View
221
Download
0
Category
Preview:
Citation preview
7/30/2019 Ping and Trace Route
1/28
ICMP: Ping and Trace
7/30/2019 Ping and Trace Route
2/28
2
ICMP (Internet Control Message Protocol)
ICMP: A Layer 3 protocol
Used for sending messages
Encapsulated in a Layer 3, IP packet
Uses Type and Code fields for various messages
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message
(Layer 3)
Ether.
Tr.Ethernet
DestinationAddress
(MAC)
Ethernet
SourceAddress
(MAC)
Frame
Type
Source IP Add.
Dest. IP Add.Protocol field
Type
0 or 8
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
Partial list
7/30/2019 Ping and Trace Route
3/28
3
ICMP
Unreachable Destination or Service
Used to notify a host that the destination or service is unreachable.
When a host or router receives a packet that it cannot deliver, it may send
an ICMP Destination Unreachable packet to the host originating thepacket.
The Destination Unreachable packet will contain codes that indicate whythe packet could not be delivered.
From a router:
0 = network unreachable Does not have a route in the routing table
1 = host unreachableHas a route but cant find host. (end router)From a host:
2 = protocol unreachable
3 = port unreachable
Service is not available because no daemon is running providing
the service or because security on the host is not allowing accessto the service.
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message
(Layer 3)
Ether.
Tr.Ethernet
Destination
Address
(MAC)
Ethernet
Source
Address
(MAC)
Frame
Type
Source IP Add.
Dest. IP Add.
Protocol field
Type
0 or 8
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
7/30/2019 Ping and Trace Route
4/28
4
172.30.1.20 172.30.1.25
7/30/2019 Ping and Trace Route
5/28
5
Ping
Uses ICMP message encapsulated within an IP Packet
Protocol field = 1
Does not use TCP or UDP
Format
pingip address(orping for extended ping)ping 172.30.1.25
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message
(Layer 3)
Ether.
Tr.Ethernet
DestinationAddress
(MAC)
Ethernet
SourceAddress
(MAC)
Frame
Type
Source IP Add.
Dest. IP Add.Protocol field
Type
0 or 8
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
7/30/2019 Ping and Trace Route
6/28
6
Echo Request
The sender of the ping, transmits an ICMP message, Echo Request
Echo Request - Within ICMP Message
Type = 8
Code = 0
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message - Echo Request
(Layer 3)
Ether.
Tr.Ethernet
Destination
Address
(MAC)
Ethernet
Source
Address
(MAC)
Frame
TypeSource IP
Add.172.30.1.20
Dest. IP Add.
172.30.1.25Protocol field
1
Type
8
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
7/30/2019 Ping and Trace Route
7/28
7
Echo Reply
The IP address (destination) of the ping, receives the ICMP message,Echo Request
The ip address (destination) of the ping, returns the ICMP message, EchoReply
Echo Reply - Within ICMP Message
Type = 0
Code = 0
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message - Echo Reply
(Layer 3)
Ether.
Tr.Ethernet
Destination
Address
(MAC)
Ethernet
Source
Address
(MAC)
Frame
TypeSource IP
Add.
172.30.1.25
Dest. IP Add.
172.30.1.20Protocol field
1
Type
0
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
7/30/2019 Ping and Trace Route
8/28
8
Ping example
7/30/2019 Ping and Trace Route
9/28
9
Q: Are pings forwarded by routers?
A: Yes! This is why you can ping devices all over the Internet.
Q: Do all devices forward or respond to pings?
A: No, this is up to the network administrator of the device. Devices,
including routers, can be configured not to reply to pings (ICMP echo
requests). This is why you may not always be able to ping a device. Also,
routers can be configured not to forward pings destined for other devices.
Pings
may fail
7/30/2019 Ping and Trace Route
10/28
10
Traceroute
Traceroute is a utility that records the route (router IP addresses) betweentwo devices on different networks.
7/30/2019 Ping and Trace Route
11/28
11
Tracroute
http://en.wikipedia.org/wiki/Traceroute On modern Unix and Linux-based operating systems, the traceroute utility
by default uses UDP datagrams with a destination port number starting at
33434.
The traceroute utility usually has an option to specify use of ICMP echo
request (type 8) instead.
The Windows utility uses ICMP echo request, better known as ping
packets.
Some firewalls on the path being investigated may block UDP probes but
allow the ICMP echo request traffic to pass through.
There are also traceroute implementations sending out TCP packets, such
as tcptraceroute or Layer Four Trace. In Microsoft Windows, traceroute is named tracert.
