Documentos de Académico
Documentos de Profesional
Documentos de Cultura
(ICMP)
The Internet Control Message Protocol (ICMP) [RFC792] protocol is classic example of
a client server application. The ICMP server executes on all IP end system computers and
all IP intermediate systems (i.e routers). The protocol is used to report problems with
delivery of IP datagrams within an IP network. It can be sued to show when a particular
End System (ES) is not responding, when an IP network is not reachable, when a node is
overloaded, when an error occurs in the IP header information, etc. The protocol is also
frequently used by Internet managers to verify correct operations of End Systems (ES)
and to check that routers are correctly routing packets to the specified destination address.
The format of an ICMP message is shown above. The 8-bit type code identifies the types
of message. This is followed by at least the first 28 bytes of the packet that resulted in
generation of the error message (i.e. the network-layer header and first 8 bytes of
transport header). This payload is, for instance used by a sender that receives the ICMP
message to perform Path MTU Discovery so that it may determine IP destination address
of the packet that resulted in the error. Longer payloads are also encouraged (which can
help better identify the reason why the ICMP message was generated and which program
generated the original packet).
The figure below shows the encapsulation of ICMP over an Ethernet LAN using an IP
network layer header, and a MAC link layer header and trailer containing the 32-bit
checksum:
Encapsulation for a complete ICMP packet (not showing the Ethernet preamble)
It is the responsibility of the network layer (IP) protocol to ensure that the ICMP message
is sent to the correct destination. This is achieved by setting the destination address of the
IP packet carrying the ICMP message. The source address is set to the address of the
computer that generated the IP packet (carried in the IP source address field) and the IP
protocol type is set to "ICMP" to indicate that the packet is to be handled by the remote
end system's ICMP client interface.
RFC792 specifies the Internet Control Message Protocol (ICMP) that is used with the
Internet Protocol version 4 (IPv4). It defines, among other things, a number of error
messages that can be used by an end-system and intermediate systems to report errors
back to the sending system. The host requirements (RFC1122) classifies ICMP these
error messages into those that indicate "soft errors" (advising of problems), and those that
indicate "hard errors" (which need to be responded to).
A version of ICMP has also been defined for IPv6, called ICMPv6 (RFC4443). This
subsumes all the equivalent functions of ICMP for IPv4 and adds other network-layer
functions. ICMP error messages are up to 1280 bytes in size, and therefore always carry a
substantial number of bytes from the packet that generated the error being reported.
The operation of ICMP is illustrated in the frame transition diagram shown above. In this
case there is only one Intermediate System (IS) (i.e. IP router). In this case two types of
message are involved the ECHO request (sent by the client) and the ECHO reply (the
response by the server). Each message may contain some optional data. When data are
sent by a server, the server returns the data in the reply which is generated. ICMP packets
are encapsulated in IP for transmission across an internet.
ICMP is a very important part of the communication between hosts on IP networks. Used
by routers and endpoints (clients and servers) ICMP communicates error conditions in
networks and provides a means for endpoints to receive information about a network path
or requested connection.
One of the commonest uses of ICMP by the administrator of a network is the use of ping
to detect the state of a machine in the network. There are other types of ICMP which are
used for other inter-computer communication. One other common type of ICMP is the
ICMP returned by a router or host which is not accepting connections. Essentially, the
host returns the ICMP as a polite method of saying “Go away.”.
One important use of ICMP, which is completely transparent to most users (and indeed
many admins), is the use of ICMP to discover the Path Maximum Transmission Unit
(PMTU). By discovering the Path MTU and transmitting packets with this the MTU, a
host can minimize the delay of traffic due to fragmentation, and (theoretically) attain a
more even rate of data transmission. Because each destination may have a different MTU
due to different network paths, the MTU is a per route attribute stored in the routing
cache.
Path MTU can be quite easily broken if any single hop along the way blocks all ICMP.
Be sure to allow ICMP unreachable/fragmentation needed packets into and out of your
network. This will prevent you from being one of the unclueful network admins who
cause PMTU problems.
4.10.2. ICMP Redirects and Routing
An ICMP redirect is a router's way of communicating that there is a better path out of this
network or into another one than the one the host had chosen. In the example network,
tristan has a route to the world through masq-gw and a route to 192.168.98.0/24
through isdn-router. If tristan sends a packet for 192.168.98.0/24 to masq-gw, the
optimal outcome is for masq-gw to suggest with an ICMP redirect that tristan send such
packets via isdn-router instead.
By this method, hosts can learn what networks are reachable through which routers on
the local network segment. ICMP redirect messages, however, are easy to forge, and
were (at one time) used to subvert poorly configured machines. While this is infrequently
a problem on the Internet today, it's still good practice to ignore ICMP redirect messages
from public networks. Create static routes where necessary on private and public
networks to prevent ICMP redirect messages from being generated on your network.
There's a great deal of information above, so let's examine the important parts. We have
the first three packets which passed by our NIC as a result of this attempt to establish a
session. First, we see a packet from tristan bound for morgan with tristan's source
MAC and masq-gw's destination MAC. Because masq-gw is tristan's default gateway,
tristan will send all packets there.
The next packet is the ICMP redirect, informing tristan of a better route. It includes
several pieces of information. Implicitly, the source IP indicates what router is suggesting
the alternate route, and the contents specify what the intended destination was, and what
the better route is. Note that masq-gw suggests using 192.168.99.1 (isdn-router) as the
gateway for this destination.
The final packet is part of the intended session, but has the MAC address of masq-gw on
it. masq-gw has (courteously) informed us that we should not use it as a route for the
intended destination, but has also (courteously) forwarded the packet as we had
requested. In this small network, it is acceptable to allow ICMP redirect messages,
although these should always be dropped at network borders, both inbound and outbound.
So, in summary, ICMP redirect messages are not intrinsically dangerous or problematic,
but they shouldn't exist in well-maintained networks. If you happen to see them growing
in the shadows of your network, some careful observation should show you what hosts
are affected and which routing tables could use some attention.