Sunday, 12 February 2017

ICMP

The below videos and links helps in understanding ICMP in Detail.  








One of the best explanation available :ICMP
http://www.firewall.cx/networking-topics/protocols/icmp-protocol.html

ICMP:

ICMP header starts after the IPv4 header and is identified by protocol no: 0x01 for ICMP in ip header.
ICMP packet will have an 8-byte header and variable sized data section.
First 4 bytes of the header will be consistent. The first byte is for ICMP type. 2nd byte is for the ICMP code. 3 and 4th bytes are for checksum of the entire ICMP message.

The contents of the remaining 4 bytes [since ICMP segment size is 8 bytes] of the header will varies based on the ICMP type and code.
ICMP error messages contain a data section that includes the entire IP header plus the first 8 bytes of data from the ip packet that caused the error message. The ICMP packet is then encapsulated in a new packet.

ICMP error message == Contains Data section + entire IP header + first 8 bytes of data from the IP packet that caused the error message. 


  • Type – ICMP type as specified below.
  • Code – Subtype to the given type.
  • Checksum – Error checking data. Calculated from the ICMP header+data, with value 0 for this field. The checksum algorithm is specified in RFC 1071.
  • Rest of Header – Four byte field. Will vary based on the ICMP type and code.

Source quench

Source Quench requests that the sender decrease the rate of messages sent to a router or host. This message may be generated if a router or host does not have sufficient buffer space to process the request, or may occur if the router or host buffer is approaching its limit.
As no acknowledgement mechanism is present in the network layer, the client does not know whether the data has reached the destination successfully. Hence some remedial measures should be taken by the network layer to avoid these kind of situations. These measures are referred to as source quench. In a source quench mechanism, the router sees that the incoming data rate is much faster than the outgoing data rate, and sends an ICMP message to the clients, informing them that they should slow down their data transfer speeds or wait for a certain amount of time before attempting to send more data. When a client receives this message, it will automatically slow down the outgoing data rate or wait for a sufficient amount of time, which enables the router to empty the queue. Thus the source quench ICMP message acts as flow control in the network layer.













Redirect


Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternate route). If a host tries to send data through a router (R1) and R1 sends the data on another router (R2) and a direct path from the host to R2 is available (that is, the host and R2 are on the same Ethernet segment), then R1 will send a redirect message to inform the host that the best route for the destination is via R2. The host should then send packets for the destination directly to R2. The router will still send the original datagram to the intended destination. However, if the datagram contains routing information, this message will not be sent even if a better route is available. RFC1122 states that redirects should only be sent by gateways and should not be sent by Internet hosts.


Time exceeded

Time Exceeded is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit.

Time exceeded messages are used by the traceroute utility to identify gateways on the path between two hosts.











Timestamp


Timestamp is used for time synchronization. It consists of the originating timestamp.



Explain ping packet (ICMP echo request/reply) format?
An Echo is simply what we networking engineers call a 'ping'. The Echo Reply is, as most would guess,  the 'ping reply'. ICMP Echos are used mostly for troubleshooting. When there are 2 hosts which have communication problems, a few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems with the routes packets are taking in order to get to the other side.
The 'ping' command is very well known, but the results of it are very often misunderstood and for that reason I have chosen to explain all those other parameters next to the ping reply, but we will have a look at that later on.


Let's have a look at what an ICMP-Echo or Echo Reply packet looks like:

If the above packet was an ICMP Echo (ping), then the Type field takes a value of 8. If it's an ICMP Echo Reply (ping reply) then it would take a value of 0.

The picture below is a screen shot I took when doing a simple ping from my workstation:


Okay, now looking at the screen shot above, you can see I 'pinged' www.firewall.cx. The first thing my workstation did was to resolve that URL to an IP address. This was done using DNS. Once the DNS server returned the IP address of www.firewall.cx, the workstation generated an ICMP packet with the Type field set to 8.


Here is the proof:



The picture above is a screenshot from my packet sniffer the same time this experiment was taking place. The packet displayed is one of the 4 packets which were sent from my workstation to the webserver of firewall.cx

Notice the ICMP type=8 Echo field right under the ICMP Header section. This clearly shows that this packet is being sent from the workstation and not received. If it was received, it would have been an 'Echo Reply' and have a value of 0.

The next weird thing, if anyone noticed, is the data field. Look at the screen shot from command prompt above and notice the value there and the value the packet sniffer is showing on the left. One says 32 Bytes, and the other 40 Bytes !
The reason for this is that the packet sniffer is taking into account the ICMP header files (ICMP type, code, checksum and identifier), and I'll prove it to you right now.

Look at the top of this page where we analysed the ICMP headers , you will notice that the lengths (in Bits) of the various fields are as follows: 8, 8, 16, 16, 16. These add up to a total of 64 Bits. Now 8 Bits = 1 Byte, therefore 64 Bits = 8 Bytes. Take the 32 Bytes of data the workstation's command prompt is showing and add 8 Bytes .... and you have 40 Bytes in total.

Two routers A and B are connected back to back with hub in between. Router A ip is 2.2.2.2 and Router B ip 3.3.3.3. Will ping happens? Will ARP happens?
Ping will fail so do arp.
Router#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Here routing table and ARP table do not show any entry of router B
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet0/0
Router#
Router#
Router#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  2.2.2.2                 -   0007.EC3B.29C5  ARPA   FastEthernet0/0


Routers b2k interfaces need to be in same subnet.

Now I configured router B interface as 2.2.2.1
Router#ping 2.2.2.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms

Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/24 is subnetted, 1 subnets
C       2.2.2.0 is directly connected, FastEthernet0/0
Router#
Router#show arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  2.2.2.1                 0   0060.7039.799A  ARPA   FastEthernet0/0
Internet  2.2.2.2                 -   0007.EC3B.29C5  ARPA   FastEthernet0/0

No comments:

Post a Comment

Note: only a member of this blog may post a comment.