ICMP&&PING

Others 2019-07-02 02:26:39 views: null

ICMP

1. Positioning: The Internet Control Message Protocol (Internet Control Message Protocol), is a sub-protocol TCP / IP protocol suite, located on the network layer. It is used to provide many different IP services. ICMP is a management agreement, and also an IP information service provider. The information as it is transmitted in IP datagrams.

2.ICMP package having two characteristics:

  Provides information about network failures for the host.

  They are encapsulated within IP datagrams.

3.ICMP for transmitting control messages, determines the status of the network connection between IP hosts, routers. Control message refers to whether the destination is reachable, error reporting, network communication barrier, the route is available, if the buffer is full, exceeds the maximum number of (time-out) jumping and other messaging network itself. Although the control message does not transmit user data, but for the user

Data transfer plays an important role. ICMP is a connection-oriented protocol, its transmission error reporting function control information network security is extremely important. When faced with such data can not access the target IP, IP routers can not forward the case according to the current transmission rate of data packets, etc., automatically sends an ICMP message. That error detection and reward system.

  It provides error reporting and other back to the source of news about the IP packet processing conditions. ICMP message contains several different, wherein the echo request (Echo Request) is generated by the Ping command, the host may use it to test network reachability, ICMP response message (Echo Reply) message indicates that the node is reachable.

4.ICMP error report message: unreachable packet, source quench, over time, parameters of the problem, redirect

  ICMP query messages: echo request and response packets, timestamp request and reply messages, address mask request and response packets, router solicitation and advertisement messages.

Detailed data packet 5.ICMP

  

  Various ICMP packets the first 4 bytes (32bits) are three fixed length fields (see above):

  type type field (8 bits), code code field (8 bits), checksum, and the checksum field (16 bits).

  8bits 8bits type and code field: that together determine ICMP message types. Common are:

  Type 8, Code 0: echo request;

  Type 0, Code 0: echo reply;

  Type 11, Code 0: Timeout.

  16bits checksum field: checksum calculation method entire ICMP packets including data calculation method and the IP header checksum is the same.

  For the ICMP echo request packet and the reply is (see above), followed by 16bits identifier field: This ICMP is used to identify the process. The last sequence number field is 16bits: means for determining echo reply datagram.

  ICMP packets included in the IP datagram, the data belonging to the IP, ICMP IP header in front of the packet, an ICMP packet includes an IP header (20 bytes), ICMP header (8 bytes), and ICMP message.

  Protocol IP header is 1 to illustrate this is an ICMP packet;

  ICMP header type (Type) field for explaining the function and ICMP packet format;

  In addition to the code (Code) field used for certain details described ICMP packet type;

  All data behind the ICMP header.

6. The following are some common ICMP packets:

  1. The response to the request

  We use every day most of ping, it is a response to a request (Type = 8) and responses (Type = 0), a host sends a Type = ICMP packets 8 to a node, if the way there is no abnormality (for example, discarded by the router, the target not responding to ICMP or transmission failure), the target returns Type = ICMP packets 0, indicating the presence of this host,

  More detailed tracert to determine the distance between the host network and the target node by calculation of ICMP packets.

  2. Destination Unreachable, Source Quench and timeout packets

  These three packet formats are the same, the Destination Unreachable message (Type = 3) can not be used in the datagram transfer router or a host, for example when the other does not exist a system port (port number less than 1024) needs to be connected, returns Type = 3, Code = 3 ICMP packets, it should tell us: "Hey, do not connect, and I was not at home!"

  Common types as well as network unreachable unreachable (Code = 0), the host is not reachable (Code = 1), unreachable protocol (Code = 2) and the like. Source suppress acts as a role traffic control, it notifies the host datagram reduce traffic, since there is no recovery ICMP packet transmission, so long as the stop message, the host will gradually recover

  Transmission rate. Finally, problem-free connection of network data is reported lost or wandering in the network for a long time and not find the target, causing the host or congestion within the stipulated time failing to reform datagram fragmentation, then we should trigger ICMP timeout packets generation. Timeout message code field has two values: Code = 0 represents a transmission timeout,

  Code = 1 represents a recombinant segment timeout.

  3. Timestamp

  Timestamp request message (Type = 13) and the time stamp response message (Type = 14) for the round trip time of data packet transmission between two hosts tested. Transmission, a time stamp of the original master filling, after filling the receiver receiving received time stamp request message format Type = 14 return, the sender calculates the time difference.

