: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

6

ICMP Basics

• ICMP – Provides information about network connectivity and

routing behavior– Provides a way to return information to senders– Messages are nothing more than specially formatted

IP datagrams

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 7: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

7

Roles That ICMP Plays on IP Networks

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 8: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

8

ICMPv4

• Core protocol in the IP suite– Originally specified by RFC 777 (made obsolete by

RFC 792)

• ping command– Widely used to test the connection between

computers

• Supports a series of network testing and error messages– It carries no payload and is not used by computer

applications

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 9: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

9

Overview of RFC 792

• RFC 792 – Provides basic specification for all ICMP messages

• According to RFC 792, ICMP– Provides mechanism for gateways (routers) or

destination hosts to communicate with source hosts– Takes the form of specially formatted IP datagrams– Required in some implementations of TCP/IP– Reports errors about processing of non-ICMP IP

datagrams

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 10: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

10

ICMPv4 Header

• Value 1 in IP header Protocol field – Denotes that an ICMP header follows the IP header

• ICMP header portions– Constant portion– Variable portion

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 11: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv4 Header (cont’d.)

11© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 12: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

12

Constant ICMP Fields

• ICMP packets contain three required fields after the IP header– Type– Code– Checksum

• Type Field– Identifies types of ICMP messages that can be sent

on the network– List is based on IANA documentation

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 13: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

13

Constant ICMP Fields (cont’d.)

• Code Field– Many ICMP packet types have a Code field

• Checksum Field– Provides error detection for the ICMP header only

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 14: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

14

Types of ICMPv4 Messages

• Fall into two general categories: – Error messages– Informational messages

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 15: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

15

Destination Unreachable Packets

• Returned to the source node– When a packet that was sent could not be delivered

to the destination address

• Sender can then use this information to decide how to correct the problem

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 16: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

16

Source Quench

• Used to tell the source node to reduce the rate of speed at which it sends packets to the destination node

• Source node responds by slowing down the transmission rate until it stops receiving Source Quench messages

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 17: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

17

Time Exceeded

• Sent in two circumstances– When a packet’s Time to Live (TTL) field is

decremented to zero– When some of the fragments of a message do not

reach the destination node

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 18: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

18

Redirect

• Routers – Send ICMP Redirect messages to hosts to indicate

that a preferable route exists

• Technically, this is not an error message– But for ICMPv4, it is classified as such

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 19: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

19

Parameter Problem

• “Generic” error message

• Can be sent back to the source node by any device on the network– When device detects an error in any header field in

an IP packet

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 20: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

20

Echo Request and Echo Reply

• Used for connectivity testing between network nodes

• Ping utility– Most common implementation of these messages

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 21: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

21

Timestamp and Timestamp Reply

• Routers use this pair of messages on a network to synchronize their system clocks for date and time

• Time synchronization method does not work very well on large networks

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 22: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

22

Router Advertisement and Router Solicitation

• Allow a network node not manually configured with the address of a first-hop router– To ask for and receive information about routers on

the local network

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 23: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

23

Address Mask Request and Address Mask Reply

• Intended to provide hosts with a method to determine their network mask information

• Most computers acquire information about what subnet mask they’re supposed to use via DHCP

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 24: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

24

Traceroute

• Similar to Echo Request and Echo Reply messages

• Traces the exact sequence of routers from source to destination – On a hop-by-hop basis

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 25: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

25

The Variable ICMP Structures and Functions

• ICMP Type 0 – Used for Echo Reply packets

• ICMP Type 8– Used for Echo Request packets

• RFC 792– Identifier and Sequence fields are used to aid in

matching Echo messages with Echo Replies

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 26: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

26

The Variable ICMP Structures and Functions (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 27: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

The Variable ICMP Structures and Functions (cont’d.)

27© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 28: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

28

Type 3: Destination Unreachable Packets

• Network troubleshooters – Often closely track ICMP Destination Unreachable

packets

• Host that sends Destination Unreachable packet – Must return IP header and eight bytes of original

datagram that triggered this response

• Total of 16 (0 through 15) possible codes– Currently assigned to ICMP Destination Unreachable

type number

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 29: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

29

Type 3: Destination Unreachable Packets (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 30: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

30

Type 3: Destination Unreachable Packets (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 31: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

31

Type 4: Source Quench

• Router or host – May use Source Quench to indicate that it is

becoming congested or overloaded

• By default– Most current routers do not issue Source Quench

messages

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 32: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Type 4: Source Quench (cont’d.)

32© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 33: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

33

Type 5: Redirect

• Routers – Send ICMP Redirect messages to hosts to indicate

that a preferable route exists

• ICMP Redirect packet– Four-byte field for the preferred gateway’s address

• Ideally– Clients should update routing tables to indicate

optimal path

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 34: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

34

Types 9 and 10: Router Advertisement and Router Solicitation

• ICMP Router Advertisement packets include the following fields – # of Addresses– Address Size– Lifetime– Router Address 1– Precedence Level 1– Router Address 2 and Precedence Level 2

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 35: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

35

Type 11: Time Exceeded

• Routers or hosts– Can send these ICMP packets

• Codes that can be used – Code 0 and Code 1

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 36: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

36

Type 12: Parameter Problem

• Errors indicate problems not covered by other ICMP error messages

• Codes used in ICMP Parameter Problem messages– Code 0: Pointer Indicates the Error– Code 1: Missing a Required Option– Code 2: Bad Length

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 37: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

37

Types 13 and 14: Timestamp and Timestamp Reply

• Defined as a method for one IP host to obtain the current time

• Value returned – The number in milliseconds since midnight,

Universal Time (UT)

• ICMP Timestamp and Timestamp Reply packets – Use the same structure

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 38: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

38

Types 15 and 16: Information Request and Information Reply

• Provides a way for a host to find out what network it is on

• ICMP Information Request and Information Reply packets – Use the same structure

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 39: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

39

Types 17 and 18: Address Mask Request and Address Mask Reply

• Intended to provide diskless hosts with a method to determine their network mask information

• ICMP Address Mask Request and Address Mask Reply packets – Use the same structure

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 40: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

40

Type 30: Traceroute

• Documented in RFC 1393 but not currently in use

• Requires some added functionality in the IP routers it traverses

• Adding functionality to routers– Costly and requires numerous resources to build,

implement, and test new code

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 41: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Type 30: Traceroute (cont’d.)

41© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 42: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv6

• ICMPv6 provides the same basic mechanism for error reporting and information exchange between networked devices as ICMPv4

42© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 43: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Overview of ICMPv6

• Originally specified by RFC 1885 (made obsolete by RFC 2463)

• Current specification is RFC 4443– Message types that previously used other protocols

now use ICMPv6– New message types have been created that did not

exist in ICMPv4

43© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 44: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Types of ICMPv6 Messages

• Type numbers 0–127 cover error messages

• Type numbers 128–255 cover informational messages

• Some message names are the same as their ICMPv4 counterparts– But many of them are completely new

44© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 45: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv6 Header

• RFC 4443 describes the general format of ICMPv6 messages

45© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 46: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv6 Error Messages

• ICMPv6 error messages from Type values 0 to 127

• Type values are all defined in RFC 4443

46© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 47: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Destination Unreachable Messages

• Router encountering this packet will send a Destination Unreachable message back to the source node

47© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 48: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Packet Too Big Messages

• New ICMPv6 error message type– Required because of how IPv6 manages data

fragmentation and reassembly

48© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 49: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Time Exceeded Messages

• Substantially similar to its ICMPv4 counterpart

• Message format is identical to the Destination Unreachable message

• Values for the Code field:– 0—Hop limit exceeded in transit– 1—Fragment reassembly time exceeded

49© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 50: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Parameter Problem Messages

• ICMPv6 Parameter Problem messages are considered “generic” messages

• Table 5-12: Parameter Problem message format fields

50© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 51: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv6 Informational Messages

• Type codes for informational messages– Exist in the 128–255 range

• ICMPv6 messages are not used to report errors– But to provide information to the source node

51© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 52: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Echo Request and Echo Reply Messages

• Specified in RFC 4443

• Perform basic connectivity test

52© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 53: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Router Advertisement and Router Solicitation Messages

• Specified in RFC 4861

• Router discovery function has been integrated into the Neighbor Discovery (ND) protocol

53© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 54: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Neighbor Solicitation and Neighbor Advertisement Messages

• Specified in RFC 4861

• Part of the IPv6 Neighbor Discovery protocol

54© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 55: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Redirect Messages

• Specified by RFC 4861 for ICMPv6

• Provide information to a node to change which router it is using

• Figure 5-26: ICMPv6 Redirect message format

55© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 56: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Router Renumbering Messages

• Specified in RFC 2894

• Allows address prefixes on routers to be configured and reconfigured

• Three types of Router Renumbering messages:– Commands– Results– Sequence Number Reset

56© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 57: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

A Short Comparison of ICMPv4 and ICMPv6 Messages

• Common general message types:– Connectivity-checking messages– Error-checking messages– Informational messages– Fragmentation required messages

• ICMPv6 only general message types:– Address Assignment messages– Address Resolution messages– Multicast Group Management messages– Mobile IPv6 Support messages

57© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 58: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Path MTU Discovery

• Path MTU (PMTU) Discovery in IPv4 networks – Allows routers to notify nodes via ICMPv4 messages

if they need to change the MTU size of the packets they are sending

• Common practice for IPv4 routers to fragment packets

• If the packet MTU is too large– Node will receive the ICMPv4 message Destination

Unreachable

58© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 59: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Changes to PMTU

• IPv6 MTU sizing and fragmentation have been updated– Improve the efficiency and quality of sending and

receiving network traffic

• Used on IPv4 networks, it has been vastly improved for IPv6

59© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 60: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

60

Testing And Troubleshooting Sequences For ICMP

• ICMP’s most common uses are for testing and troubleshooting

• Two well-known IP utilities– Ping and Traceroute– Rely on ICMP to perform connectivity tests and path

discovery

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 61: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Connectivity Testing with Ping

• Ping– Actually a form of ICMP Echo communication

• ICMP Echo Request– Connectionless process with no guarantee of

delivery

61© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 62: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Connectivity Testing with Ping (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved. 62

Page 63: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

63

Connectivity Testing with Ping (cont’d.)

• Most Ping utilities – Send series of several Echo Requests to the target

in order to obtain average response time

• Ping utility– Sends series of four ICMP Echo Requests with a

one-second ICMP Echo Reply Timeout value– Supports IP addresses and names– Uses traditional name resolution processes

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 64: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Connectivity Testing with Ping (cont’d.)

© 2013 Course Technology/Cengage Learning. All Rights Reserved. 64

Page 65: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

65

Connectivity Testing with Ping (cont’d.)

• Parameters available with the Ping utility– -l size– -f– -i TTL– -v TOS – -w timeout

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 66: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Path Discovery with Traceroute

• Traceroute utility– Uses route tracing to identify a path from sender to

target host– Available parameters

• -d

• -h

• -w

© 2013 Course Technology/Cengage Learning. All Rights Reserved. 66© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 67: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

67© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 68: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

68

Path Discovery with Pathping

• Pathping utility – Command-line utility– Uses ICMP Echo packets to test router and link

latency, as well as packet loss

• PMTU Discovery – Enables source to learn the currently supported MTU

across an entire path

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 69: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

69

Path MTU Discovery with ICMP

• Defined in RFC 1191

• PMTU Discovery – Enables source to learn the currently supported MTU

across an entire path

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 70: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

70© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 71: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

71

Path MTU Discovery with ICMP (cont’d.)

• PMTU process– Host A sends a 4,096-byte packet to Host B– Router 1 discards packet and sends Host A a

“Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet

– Host A re-sends packet using maximum MTU size of 1,500

– Router 1 forwards packet across Network 2 to Router 2

– Router 2 receives packet and forwards it to Network 3, where it arrives at Host B

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 72: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

72

Routing Sequences for ICMP

• ICMP – Can provide some routing information to hosts– Used by routers to provide a default gateway setting

to a host• Routers

– Can send ICMP messages

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 73: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

73

Router Discovery

• IP hosts – Typically learn about routes through manual

configuration of • Default gateway parameter and redirection messages

– Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements

• By default– ICMP Router Solicitation packet is sent to the all-

routers IP multicast address 224.0.0.2

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 74: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

74© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 75: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

75

Router Advertising

• ICMP router advertisements – Allow hosts to passively learn about available routes

• Default Lifetime value for route entries– 30 minutes

• Default advertising rate – Between seven and ten minutes

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 76: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Redirection to a Better Router

76© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 77: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

77

Security Issues For ICMPv4

• ICMP – Can be used as an information-gathering tool

• IP address scanning process– One method of obtaining a list of the active hosts

• IP host probe – Performed by sending a ping packet to each host

within a range and noting the responses

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 78: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

78

ICMP Redirect Attack

• ICMP– Used to manipulate traffic flow between hosts

• Attacker can – Redirect traffic to his machine and perform any

number of man-in-the-middle style attacks

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 79: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

79

ICMP Router Discovery

• Susceptible to attack on the local network segment

• During discovery process– Router Solicitation message finds its way to

attacker’s machine

• Timing is critical

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 80: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

80

Inverse Mapping

• One method of determining live targets on a network

• Firewalking– Describes the concept of walking a firewall ACL or

ruleset to determine what it filters and how– A two-phase attack method

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 81: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Security Issues for ICMPv6

• ICMPv6 built-in security features– Designed to prevent attacks sent from another

network segment

• Features include:– Value in Hop Limit field being set at 255– Source address of ICMPv6 packets must be either

link-local or unspecified– Authentication for ICMPv6 packet exchanges is

managed using IPv6-AUTH or IPv6-ESP– ICMPv6 is protected by IPsec

81© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 82: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

Decoding ICMP Packets

• Tools such as Wireshark can capture and decode ICMP packets for examination

82© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 83: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv4

• Table 5-21: ICMPv4 Echo Request and Echo Reply Message format fields

83© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 84: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

ICMPv6

84© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 85: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

85

Summary

• ICMP – Provides vital feedback about IP routing and delivery

problems– Really part of IP itself– Support is required in any standards-compliant IP

implementation– Used by Ping and Traceroute to measure round-trip

times– Supports PMTU Discovery between a sender and a

receiver

© 2013 Course Technology/Cengage Learning. All Rights Reserved.

Page 86: Guide to TCP/IP Fourth Edition Chapter 5: Internet Control Message Protocol

86

Summary (cont’d.)

• Route and routing error information from ICMP – Derives from numerous types of ICMP messages

• ICMP– Supports route optimization through its ICMP

Redirect message type– Security issues are important– Message structures and functions can vary

• ICMPv4 and ICMPv6 Echo messages have a very similar format

© 2013 Course Technology/Cengage Learning. All Rights Reserved.