Click

ICMP Protocol


ICMP

Internet control message protocol

It’s not for data transferring... It really designed for routing. Like to check
“Did I drop any packet’s….”

                        * It does the error handling in the network
                        * It debug the errors and show the message

IP protocol had no error reporting or correcting mechanis




Who send who recivee….






 ICMP messages use the following format





 The most important ICMP message types


Datagram
       no call setup phase
       more flexible
       more reliable in cases of switching node failures
       difficult to control network’s state and provide quality of service
         Virtual circuits

       network can provide sequencing
       traffic engineering can be applied, enabling more practical provision of quality of service (QoS) support
       less reliable in cases of switching node failures





§  The protocol is used to report problems with delivery of IP datagrams within an IP network.
§  It can be sued to show when a particular End system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc.
§  The protocol is also frequently used by Internet managers to verify correct operations of End Systems and to check that routers are correctly routing packets to the specified destinations.
§  The Internet Protocol (IP) is used for host-to-host datagram service in a system of  interconnected networks called the Catenet.
§  The network connecting devices are called Gateways.
§  These gateways communicate between  themselves for control purposes via a Gateway to Gateway Protocol (GGP).
§  Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing.
§    ICMP, uses the basic support of IP as if it were a higher level protocol, however, ICMP is actually an integral part of IP, and must be implemented by every IP module. 



ICMP functions 

Assist Troubleshooting: ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts: If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

ICMP Applications
Ping
Traceroute

Connectivity Testing with PING
The PING utility is actually an ICMP Echo process.
An ICMP Echo Request packet consists of an Ethernet header, IP header, ICMP header, and some undefined data.
This packet is sent to the target host, which echoes back that data,
The ICMP echo request is a connectionless process with no guarantee of delivery.
Most PING utilities send a series of several echo requests to the target in order to obtain an average response time.
These response times are displayed in milliseconds.
These times should be considered a snapshot of the current round-trip time.

The PING utility included with Windows 2000 sends a series of four ICMP echo requests with a one-second ICMP Echo Reply Timeout value





§  The echo requests consist of 32 bytes of data (an alphabetical pattern)
  in a fragmentable IP packet


The command-line parameters used with PING can affect the  appearance and functionality of ICMP Echo packets.

Path Discovery with TRACEROUTE

The TRACEROUTE utility identifies a path from the sender to the target host using ICMP echo requests and some manipulation of the TTL value in the IP header.

 Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP Time-Exceeded message to the sender.

Traceroute determines the address of the first hop by examining the source address field of the ICMP Time-Exceeded message.

To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the Time-Exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host or until the maximum TTL is reached.

To determine when a datagram reaches its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP Port Unreachable error message to the source. The Port Unreachable error message indicates to traceroute that the destination has been reached.






· RouterA prepares an ICMP echo request message, encapsulates it in an IP packet having Source address=172.16.1.1, Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination UDP port= anything not used (usually greater than 30000) and forwards it.

· RouterB, upon receiving this packet, decrements one unit from TTL value, hence TTL becomes 0, which means that it has to drop this packet. It replies back to the sender with an ICMP Time exceeded message, including its source address in the SA field of the IP header (SA=172.16.1.2).

·  RouterA receives the response and prints out on the screen the first hop (IP address=172.16.1.2).

·  Afterwars, RouterA sends the same echo request message with TTL value=2.

·  RouterB decrements it by one and forwards it to RouterC which decrements by one again (TTL=0), forcing it to return an ICMP time exceeded message with SA=192.168.1.2.

RouterA now prints out the second hop on screen (IP address=192.168.1.2).
Finally RouterA sends an ICMP echo request with TTL value=3 which is terminated on RouterD. The latter passes the packet to the transport layer where the wrong UDP port number causes RouterD to issue an ICMP Port Unreachable message.
RouterA upon receiving this message from RouterD knows that it has reached the final hop which prints out on screen and stops sending any more messages.








What is a Ping (ICMP) flood attack

A ping flood is a denial-of-service attack in which the attacker attempts to overwhelm a targeted device with ICMP echo-request packets, causing the target to become inaccessible to normal traffic. When the attack traffic comes from multiple devices, the attack becomes a DDoS or distributed denial-of-service attack.









By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

What is SIP trunking

What is SIP trunking..  (Session Initiation Protocol trunking) SIP trunking is a service that a communication provider offers. it uses the S...

  • Word to PDF Convertor
     A Word document may be easily converted to a PDF file However, what happens if you need to convert a ton of Word files into PDFs? It will t...
  • BACKUPPC INSTALLATION AND CONFIGURATIONS
    BACKUPPC INSTALLATION AND CONFIGURATIONS BackupPC is a backup solution that can be configured to back up remote Linux and Windows systems...
  • Flash For EVONY 2021
    Flash is now officially dead.   with this way you can still use Flash. if you have any problem while installing or working on this please fe...