  Some systems do not respond to this message.

  ICMP packet format

  Although ICMP is a protocol of the network layer, but to which the ICMP packets transmitted into the IP.

  ICMP packet header by the 1-byte type (type), 1-byte code (code) and a 2-byte checksum (Checksum) composition.

  Type and Code fields used to identify a variety of ICMP packet. ICMP packet type field indicates the type, 14 kinds of currently defined, the term ICMP packet type value can be divided into two categories.

  Class 1 is the value of error packets 1 to 127, the second category is more than the value 128 is information (informational will) packets.

7. Correction Mechanism: the sending of an error message is returned to the original device sends data, because only the recipient of the transmitting device is a logical error messages. The transmitting device may then determine the ICMP message type of error occurs, and to determine how best to retransmit the failed packet. But the ICMP only function is to report problems rather than correct the error,

  Correct the error of the task is completed by the sender.

  Commonly used are: Ping command to check for network communication does not make sense (Linux and Windows both), this process of "Ping" the process is actually the work of ICMP protocol. There are other networks such as trace route command Tracert command.

8. The maximum size of the ICMP packet does not exceed a predetermined operating system 64KB.

  Use this provision to initiate "Ping of Death" (Ping of Death) attack to the host. "Ping of Death" attack principle is: If the size of ICMP packets exceeds the upper limit of 64KB, the host memory allocation error, resulting in TCP / IP stack collapse, causing the host crash. (Operating system has canceled sending

  ICMP packet size limits, to solve this loophole)

  Prevention "Ping of Death": 1) on the router to limit the bandwidth ICMP packets, the ICMP occupied bandwidth control within a certain range, so that even if ICMP attacks, it occupied bandwidth is very limited, the whole the network impact is very small;

  2) Set the processing rule ICMP packets on the host, preferably set to reject all ICMP packets.

PING

1.Ping system is under Windows comes with an executable command, also called the delay, the greater the value, the slower the speed. Use it to check whether the network can communicate, make good use of it may very well help us determine network failure analysis. Application Format: Ping IP address.

2. Principle: IP address of the machine on the network using a unique property, a destination IP address to send a packet, and then ask for a return of the same size data packets to determine whether the two machines connected to the network communication, the delay is.

3. Workflow:

  A network as an example in the following: There are A, B, C, D four loom, a route RA, subnet mask 255.255.255.0 are, default gateway 192.168.0.1.

  1) in the same network segment

  After running "Ping 192.168.0.5" on the host A, what happened? First, Ping command will build a fixed format of the ICMP request packet, then the ICMP protocol packets along with the address "192.168.0.5" together to the IP layer protocol (ICMP and the same is actually a set of processes running in the background),

  IP layer protocols is address "192.168.0.5" as the destination address, the IP address as the source address, plus some additional control information to construct an IP packet, and try to get the MAC address (physical address of 192.168.0.5 this is the data link layer protocol transmission unit constructs a data link layer - frame necessary),

  So as to construct a data link layer data frame. The key here, IP layer protocol and IP address of the machine B's own subnet mask and found that it belongs to the same network with their own, to find the MAC machine directly within the network, if the machine has had two previous Communications in ARP cache table a machine should have its IP mapping between the MAC machine B,

  If not, send an ARP request is broadcast to obtain the MAC machine B, be given to the data link layer. The latter building a data frame, the IP layer destination address is transmitted over the physical address, the source address is the physical address of the machine, but also some additional control information, based on Ethernet media access rules, transfer them out.

  After the host B receives the data frame, it first checks the destination address and the physical address of the machine and contrast, if they meet, the receiver; otherwise discarded.

  After checking the received packet, the IP packet extracted from the frame, according to the IP layer protocol machine. Similarly, the IP layer checks, extracting the useful information to the ICMP protocol, the latter after processing, immediately build an ICMP echo packet to the host A, the host A and the process sends an ICMP request packet to the host B exactly.

  2) not on the same network segment

  After running "Ping 192.168.1.4" on the host A, beginning with the above, when how to get to the MAC address, IP protocol D by calculating machine and found himself not in the same network segment, it will be handed over directly to the routing process, that is, MAC will take over the route, as to how to get the MAC routing, with the above, first look at ARP cache table,

  Can not find it broadcasts. After routing to get this data frame, and talking to the host D to contact, if not found, it returns a timeout message to the host A.