A new utility, pathping, was introduced with Windows NT, combining ping
and traceroute functionality. All these traceroutes rely on ICMP (type 11)
packets coming back.
7/30/2019 Ping and Trace Route
12/28
12
Trace ( Cisco = traceroute, tracert,) is used to trace theprobable path apacket takes between source and destination.
Probable, because IP is a connectionless protocol, and different packets maytake different paths between the same source and destination networks,although this is not usually the case.
Trace will show the path the packet takes to the destination, but the return pathmay be different.
This is more likely the case in the Internet, and less likely within your ownautonomous system.
Linux/Unix Systems
Uses ICMP message within an IP Packet
Both are layer 3 protocols.
Uses UDP as a the transport layer.
We will see why this is important in a moment.
Trace (Traceroute)
7/30/2019 Ping and Trace Route
13/28
13
Format (trace, traceroute, tracert)
RTA# traceroute ip address
RTA# traceroute 192.168.10.2
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
RTA RTB RTC RTD
Trace
7/30/2019 Ping and Trace Route
14/28
14
How it works (using UDP) - Fooling the routers & host! Traceroute uses ping (echo requests)
Traceroute sets the TTL (Time To Live) field in the IP Header, initially to 1
When a router receives an IP Packet, it decrements the TTL by 1.
If the TTL is 0, it will not forward the IP Packet, and send back to the source
an ICMP time exceeded message.
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data Link
DestinationAddress
Data Link
SourceAddress
Source IP
Add.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL1
Type
8
Code0
Chk
sum
ID Seq.
Num
Data DestPort
35,000
FCS
Trace
7/30/2019 Ping and Trace Route
15/28
15
RTB - TTL:
When a router receives an IP Packet, it decrements the TTL by 1.
If the TTL is 0, it will not forward the IP Packet, and send back to the
source an ICMP time exceeded message.
ICMP Message: Type = 11, Code = 0
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
ICMP Time Exceeded, SA = 10.0.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
.
Source IPAdd.10.0.0.2Dest. IP Add.10.0.0.1Protocol field1
Type11
Code0
Chksum
ID Seq.Num.
Data FCS
Trace
7/30/2019 Ping and Trace Route
16/28
16
RTB
Sends back a ICMP Time Exceeded message back to the source, using its
IP address for the source IP address. Router Bs IP header includes its own IP address (source IP) and the sending
hosts IP address (dest. IP).
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
ICMP Time Exceeded, SA = 10.0.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
. Source IPAdd.10.0.0.2Dest. IP Add.10.0.0.1Protocol field1
Type11
Code0
Chksum
ID Seq.Num.
Data FCS
7/30/2019 Ping and Trace Route
17/28
17
RTA, Sending Host
The traceroute program of the sending host (RTA) will use the source IPaddress of this ICMP Time Exceeded packet to display at the first hop.
RTA# traceroute 192.168.10.2
Type escape sequence to abort.
Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
ICMP Time Exceeded, SA = 10.0.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
. Source IPAdd.10.0.0.2Dest. IP Add.10.0.0.1Protocol field1
Type11
Code0
Chksum
ID Seq.Num.
Data FCS
7/30/2019 Ping and Trace Route
18/28
18
RTA
The traceroute program increments the TTL by 1 (now 2 ) and resends the
ICMP Echo Request packet.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
Source IPAdd.
10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
ICMP Time Exceeded, SA = 10.0.0.2
RTA RTB RTC RTD
7/30/2019 Ping and Trace Route
19/28
19
RTB
This time RTB decrements the TTL by 1 and it is NOT 0. (It is 1.) So it looks up the destination ip address in its routing table and forwards it on to
the next router.
RTC
RTC however decrements the TTL by 1 and it is 0.
RTC notices the TTL is 0 and sends back the ICMP Time Exceeded messageback to the source.
RTCs IP header includes its own IP address (source IP) and the sending hostsIP address (destination IP address of RTA).
The sending host, RTA, will use the source IP address of this ICMP TimeExceeded message to display at the second hop.
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
20/28
20
.
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2
Protocol field1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2
Protocol field1TTL1
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
. Source IPAdd.172.16.0.2Dest. IP Add.10.0.0.1Protocol field1
Type11
Code0
Chksum
ID Seq.Num.
Data FCS
RTA to RTB
RTB to RTC
RTC to RTA
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
21/28
21
The sending host, RTA:
The traceroute program uses this information (Source IP Address) anddisplays the second hop.
RTA# traceroute 192.168.10.2
Type escape sequence to abort.
Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
2 172.16.0.2 20 msec 16 msec 16 msec
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Time Exceeded DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
. Source IPAdd.172.16.0.2Dest. IP Add.10.0.0.1
Protocol field1
Type11
Code0
Chksum
ID Seq.Num.
Data FCS
10 0 0 0/8 172 16 0 0/16 192 168 10 0/24
7/30/2019 Ping and Trace Route
22/28
22
The sending host, RTA:
The traceroute program increments the TTL by 1 (now 3 ) and resends the
Packet.
Data Link Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message - Echo Request (trace) UDP
(Layer 4)
DataLink
Tr.Data LinkDestination
Address
Data LinkSource
Address
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL3
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
DA = 192.168.10.2, TTL = 3
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
23/28
23
.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field
1TTL2
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL1
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
DA = 192.168.10.2, TTL = 3
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL3
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
RTA to RTB
RTB to RTC
RTC to RTD
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
24/28
24
RTB
This time RTB decrements the TTL by 1 and it is NOT 0. (It is 2.) So it looks up the destination ip address in its routing table and forwards it on to the next
router.
RTC
This time RTC decrements the TTL by 1 and it is NOT 0. (It is 1.)
So it looks up the destination ip address in its routing table and forwards it on to the next
router.RTD
RTD however decrements the TTL by 1 and it is 0.
However, RTD notices that the Destination IP Address of 192.168.0.2 is its own interface.
Since it does not need to forward the packet, the TTL of 0 has no affect.
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
DA = 192.168.10.2, TTL = 3
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
RTA RTB RTC RTD
7/30/2019 Ping and Trace Route
25/28
25
RTD RTD sends the packet to the UDP process.
UDP examines the unrecognizable port number of 35,000 and sends back an
ICMP Port Unreachable message to the sender, RTA, using Type 3 and
Code 3.
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message Port Unreachable DataLinkTr.
Data LinkDestination
Address
Data LinkSource
Address
. Source IPAdd.192.168.10.2Dest. IP Add.10.0.0.1Protocol field1
Type3
Code3
Chksum
ID Seq.Num.
Data FCS
Data Link Header(Layer 2)
IP Header(Layer 3)
ICMP Message - Echo Request (trace) UDP(Layer 4)
DataLinkTr.
Data LinkDestinationAddress
Data LinkSourceAddress
Source IPAdd.10.0.0.1Dest. IP Add.192.168.10.2Protocol field1TTL1
Type8
Code0
Chksum
ID Seq.Num
Data DestPort35,000
FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
26/28
26
Sending host, RTA
RTA receives the ICMP Port Unreachable message.
The traceroute program uses this information (Source IP Address) anddisplays the third hop.
The traceroute program also recognizes this Port Unreachable message asmeaning this is the destination it was tracing.
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
DA = 192.168.10.2, TTL = 3
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
ICMP Port Unreachable, SA = 192.168.10.2
RTA RTB RTC RTD
Data Link Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message Port Unreachable DataLink
Tr.Data LinkDestination
Address
Data LinkSource
Address
. Source IPAdd.
192.168.10.2Dest. IP Add.
10.0.0.1Protocol field1
Type3
Code3
Chksum
ID Seq.Num.
Data FCS
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
7/30/2019 Ping and Trace Route
27/28
27
10.0.0.0/8 172.16.0.0/16 192.168.10.0/24
.1 .1 .1.2 .2 .2
DA = 192.168.10.2, TTL = 1
DA = 192.168.10.2, TTL = 2
DA = 192.168.10.2, TTL = 3
ICMP Time Exceeded, SA = 10.0.0.2
ICMP Time Exceeded, SA = 172.16.0.2
ICMP Port Unreachable, SA = 192.168.10.2
RTA RTB RTC RTD
Sending host, RTA
RTA, the sending host, now displays the third hop.
Getting the ICMP Port Unreachable message, it knows this is the final hopand does not send any more traces (echo requests).
RTA# traceroute 192.168.10.2
Type escape sequence to abort.
Tracing the route to 192.168.10.2
1 10.0.0.2 4 msec 4 msec 4 msec
2 172.16.0.2 20 msec 16 msec 16 msec
3 192.168.10.2 16 msec 16 msec 16 msec
7/30/2019 Ping and Trace Route
28/28
28
For more information on ICMP and other TCP/IP topics, I recommend:
TCP/IP Illustrated, Volume I R.W. Stevens
Recommended Reading
http://www.amazon.com/exec/obidos/tg/stores/detail/-/books/0201633469/reader/2/102-1499200-2096936Recommended