008-ICMP protocol (Internet Control Message Protocol)

I. Overview

  ICMP is (Internet Control Message Protocol) Internet Control Message Protocol. It is a sub-protocol TCP / IP protocol suite, for passing control messages between IP hosts, routers. Refers to the network control messages through the operation fails, the host is reachable, a message such as whether the available route network itself. These control messages, while not transmitting user data, but for the transfer of user data plays an important role.

  It is the TCP / IP protocol a protocol sub-family, which belongs to the network layer protocols , mainly used for transmitting control information between hosts and routers, including the error report, the exchange control and status information is limited. When faced with IP data inaccessible goal, IP routers can not forward at the current transmission rate of packets when circumstances so on, automatically sends an ICMP message. ICMP packets in the frame structure of the value of the IP header protocol type field (Protocol 8bit) a = 1.

  In IP communication, packets often can not reach the other party. The reason is that a router somewhere in the middle of communication since not handle all packets, the packet will be dropped one by one. Or, to reach the other side though, but due to the wrong port number, server software may not accept it. Over IP networks, packets are dropped due to the reasons, control passes to the necessary information to the calling party. To assist the ICMP protocol is IP protocol, the exchange of various control information to be manufactured.

  Beginning RFC792's written "ICMP is an integral part of IP, IP software must implement all of the ICMP protocol is, ICMP is part of the function to share the IP is worked out.

  

1.1, function

  In the RFC, the ICMP roughly divided into two functions: error notification and information inquiries.

  1. Verify that IP packet successfully reached the destination address 

  2. Cause notification during transmission of the IP packet is discarded 

important point

1, ICMP is based on IP protocols work, but it is not the function of the transport layer, so it still comes down to the network layer protocol 

2, ICMP only with the use of IPv4, IPv6 if it is the case, the need is ICMPv6  

1.2, ICMP IP as the upper layer protocol at work 

  ICMP is placed in the data portion of the contents of the packet's IP to communicate with each other. That is, the ICMP packet format is, ICMP is the IP upper layer protocols. However, as described in RFC, ICMP is a part of an IP sharing function. So, it is considered to be the same protocol and IP layer. Look at the packet format and packet content specified in RFC bar.

  ICMP packets contained in the IP datagram, the IP header foremost ICMP packets. An ICMP packet includes an IP header (at least 20 bytes), ICMP header (at least eight bytes) and ICMP (ICMP packets belonging to the data portion). When the protocol field in the IP header is 1, it means it is an ICMP packet. ICMP header as shown in FIG. 
As shown below:

  

  The figure includes the IP header and ICMP, the ICMP is a part

  

Detailed look at the format of the data packet it. Indeed, there are many fields for transmitting the ICMP packet is an IP packet. But in fact only seven sub-segment associated with the ICMP protocol.

1) protocol; 2) the source IP address; 3) destination IP address; 4) survival; the four fields included in the IP header.

5) Type; 6) Code; 7) option transactions; three fields contained in the data portion of ICMP.

There is, 1) Protocol field value is 1.2) and 3) are used for the exchange of address information of ICMP packets, there is no special significance. For ICMP itself understood, it is important 5), 6), 7) three fields. Important fields may be referred to there is a core 5) type, 6) code for both fields. All ICMP for error notification and exchange of information inquiry message, are made of a combination of type and code represented. RFC defines 15 types. "Message can not be reached" error notification and "echo request" such information inquiry by the Type field to distinguish. When classified by the code of the ICMP packet type to express its meaning probably need to pass small messages. Further, the time required to transmit data to each other, to place with 7) option data field.

Possible message list:

  

Two, ICMP achieved

2.1, MTU explore

  所谓路径MTU 探索,是探索与通信对方之间不用分片IP 数据包,就能交流的MTU 大小的功能。MTU大小是指计算机一次能够送出去的数据的最大长度,基本上由网路的种类来决定。例如,以太网的话通常是1500 字节,使用PPPoE 的ADSL 通常是1492 字节。为了实现这个路径MTU 探索,ICMP 被使用着。

  