4. The test network connectivity:

  1, using ipconfig / all settings are correct observation of the local network;

  2, Ping127.0.0.1,127.0.0.1 Ping loopback address loopback address, check the local TCP / IP protocol has not set;

  . 3, the IP address of the IP address of Ping, the machine checks whether the settings are incorrect;

  4, Ping Ben this site or gateway IP address, the hardware device to check whether there is a problem, the unit can also check with the local network connection is normal; (non-LAN in this step can be omitted)

  5, Ping local DNS address, check the DNS whether to accept local IP.

  6, Ping remote IP address, which is mainly to check the machine and the site, or the external connection is normal.

7. Check the fault:

  1) First, the cycle of the local workstation address 127.0.0.1 ping test.

  When faced with some special network failure can not find a direct cause of the malfunction, you first need to use the Ping command to test cycle address 127.0.0.1 local workstation can be normal Ping pass, if the address can not be normal Ping pass, then explain local TCP / IP protocol by the destruction of the workstations, or network card device damage occurs.

  Device Manager window opens local workstation system, find the network card device option, and right-click this option, the implementation of "Properties" command from the shortcut menu, open the Properties window card device in the window "General" tab page, we can see whether the current NIC status normal.

  When they find the network card is operating normally, then it is likely that the local workstation's TCP / IP protocol program has been destroyed, this time to open the Local Area Connection Properties window, select and delete the Settings window in the TCP / IP protocol options, and then after reinstall the TCP / IP protocol program, I believe that way the local workstation cycle address 127.0.0.1

  It can be normal Ping pass.

  2) Secondly, the IP address of the local workstation ping test.

  In the case of being able to confirm the address 127.0.0.1 Ping through, we continue to use the Ping command to test the static IP address of the local workstation can be normal Ping Tung whether, if the address can not be normal Ping pass, then note cards local workstation parameters are not set correctly, or network card driver is not correct,

  There may be local routing table has been destroyed.

  At this point we can re-check the local workstation network parameters are set correctly, set up under the right circumstances if the network parameters still can not, then we'd better reinstall the original Ping the local IP address of the network card device drivers, I believe that such a we will be able to pass local workstation static IP address properly the Ping.

  Once the static IP address of the local workstation is successfully Ping through, then it indicates that the local workstation to a local area network has been able to join the network.

  Next, the default gateway address of the local LAN ping test. Since the local workstation is communicate with each other through a gateway and LAN other workstations, only the normal connection between the local workstation and the default gateway, in order to ensure that the local workstation can communicate with other workstations. If the gateway address can be normal Ping pass it,

  It shows that the local workstation can communicate with other workstations in the LAN.

  If the Ping command operation is not successful, then it is likely that the gateway device itself there is a problem, or is the line between the local workstation and gateway connection is not normal, there may be local workstation and gateway is not set to the same subnet. At this point, we can first test the connectivity cable network cable with professional test tools,

  Under normal circumstances of the communication cable, and then check whether the local workstation network parameters and settings of the gateway is arranged on the same subnet.

  If the network parameters are set correctly, we then Ping it from another workstation gateway address in order to confirm whether the cause of the gateway itself exists, if the local area network to other workstations can not Ping Tung gateway, then it probably is a gateway device itself there is a problem, this time we As long as the focus is locked on troubleshooting gateway device on it.

  Next, the IP address of the remote LAN workstation Renyiyitai ping test is performed in order to check whether the local workstation by the gateway device to communicate with other LAN workstations. If we find the IP address of the remote workstation can not Ping Tung, then it is likely that a remote workstation itself unable to respond,

  Or is the line between a remote workstation and gateway devices are connected there is a problem, then we can focus on troubleshooting network problems to focus on a remote workstation or on a local area network devices.

  3) Finally, the host name of the remote workstation LAN ping test. In the case of confirmation Ping to remote workstation IP address, time still appears unable to access remote workstations content, we have a need for this one test operation. If the host name can not be Ping successful, it is likely that DNS resolution problems,

  Rather than the network connection fails, then we may wish to lock the focus on troubleshooting DNS server.

  Tip: In order to effectively identify the cause of a network failure, we use the Ping command to test check, try to ensure that the LAN is configured with only one gateway to ping the host and maintain normal use, while ensuring that local workstation is not enabled IP security set policies, so you can ensure the Ping command to obtain correct test results

 

Guess you like

Origin www.cnblogs.com/xinghen1216/p/11115945.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com