Internet Protocol Analysis/Internet Control Message Protocol
Appearance
(Redirected from ICMP)
This lesson continues the Internet layer and looks at the Internet Control Message Protocol (ICMP and ICMPv6). Activities include using Wireshark to examine ICMP and ICMPv6 network traffic.
Readings
[edit | edit source]Multimedia
[edit | edit source]Activities
[edit | edit source]- Review Wireshark: Internet Control Message Protocol (ICMP).[1]
- Use Wireshark to capture and analyze ICMP Echo traffic.
- Use Wireshark to capture and analyze ICMP Time Exceeded traffic.
- Use Wireshark to capture and analyze ICMP tracert/traceroute traffic.
- Review Wireshark: ICMPv6.
- Use Wireshark to capture and analyze ICMPv6 Echo traffic.
- Use Wireshark to capture and analyze ICMPv6 Time Exceeded traffic.
- Use Wireshark to capture and analyze ICMPv6 tracert/traceroute traffic.
- Use ping to determine local network MTU.
- Use ping to determine Path MTU to an Internet host such as Google's public DNS server 8.8.8.8.
- Note that Internet routers frequently drop large ICMP packets to prevent Denial of Service attacks, so it may not be possible to capture ICMPv6 Packet Too Big messages with this approach.
- Consider situations in which a packet analyzer might be used to troubleshoot ICMP traffic.
Lesson Summary
[edit | edit source]- ICMP is a core protocol operating in the Internet layer of the Internet Protocol Suite.[2]
- ICMP messages are used for diagnostic or control purposes or generated in response to errors in IP operations.[1]
- ICMP messages may be classified into two categories: error messages and information messages.[3]
- ICMP errors are directed to the source IP address of the originating packet.[4]
- ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), and provides a framework for extensions to implement future changes.[5]
- ICMPv6 error messages include Destination Unreachable, Packet Too Big, Time Exceeded, and Parameter Problem.[6]
- ICMPv6 informational messages include Echo Request, Echo Reply, and a variety of multicast messages that will be covered in the next lesson.[7]
- The tracert (traceroute) and Pathping commands are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.[8]
- The ping utility is implemented using ICMP Echo Request and Echo Reply messages.[9]
- Path MTU Discovery in IPv4 is performed by routers and supported through fragmentation.[10]
- Path MTU Discovery in IPv6 must be performed by the sending host, because IPv6 routers do not support fragmentation.[11]
Key Terms
[edit | edit source]- Destination Unreachable
- An ICMP error message which is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.[12]
- Echo Reply
- An ICMP informational message response to an echo request.[13]
- Echo Request
- An ICMP informational message whose data is expected to be received back in an echo reply.[14]
- Packet Too Big
- An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the size being too large for the link layer.[15]
- Parameter Problem
- An ICMP error message which is generated by a host to inform the source of a problem with a field in the IPv6 header or extension headers of a packet that has been discarded.[16]
- Path MTU Discovery (PMTUD)
- A standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentation.[17]
- Redirect Message
- An ICMP message which informs a host to update its routing information (to send packets on an alternate route).[18]
- Source Quench
- An ICMP message which requests that the sender decrease the rate of messages sent to a router or host.[19]
- Time Exceeded
- An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the time to live / hop count field reaching zero.[20]
Review Questions
[edit | edit source]Click on a question to see the answer.
-
ICMP is a core protocol operating in the _____ layer of the Internet Protocol Suite.ICMP is a core protocol operating in the Internet layer of the Internet Protocol Suite.
-
ICMP messages are used for _____.ICMP messages are used for diagnostic or control purposes or generated in response to errors in IP operations.
-
ICMP messages may be classified into two categories: _____ and _____.ICMP messages may be classified into two categories: error messages and information messages.
-
ICMP errors are directed to _____.ICMP errors are directed to the source IP address of the originating packet.
-
ICMPv6 is an integral part of IPv6 and performs _____, and provides _____.ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), and provides a framework for extensions to implement future changes.
-
ICMPv6 error messages include _____.ICMPv6 error messages include Destination Unreachable, Packet Too Big, Time Exceeded, and Parameter Problem.
-
ICMPv6 informational messages include _____.ICMPv6 informational messages include Echo Request, Echo Reply, and a variety of multicast messages.
-
The _____ utilities are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.The tracert (traceroute) and Pathping utilities are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.
-
The _____ utility is implemented using ICMP Echo Request and Echo Reply messages.The ping utility is implemented using ICMP Echo Request and Echo Reply messages.
-
Path MTU Discovery in _____ is performed by routers.Path MTU Discovery in IPv4 is performed by routers.
-
Path MTU Discovery in _____ must be performed by the sending host.Path MTU Discovery in IPv6 must be performed by the sending host.
-
ICMP stands for _____.ICMP stands for Internet Control Message Protocol.
Assessments
[edit | edit source]References
[edit | edit source]- ↑ 1.0 1.1 Wikipedia: Internet Control Message Protocol#Technical details
- ↑ Wikipedia: Internet Control Message Protocol
- ↑ Wikipedia: ICMPv6#Technical details
- ↑ Wikipedia: Internet Control Message Protocol#Technical details
- ↑ Wikipedia: ICMPv6
- ↑ Wikipedia: ICMPv6#Types of ICMPv6 messages
- ↑ Wikipedia: ICMPv6#Types of ICMPv6 messages
- ↑ Wikipedia: Internet Control Message Protocol#Technical details
- ↑ Wikipedia: Internet Control Message Protocol#Technical details
- ↑ Wikipedia: Path MTU Discovery
- ↑ Wikipedia: Path MTU Discovery
- ↑ Wikipedia: Destination Unreachable
- ↑ Wikipedia: Ping (networking utility)#Echo reply
- ↑ Wikipedia: Echo Reply#Echo request
- ↑ Wikipedia: IPv6 packet#Fragmentation
- ↑ RFC 4443 section-3.4
- ↑ Wikipedia: Path MTU Discovery
- ↑ Wikipedia: ICMP Redirect Message
- ↑ Wikipedia: ICMP Source Quench
- ↑ Wikipedia: Time Exceeded