ICMP: Ping and Trace ppt

ICMP Message - Echo Request Layer 3 Frame Type Source IP Add... Echo Replyreceives the ICMP message, “Echo Request” returns the ICMP message, “Echo Reply” Echo Reply - Within ICMP Messa

Trang 1

ICMP: Ping and Trace

Trang 2

172.30.1.20 172.30.1.25

Trang 3

– Protocol field = 1

a network layer protocol.)

the receiver using TCP or UDP.

Frame Type

ID Seq

Num

Data FCS

Trang 4

ICMP Message - Echo Request (Layer 3)

Frame Type

Source IP Add

ID Seq

Num

Data FCS

Trang 5

172.30.1.20 172.30.1.25

Trang 6

Echo Reply

receives the ICMP message, “Echo Request”

returns the ICMP message, “Echo Reply”

Echo Reply - Within ICMP Message

ICMP Message - Echo Reply (Layer 3)

Frame Type Source IP Add

Trang 7

Q: Are pings forwarded by routers?

A: Yes! This is why you can ping devices all over

the Internet.

Q: Do all devices forward or respond to pings?

A: No, this is up to the network administrator of the device Devices, including routers, can be

configured not to reply to pings (ICMP echo

requests) This is why you may not always be able

to ping a device Also, routers can be configured not to forward pings destined for other devices.

Routers and Pings

Trang 8

• Traceroute is a utility that records the route (router

IP addresses) between two devices on different networks.

Trang 9

• http://en.wikipedia.org/wiki/Traceroute

• On modern Unix and Linux-based operating systems, the

traceroute utility by default uses UDP datagrams with a destination port number starting at 33434

• The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead

• The Windows utility uses ICMP echo request, better known

• In Microsoft Windows, traceroute is named tracert

• A new utility, pathping, was introduced with Windows NT, combining ping and traceroute functionality All these traceroutes rely on ICMP (type 11) packets coming back.

Trang 10

• Trace ( Cisco = traceroute, tracert,…) is used to trace the

probable path a packet takes between source and

destination.

• Probable, because IP is a connectionless protocol, and

different packets may take different paths between the same source and destination networks, although this is not

usually the case.

• Trace will show the path the packet takes to the

destination, but the return path may be different.

– This is more likely the case in the Internet, and less likely within your own

autonomous system.

•

Trace (Traceroute)

Trang 11

Format (trace, traceroute, tracert)

Trang 12

How it works (using UDP) - Fooling the routers & host!

ICMP Message - Echo Request (trace) UDP

0

Chk sum

Trang 13

RTB - TTL:

• When a router receives an IP Packet, it decrements the TTL by 1

• If the TTL is 0, it will not forward the IP Packet, and send

back to the source an ICMP “time exceeded” message

• ICMP Message: Type = 11, Code = 0

DA = 192.168.10.2, TTL = 1 ICMP Time Exceeded, SA = 10.0.0.2

Data Link Header

(Layer 2)

IP Header (Layer 3)

ICMP Message - Time Exceeded DataLink

ID Seq

Nu

m

Data FCS

Trace

Trang 14

(Layer 2) IP Header (Layer 3) ICMP Message - Time Exceeded DataLink Tr

Data Link

Destination

Address

Data Link Source Address

ID Seq

Nu

m

Data FCS

Trang 15

RTA, Sending Host

will use the source IP address of this ICMP Time

Exceeded packet to display at the first hop.

RTA# traceroute 192.168.10.2

Type escape sequence to abort

Tracing the route to 192.168.10.2

1 10.0.0.2 4 msec 4 msec 4 msec

(Layer 2) IP Header (Layer 3) ICMP Message - Time Exceeded DataLink Tr

Data Link

Destination

Address

Nu

m

Data FCS

Trang 16

(Layer 2) IP Header (Layer 3) ICMP Message - Echo Request (trace) UDP (Layer 4) DataLink Tr

Data Link

Destination

Address

0

Chk sum ID Seq Num Data

Trang 17

• RTC however decrements the TTL by 1 and it is 0.

• RTC notices the TTL is 0 and sends back the ICMP Time Exceeded message back to the source.

• RTC’s IP header includes its own IP address (source IP) and the sending host’s IP address (destination IP address of RTA).

• The sending host, RTA, will use the source IP address of this

ICMP Time Exceeded message to display at the second hop.

DA = 192.168.10.2, TTL = 1

ICMP Time Exceeded, SA = 172.16.0.2

Trang 18

0

Chk sum ID Seq Num Data DestPort 35,000 FCS

Data Link Header (Layer 2) IP Header (Layer 3) ICMP Message - Echo Request (trace) UDP (Layer 4) DataLink Tr

Data Link Destination Address

0

RTA to RTB

RTB to RTC

Trang 19

The sending host, RTA:

• The traceroute program uses this information (Source

IP Address) and displays the second hop.

1 10.0.0.2 4 msec 4 msec 4 msec

DA = 192.168.10.2, TTL = 1

(Layer 2)

ICMP Message - Time Exceeded DataLink

Nu

m

Trang 20

The sending host, RTA:

•

(Layer 2)

0

Chk sum ID Seq Num Data

Trang 21

0

Data Link

Destination

Address

0

RTA to RTB

RTB to RTC

RTC to RTD

Trang 22

forwards it on to the next router.

RTC

forwards it on to the next router.

Trang 23

(Layer 2) IP Header (Layer 3) ICMP Message – Port Unreachable DataLink Tr

Data Link

Destination

Address

ICMP Message - Echo Request (trace) UDP

0

Chk sum

Trang 24

Sending host, RTA

• RTA receives the ICMP Port Unreachable message.

• The traceroute program uses this information (Source IP

ICMP Port Unreachable, SA = 192.168.10.2

Data Link Header (Layer 2) IP Header (Layer 3) ICMP Message – Port Unreachable DataLink Tr

ID Seq

Nu

m

Data FCS

Trang 25

ICMP Port Unreachable, SA = 192.168.10.2

Sending host, RTA

• RTA, the sending host, now displays the third hop.

• Getting the ICMP Port Unreachable message, it knows this

is the final hop and does not send any more traces (echo requests).

1 10.0.0.2 4 msec 4 msec 4 msec

2 172.16.0.2 20 msec 16 msec 16 msec

3 192.168.10.2 16 msec 16 msec 16 msec

Trang 26

For more information on ICMP and other TCP/IP topics, I recommend:

• TCP/IP Illustrated, Volume I – R.W Stevens

Recommended Reading

Trang 27

ICMP: Ping and Trace

CCNA 1 version 3.0

Rick Graziani Spring 2005

Định dạng
Số trang	27
Dung lượng	0,93 MB