1 network administration module 5 icmp and igmp. 2 tcp/ip protocol structure link layer internet...
TRANSCRIPT
1
Network Administration
Module 5
ICMP and IGMP
2
TCP/IP Protocol Structure
ICMP
SMTP DNSTelnetFTP HTTP...
UDP TCP
IPICMP IGMP
ARP RARP
DATA LINK
PHYSICAL
Link Layer
Internet Layer
Transport Layer
Application Layer
3
ICMP (Reference RFC 792) Internet Control Message Protocol (ICMP) is one of the core
protocols of the Internet Protocol Suite ICMP is a protocol used for exchanging error or control messages
between routers or hosts ICMP uses IP to deliver messages to the original source ICMP messages are usually generated and processed by the IP
software, not the user process (i.e. it is not processed by software application)
ICMP can only report error, congestion, or other network condition. It does nothing to enhance IP’s best effort delivery approach.
Note:ICMP messages themselves are nothing more than specially formatted IP datagram, subject to the same conditions as other IP packets in the general network traffic.
4
Encapsulation of ICMP packet
ICMPmessage
IPheader
IPdata
Frame dataFrameheader
Trailer(if any)
5
ICMP Messages
ICMP message
QueryError-reporting
6
General format of ICMP messages
Type Code Checksum
Rest of the header
Data Section
8 bits 8 bits 8 bits8 bits
7
Type of ICMP Messages
ICMP Message Type Use or Significance
ICMP Echo / Echo Reply Supports functionality for reachability utilities like PING and TRACEROUTE; essential when installing, configuring and troubleshooting IP networks
ICMP Destination Unreachable
Documents when routing or delivery errors prevents IP datagrams from reaching their destinations; code values are extremely important.
ICMP Source Quench Permits a receiving host or intermediate gateway to instruct a sending host to adjust (lower) its sending rate to ease congestion problem
ICMP Redirect Permits a gateway (router) on a non-optimal route between sender and receiver to redirect traffic to a more optimal path
8
Type of ICMP Messages
ICMP Message Type
Use or Significance
ICMP router Discovery Permits hosts to request information about local routers, and routers to advertise their existence on an IP network
ICMP Time Exceeded Indicates that an IP datagram’s TTL or a fragmented IP datagram’s reassembly timer, has expired; can indicate either a too-short TTL, or the presence of a router loop on a network (which must be removed)
ICMP Parameter Problem Indicates some error occurred while processing the IP header of an incoming datagram, causing that datagram to be discarded; catchall for ambiguous or miscellaneous errors, it indicates further investigation is required
9
ICMP Functions
ICMP provides a way to return information to sender, in the form of specific kind of ICMP messages, about route traveled (including reachability information) as packet get forwarded and a positive way to return error information to a sender when routing or reachability problem prevent delivery of an IP datagram.
10
Time-To-Live (TTL)
Time-to-live (TTL) field of the IP Header is defined to be a timer limiting the lifetime of a datagram.
It is an 8-bit field and the units are seconds. Each router that handles a packet MUST decrement the TTL by at least one, even if the elapsed time was much less than a second.
Since this is very often the case (decrement for a second) the TTL is effectively a hop count limit on how far a datagram can propagate through the Internet.
11
ICMP Utilties
ICMP’s most common uses are testing and troubleshooting. Two of the most well known utilities, ping and traceroute rely on ICMP to perform connectivity test and path discovery.
Other tools e.g VisualRoute (http://www.visualroute.com)
WinMTR (http://winmtr.sourceforge.net)
12
traceroute
It prints the path a packet takes to reach its destination showing the names of all the intermediate routers
Making use of the following ICMP messages Time exceeded Destination unreachable
[root@CimLinuxServer ~]# traceroute www.cisco.comtraceroute to www.cisco.com (198.133.219.25), 30 hops max, 38 byte packets 1 192.168.19.249 (192.168.19.249) 0.364 ms 0.279 ms 0.256 ms 2 fw17.vtc.edu.hk (192.168.16.176) 1.211 ms 1.172 ms 1.028 ms 3 cw7204.vtc.edu.hk (202.40.210.220) 1.819 ms 1.870 ms 2.380 ms 4 218.189.111.201 (218.189.111.201) 4.417 ms 4.738 ms 4.880 ms 5 210.0.247.6 (210.0.247.6) 5.706 ms 4.338 ms 5.259 ms 6 62.216.146.241 (62.216.146.241) 6.742 ms 5.772 ms 4.490 ms
Note: You may use the “-c” option to specify the no. of ping packets.e.g. ping –c 4 172.21.2.30
13
traceroute (Linux / Unix)
It determines the path by sending a series of UDP probe packets with TTL fields 1, 2, 3, …
This causes each intermediate router on the path to send a Time Exceeded message back to the sender
14
Illustration: TTL=1
A B
Router X Router Z
Router Y
IP
ICMP
IP
Time ExceededPacket will be discarded
Extract information about router X from packet Create a probe packet
TTL=1
TTL=0
15
Illustration: TTL=2
A B
Router X Router Z
Router Y
IP TTL=2
Extract information about router Y from packet Create a probe packet
IP TTL=1 IP
Packet will be discarded
TTL=0
ICMP
16
Illustration: TTL=3
A B
Router X Router Z
Router Y
IP TTL=3
Extract information about router Z from packet Create a probe packet
IP TTL=2 IP TTL=1ICMP
IP TTL=0
17
Illustration: TTL=4
A B
Router X Router Z
Router Y
IP TTL=4
Create a probe packetExtract information from packet
IP TTL=3 IP TTL=2
ICMP
IP TTL=1
Destinationunreachable
18
tracert (Windows)
Windows equivalent of traceroute Use ICMP echo requests and echo replies Send packets to port 7 instead of a high port
19
Illustration: TTL=4 (tracert)
A B
Router X Router Z
Router Y
IP TTL=4
Create a probe packetExtract information from packet
IP TTL=3 IP TTL=2
ICMP
IP TTL=1
It is a echo-request
echo-reply
20
ping
A utility to check whether other machines are reachable It sends out a series of ICMP echo-request and then captures
echo-reply messages It provides statistical information for network testing,
measurement and management
[root@CimLinuxServer ~]# ping www.yahoo.comPING www.yahoo-ht2.akadns.net (209.131.36.158) 56(84) bytes of data.64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=0 ttl=55 time=162 ms64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=1 ttl=55 time=156 ms64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=2 ttl=54 time=172 ms
21
Stop responding from ping
You may use the following command to stop your machine from responding to ping from other machine
[root]#echo 1 > /proc/sys/net/ipv4/echo_icmp_ignore_all
Note:A ping of death (abbreviated "POD") is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer.
