Minggu, 09 Maret 2008

ICMP

The Internet Control Message Protocol, or ICMP, described in RFC 792, specifies a variety of messages whose common purpose is to manage the network. ICMP messages might be classified as either error messages or queries and responses. Figure 1 shows the general ICMP packet format. The packets are identified by type; many of the packet types have more specific types, and these are identified by the code field. Table 1 lists the various ICMP packet types and their codes, as described in RFC 1700.

Figure 1. The ICMP packet header includes a type field, a code field that further identifies some types, and a checksum. The rest of the fields depend on the type and code.


Table 1. ICMP packet types and code fields.

Type

Code

Name

0

0

ECHO REPLY

3


DESTINATION UNREACHABLE

0

Network Unreachable

1

Host Unreachable

2

Protocol Unreachable

3

Port Unreachable

4

Fragmentation Needed and Don't Fragment Flag Set

5

Source Route Failed

6

Destination Network Unknown

7

Destination Host Unknown

8

Source Host Isolated

9

Destination Network Administratively Prohibited

10

Destination Host Administratively Prohibited

11

Destination Network Unreachable for Type of Service

12

Destination Host Unreachable for Type of Service

4

0

SOURCE QUENCH (deprecated)

5


REDIRECT

0

Redirect Datagram for the Network (or Subnet)

1

Redirect Datagram for the Host

2

Redirect Datagram for the Network and Type of Service

3

Redirect Datagram for the Host and Type of Service

6

0

ALTERNATE HOST ADDRESS

8

0

ECHO

9

0

ROUTER ADVERTISEMENT

10

0

ROUTER SELECTION

11


TIME EXCEEDED

0

Time to Live Exceeded in Transit

1

Fragment Reassembly Time Exceeded

12


PARAMETER PROBLEM

0

Pointer Indicates the Error

1

Missing a Required Option

2

Bad Length

13

0

TIMESTAMP

14

0

TIMESTAMP REPLY

15

0

INFORMATION REQUEST (Obsolete)

16

0

INFORMATION REPLY (Obsolete)

17

0

ADDRESS MASK REQUEST (Near-obsolete)

18

0

ADDRESS MASK REPLY (Near-obsolete)

30

-

TRACEROUTE

Example 1 and Example 2 show analyzer captures of two of the most well-known ICMP messagesEcho Request and Echo Reply, which are used by the ping function.

Example 1. ICMP Echo message, shown with its IPv4 header.
Internet Protocol, Src Addr: 172.16.1.21 (172.16.1.21),
    Dst Addr: 198.133.219.25 (198.133.219.25)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0xabc3 (43971)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 64
    Protocol: ICMP (0x01)
    Header checksum: 0x8021 (correct)
    Source: 172.16.1.21 (172.16.1.21)
    Destination: 198.133.219.25 (198.133.219.25)
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0xa297 (correct)
    Identifier: 0x0a40
    Sequence number: 0x0000
    Data (56 bytes)
 
0000  40 fd ab c2 00 0e 73 57 08 09 0a 0b 0c 0d 0e 0f   @.....sW........
0010  10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f   ................
0020  20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f    !"#$%&'()*+,-./
0030  30 31 32 33 34 35 36 37                           01234567

Example 2. ICMP Echo Reply.
Internet Protocol, Src Addr: 198.133.219.25 (198.133.219.25),
    Dst Addr: 172.16.1.21 (172.16.1.21)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
    Total Length: 84
    Identification: 0xabc3 (43971)
    Flags: 0x00
    Fragment offset: 0
    Time to live: 242
    Protocol: ICMP (0x01)
    Header checksum: 0xce20 (correct)
    Source: 198.133.219.25 (198.133.219.25)
    Destination: 172.16.1.21 (172.16.1.21)
Internet Control Message Protocol
    Type: 0 (Echo (ping) reply)
    Code: 0
    Checksum: 0xaa97 (correct)
    Identifier: 0x0a40
    Sequence number: 0x0000
    Data (56 bytes)
 
0000  40 fd ab c2 00 0e 73 57 08 09 0a 0b 0c 0d 0e 0f  @.....sW........
0010  10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f  ................
0020  20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f   !"#$%&'()*+,-./
0030  30 31 32 33 34 35 36 37                          01234567

Although most ICMP types have some bearing on routing functionality, three types are of particular importance:

· Router Advertisement and Router Selection, types 9 and 10, respectively, are used by the ICMP Router Discovery Protocol (IRDP), a protocol used by some operating systems (such as most versions of Microsoft Windows) to discover local routers.

· Redirect, ICMP type 5, is used by routers to notify hosts of another router on the data link that should be used for a particular destination. Suppose two routers, Router A and Router B, are connected to the same Ethernet. Host X, also on the Ethernet, is configured to use Router A as its default gateway; the host sends a packet to Router A, and A sees that the destination address of the packet is reachable via Router B (that is, Router A must forward the packet out the same interface on which it was received). Router A forwards the packet to B but also sends an ICMP redirect to host X informing it that in the future, to reach that particular destination, X should forward the packet to Router B. Example 3 shows a router sending a redirect.

Example 3. Using the debugging function debug ip icmp, this router can be seen sending a redirect to host 10.158.43.25, informing it that the correct router for reaching destination 10.158.40.1 is reachable via gateway (gw) 10.158.43.10.
Pip#debug ip icmp
ICMP packet debugging is on
ICMP: redirect sent to 10.158.43.25 for dest 10.158.40.1, use gw 10.158.43.100
Pip#
An occasionally used trick to avoid redirects on data links with multiple attached gateways is to set each host's default gateway as its own IPv4 address. The hosts will then ARP for any address, and if the address is not on the data link, the correct router should respond via proxy ARP. The benefits of using this tactic merely to avoid redirects are debatable; redirects are decreased or eliminated, but at the expense of increased ARP traffic.

Redirects are enabled by default in IOS and might be disabled on a per interface basis with the command no ip redirects.

Tidak ada komentar: