ICMP info

ICMP
– Provides information about network connectivity and routing behavior
– Provides a way to return information to senders
– Messages are nothing more than specially formatted IP datagrams
• RFC 792
– Provides basic specification for all ICMP messages
According to RFC 792, ICMP
– Provides mechanism for gateways (routers) or destination hosts to communicate with source hosts
– Takes the form of specially formatted IP datagrams
– Required in some implementations of TCP/IP
– Reports errors about processing of non-ICMP IP datagrams
• ICMP’s Vital Role on IP Networks
ICMP’s job is to provide information about
– IP routing behavior
– Reachability
– Routes between specific pairs of IP hosts
– Delivery errors
• Testing And Troubleshooting Sequences For ICMP: Connectivity Testing with Ping
PING and TRACEROUTE
– Rely on ICMP to perform connectivity tests and path discovery
PING
– Actually a form of ICMP Echo communication
ICMP Echo Request
– Connectionless process with no guarantee of delivery
• Connectivity Testing with PING (continued)
Most PING utilities
– Send series of several Echo Requests to the target in order to obtain average response time
PING utility
– Sends series of four ICMP Echo Requests with a one-second ICMP Echo Reply Timeout value
– Supports IP addresses and names
– Uses traditional name resolution processes
• Connectivity Testing with PING (cont’d)
Parameters available with the PING utility
– -l size
– -f
– -i TTL
– -v TOS,
– -w timeout
• Path Discovery with TRACEROUTE
TRACEROUTE utility
– Uses route tracing to identify a path from sender to target host
– Available parameters
• -d
• -h
• -w
• Path Discovery with PATHPING
PATHPING utility
– Command-line utility
– Uses ICMP Echo packets to test router and link latency, as well as packet loss
PMTU Discovery
– Enables source to learn the currently supported MTU across an entire path
• Path MTU Discovery with ICMP
PMTU process
– Host A sends a 4,096-byte packet to Host B
– Router 1 discards packet and sends Host A a “Fragmentation Needed and Don’t Fragment Flag was Set” ICMP packet
– Host A re-sends packet using maximum MTU size of 1,500
– Router 1 strips off token ring header and applies Ethernet header before forwarding packet
• Routing Sequences for ICMP
ICMP
– Can provide some routing information to hosts
– Used by routers to provide a default gateway setting to a host
Routers
– Can send ICMP messages
• Router Discovery
IP hosts
– Typically learn about routes through manual configuration of
• Default gateway parameter and redirection messages
– Send ICMP Router Solicitations and routers reply with ICMP Router Advertisements
By default
– ICMP Router Solicitation packet is sent to the all-routers IP multicast address 224.0.0.2
• Router Advertising
ICMP Router Advertisements
– Allow hosts to passively learn about available routes
Default Lifetime value for route entries
– 30 minutes
Default advertising rate
– Between seven and ten minutes
• Security Issues For ICMP
ICMP
– Can be used as an information-gathering tool
IP address scanning process
– One method of obtaining a list of the active hosts
IP host probe
– Performed by sending a PING packet to each host within a range and noting the responses
• ICMP Redirect Attack
ICMP
– Used to manipulate traffic flow between hosts
Attacker can
– Redirect traffic to his machine and perform any number of man-in-the-middle style attacks
• ICMP Router Discovery
Susceptible to attack on the local network segment
During discovery process
– Router solicitation message finds its way to attacker’s machine
Timing is critical
• ICMP Packet Fields and Functions
Value 1 in IP header Protocol field
– Denotes that an ICMP header follows the IP header
ICMP header portions
– Constant portion
– Variable portion
• Constant ICMP Fields
ICMP packets contain three required fields after the IP header
– Type
– Code
– Checksum
• Type 3: Destination Unreachable Packets
Network troubleshooters
– Often closely track ICMP Destination Unreachable packets
Host that sends Destination Unreachable packet
– Must return IP header and eight bytes of original datagram that triggered this response
Total of 16 (0 through 15) possible codes
– Currently assigned to ICMP Destination Unreachable type number
• Type 4: Source Quench
Router or host
– May use Source Quench to indicate that it is becoming congested or overloaded
By default
– Most current routers do not issue Source Quench messages
• Type 5: Redirect
Routers
– Send ICMP Redirect messages to hosts to indicate that a preferable route exists
ICMP Redirect packet
– Four-byte field for the preferred gateway’s address
Ideally
– Clients should update routing tables to indicate optimal path
• Types 9 and 10: Router Advertisement and Router Solicitation
ICMP Router Advertisement packets include the following fields
– # of Addresses
– Address Size
– Lifetime
– Router Address 1
– Precedence Level 1
– Router Address 2 and Precedence Level 2
• Type 11: Time Exceeded
Routers or hosts
– Can send these ICMP packets
Codes that can be used
– Code 0 and Code 1
• Type 12: Parameter Problem
Errors indicate problems not covered by other ICMP error messages
Codes used in ICMP Parameter Problem messages
– Code 0: Pointer Indicates the Error
– Code 1: Missing a Required Option
– Code 2: Bad Length
• Types 13 and 14: Timestamp and Timestamp Reply
Defined as a method for one IP host to obtain the current time
Value returned
– The number in milliseconds since midnight, Universal Time (UT)
ICMP Timestamp and Timestamp Reply packets
– Use the same structure
• Types 15 and 16: Information Request and Information Reply
Provides a way for a host to find out what network it is on
ICMP Information Request and Information Reply packets
– Use the same structure
• Types 17 and 18: Address Mask Request and Address Mask Reply
Intended to provide diskless hosts with a method to determine their network mask information
ICMP Address Mask Request and Address Mask Reply packets
– Use the same structure
• Type 30: TRACEROUTE
Documented in RFC 1393 but not currently in use
Requires some added functionality in the IP routers it traverses
Adding functionality to routers
– Costly and requires numerous resources to build, implement, and test new code

Here's something for you to ponder Viperarse. You're a spamming cnut who's lower than a snake's twat.

Not as low as snake shyte on the sea bottom.

It's indicative of how big a fcukwitt Vipertwonk is.