22
IGMP
The Internet Group Message Protocol (IGMP) has been designed to help a multicast router identify the hosts in a LAN that are members of a multicast group
IGMP has only 2 types of messages: report and query The report message is sent from the host to router The query message is sent from the router to the hosts
23
Unicast
Unicast is the term used to describe communication where a piece of information is sent from one point to another point. In this case there is just one sender, and one receiver.
Unicast transmission, in which a packet is sent from a single source to a specified destination, is still the predominant form of transmission on LANs and within the Internet. All LANs (e.g. Ethernet) and IP networks support the unicast transfer mode, and most users are familiar with the standard unicast applications (e.g. http, smtp, ftp and telnet) which employ the TCP transport protocol.
24
Broadcast
Broadcast is the term used to describe communication where a piece of information is sent from one point to all other points. In this case there is just one sender, but the information is sent to all connected receivers.
Broadcast transmission is supported on most LANs (e.g. Ethernet), and may be used to send the same message to all computers on the LAN (e.g. the address resolution protocol (arp) uses this to send an address resolution query to all computers on a LAN). Network layer protocols (such as IP) also support a form of broadcast which allows the same packet to be sent to every system in a logical network.
25
Multicast Multicast is the term used to describe communication
where a piece of information is sent from one or more points to a set of other points. In this case there is may be one or more senders, and the information is distributed to a set of receivers (there may be no receivers, or any other number of receivers).
26
Multicast
Multicasting is the networking technique of delivering the same packet simultaneously to a group of clients. IP multicast provides dynamic many-to-many connectivity between a set of senders (at least 1) and a group of receivers. The format of IP multicast packets is identical to that of unicast packets and is distinguished only by the use of a special class of destination address (class D IP address) which denotes a specific multicast group. Since TCP supports only the unicast mode, multicast applications must use the UDP transport protocol.
27
Operation of IGMP in a single network A Mrouter connected to a LAN has a list of multicast address of the groups for
which there is at least one loyal member
LAN
Host
HostHost
R
... 225.70.8.20231.24.60.9
.
.229.60.12.8
Multicast router
List of groupshaving loyal members
28
Operation of IGMP in a single network (Cont) Joining a group
Each host maintains a list of processes with membership in a group
When a process want to join a group, it sends its request to the host, the host will add the name of the process and the name of the requested group to its list
Then the host sends a IGMP report to the multicast router
29
Operation of IGMP in a single network (Cont)
Monitoring group membership A multicast router is responsible for monitoring all of the
hosts in a LAN to see if they want to continue their membership
The router periodically sends a query message
30
Operation of IGMP in a single network (Cont)
Continue membership The host keeps a list of processes that wish to continue
membership in a group When a host receive a query, it checks this list For each group with at least one process still interested in
continuing the membership, the host must send a report
31
Operation of IGMP in a single network (Cont)
Leaving a group When a host receives a query and finds that there is not a
process interested in that group anymore, it does not respond and does not send a report about that group
If no host on the LAN sends a report for a specific group, the address of that group is deleted
32
Operation of IGMP in Internet
R2
Network A
Host
HostHost
Host
Network A
Host
HostHost
Host
Network A
Host
HostHost
Host
R1
R3
To the rest of the Internet
33
Operation of IGMP in Internet (Cont)
Multicast routing in an Internet is accomplished by using the spanning tree algorithm
The spanning tree algorithm is used in data structures to create a tree out of a group
34
RFC (Request for Comments)
Request for Comments, a series of notes about the Internet, started in 1969. An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard.
Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original RFC are assigned a new RFC number.
e.g. rfc792 – ICMPrfc2236 – IGMPrfc2612 – HTTP version 1.1……