  路径MTU 探索的原理本身是非常简单的。首先,Windows 向通信对方送IP 数据包时,先设置IP 首部的分片禁止标志然后再送。这是路径MTU 探索的基本。假如,Windows 将大于1000 字节的数据包送了出去,通信路径上有MTU 从1500 字节变成1000 字节的地方。因此,那个路由器将不允许超过1000 字节的数据包通过,而进入MTU 是1000 字节的网路。路由器尝试着将IP 数据包分片。但是因为数据包的分片禁止标志是有效的,所以不能分片。该路由器就将该IP 数据包丢弃,并用ICMP 通知送信方“想分片,但不能分片”。这时路由器发送的ICMP的类型字段是3,代码字段为4。这是“需要分片但不能分片,不能送至终点”的意思。而且,大多数路由器将在数据选项部里填入不分片就能通过的MTU 大小。Windows 收到该ICMP 报文后就知道了不分片就能够传送的数据大小,并暂时将MTU 大小更换掉,然后继续通信。

2.2、改变路由

  改变路由是指路由器向送信方计算机指示路径改变这个功能。计算机根据自己的路由信息(路由表)来决定传送目标。不知道发给谁好的时候,就将数据包发给设为默认网关的路由器。被指定为默认网关的路由器接收到数据包,发现将数据包发给局域网内的其它路由器会比较快的时候,将这一信息通过ICMP 通知发送方。这时使用的是,类型是5,代码是1 的ICMP 改变路由报文。在选项数据部分里写着应该发送给的路由器IP 地址。Windows 收到这个报文后,重写自己的路由表,与对方的通信将在一段时间里经由被指定的路由器来实行。

  

2.3、源点抑制

  数据包集中到达某一路由器后,数据包因为来不及被处理,有可能被丢弃的情况。这时候,向送信方发送的是ICMP 源点抑制报文,用来使送行方减慢发送速度。

  

2.4、ping命令

  ping 命令用来在IP 层次上调查与指定机器是否连通,调查数据包往复需要多少时间。为了实现这个功能,ping 命令使用了两个ICMP 报文。  

  

  注意, 此处 ping 的是域名,不是url,域名可以通过DNS解析成IP地址 

ping命令的功能

(1)能验证网络的连通性 
(2)会统计响应时间和TTL(IP包中的Time To Live,生存周期) 
那么如何验证的呢? 
(1)ping命令会先发送一个 ICMP Echo Request给对端 
(2)对端接收到之后, 会返回一个ICMP Echo Reply 
(3)若没有返回,就是超时了,会认为指定的网络地址不存在。

问题:

  telnet是23端口,ssh是22端口,那么ping是什么端口? 
  答:ping命令是基于ICMP,是在网络层。 
  而端口号,是传输层的内容。所以在ICMP中根本就不关注端口号这样的信息。

用ping 命令不能确定与对方连通的原因大致有三个。

  1)目标服务器不存在;

  2)  花在数据包交流上的时间太长ping 命令认为超时;

  3)目标服务器不回答ping 命令。

  如果是原因2),通过ping 命令的选项来延长到超时的等待时间,就能正确显示结果了。如果原因是1)或3)的话,仅凭ping 命令的结果就不能判断是哪方了。正如这样,ping 命令不一定一定能判断对方是否存在。

2.5、traceroute命令

  功能:打印出可执行程序主机,一直到目标主机之前经历多少路由器。

  

  linux、mac:traceroute www.baidu.com

  windows:tracert www.baidu.com

2.6、端口扫描  

  端口扫描就是检查服务器不需要的端口是否开着。服务器管理者用来检查有没有安全上有问题的漏洞开着。不是象ping 和traceroute 那样是操作系统自带的工具,需要利用网络工具才行。

  端口扫描大致分为“UDP 的端口扫描”和“TCP 的端口扫描”两种。这里面,与ICMP 相关的是UDP一边。使用TCP 的通信,通信之前必定要先遵循三向握手的程序。因此,只要边错开端口号边尝试TCP连接就能调查端口的开闭。不特别需要ICMP。与此相对,UDP 没有这样的连接程序。因此,调查端口是否打开需要想点办法。这样,被使用的是ICMP。根据ICMP 规格,UDP 数据包到达不存在的端口时,服务器需要返回ICMP 的“终点不可达”之一的“端口不可达”报文。

    

 

Guess you like

Origin www.cnblogs.com/bjlhx/p/10985384.html