hping wiki



Internet Control Message Protocol ICMP is the bookeeping protocol of the Internet. Defined by RFC 792.
There are broadly two types of ICMP messages. Connection related ("Error") messages, and standalone ICMP messages.
ICMP Packet Types
Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being received.
"Error" ICMP packets
These are used to convey information about another packet sent. Whenever a packet or a connection has problems on the IP layer (and sometimes even higher), these are reported using an ICMP error packet.

Typical messages seen on the internet:
Time to live expired (mostly seen during traceroutes) - type 11 code 0
Fragmentation needed but don't fragment set - type 3 code 4 (see below)
Port unreachable (UDP connection to non-listening port) - type 3 code 3

In order to identify the connection/packet on which error ICMPs are sent, several bytes of the original packet are quoted inside the error packet. The RFC calls for quoting the entire IP header + 64bit (8 bytes) of the original packet's layer 4. For offending TCP/IP and UDP packets, this is enough to get the IP protocol, source IP, destination IP, and the source and destination ports, which is usually enough information to identify the offending connection. This is also used by some state keeping firewalls to pass the ICMP without an explicit rule allowing ICMP, based on it's relevance for the connection.
Standalone ICMP packets
These are packets that are potentially unrelated to any other connection. They mean to perform an operation in and on themselves. These packets are usually defined in pairs, where one is the "request", and the other is the "response".

Typical messages seen on the internet:
Echo request/reply (Ping) - type 8 (request) and type 0 (reply)

Typically, the response message has a type that is one more than the request message. The noteable exception to this rule is the "echo request" message (aka "ping"), that is type 8, while the echo reply message is type 0.
Common ICMP related connectivity problems
Tunneled connections, such as ADSL PPPoE or PPTP connections, typically lower the maximum transfer unit MTU. This means a packet needs to be fragmented in order to fit the narrower pipe of the tunneled connection. Many hosts employ an algorithm called "path MTU discovery", or PMTU. This algorithm relies heavilly on dropped packets being reported using the ICMP "Fragmentation needed but don't fragment set" message (type 3 code 4). Sadly, some over-eager firewall admins block all ICMP messages, type 3 code 4 included. This results in attempts to download large files/email to hang indefenitely, as big packets are repeatedly sent, repeatedly dropped, and the ICMP that reports this drop is dropped as well. Worse, this problem only happend with some sites, as the problem is really not on the user's end at all.
The way to deal with this problem is to decrease the maximum segment size MSS advertised on the initial TCP/IP SYN packet. This can be achieve by either configuring the firewall that does the NAT (clamp MSS in IPTables), or by setting each machine's MTU to match that of the ADSL (1450 is a good value for ethernet based home networks).
Credits and copyright
This entry was written by Shachar Shemesh, and may be distributed under the terms of the GFDL
ICMP types and codes table
ICMP TYPE NUMBERS

The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.

Type	Name					Reference
----	-------------------------		---------
  0	Echo Reply				 [RFC792]
  1	Unassigned				    [JBP]
  2	Unassigned				    [JBP]
  3	Destination Unreachable			 [RFC792]
  4	Source Quench			 	 [RFC792]
  5	Redirect				 [RFC792]
  6	Alternate Host Address			    [JBP]
  7	Unassigned				    [JBP]
  8	Echo					 [RFC792]
  9	Router Advertisement			[RFC1256]
 10	Router Selection			[RFC1256]
 11	Time Exceeded				 [RFC792]
 12	Parameter Problem			 [RFC792]
 13	Timestamp				 [RFC792]
 14	Timestamp Reply				 [RFC792]
 15	Information Request			 [RFC792]
 16	Information Reply			 [RFC792]
 17	Address Mask Request                     [RFC950]
 18	Address Mask Reply			 [RFC950]
 19	Reserved (for Security)			   [Solo]
 20-29	Reserved (for Robustness Experiment)	    [ZSu]
 30	Traceroute				[RFC1393]
 31	Datagram Conversion Error		[RFC1475]
 32     Mobile Host Redirect              [David Johnson]
 33     IPv6 Where-Are-You                 [Bill Simpson]
 34     IPv6 I-Am-Here                     [Bill Simpson]
 35     Mobile Registration Request        [Bill Simpson]
 36     Mobile Registration Reply          [Bill Simpson]
 37     Domain Name Request                     [Simpson]
 38     Domain Name Reply                       [Simpson]
 39     SKIP                                    [Markson]
 40     Photuris                                [Simpson]
 41-255 Reserved				    [JBP]

Many of these ICMP types have a "code" field.  Here we list the types
again with their assigned code fields.

Type    Name                                    Reference
----    -------------------------               ---------
  0     Echo Reply                               [RFC792]

        Codes
            0  No Code

  1     Unassigned                                  [JBP]

  2     Unassigned                                  [JBP]

  3     Destination Unreachable                  [RFC792]

	Codes
	    0  Net Unreachable
	    1  Host Unreachable
            2  Protocol Unreachable
            3  Port Unreachable
            4  Fragmentation Needed and Don't Fragment was Set
            5  Source Route Failed
            6  Destination Network Unknown
            7  Destination Host Unknown
            8  Source Host Isolated
            9  Communication with Destination Network is
               Administratively Prohibited
           10  Communication with Destination Host is
               Administratively Prohibited
           11  Destination Network Unreachable for Type of Service
           12  Destination Host Unreachable for Type of Service
           13  Communication Administratively Prohibited      [RFC1812]
           14  Host Precedence Violation                      [RFC1812]
           15  Precedence cutoff in effect                    [RFC1812]


  4     Source Quench                            [RFC792]
        Codes
            0  No Code

  5     Redirect                                 [RFC792]

        Codes
            0  Redirect Datagram for the Network (or subnet)
            1  Redirect Datagram for the Host
            2  Redirect Datagram for the Type of Service and Network
            3  Redirect Datagram for the Type of Service and Host

  6     Alternate Host Address                      [JBP]

        Codes
            0  Alternate Address for Host

  7     Unassigned                                  [JBP]

  8     Echo                                     [RFC792]

        Codes
            0  No Code

  9     Router Advertisement                    [RFC1256]

        Codes
            0  No Code

 10     Router Selection                        [RFC1256]

        Codes
            0  No Code

 11     Time Exceeded                            [RFC792]

        Codes
            0  Time to Live exceeded in Transit
            1  Fragment Reassembly Time Exceeded

 12     Parameter Problem                        [RFC792]

        Codes
            0  Pointer indicates the error
            1  Missing a Required Option        [RFC1108]
            2  Bad Length


 13     Timestamp                                [RFC792]

        Codes
            0  No Code

 14     Timestamp Reply                          [RFC792]

        Codes
            0  No Code

 15     Information Request                      [RFC792]

        Codes
            0  No Code

 16     Information Reply                        [RFC792]

        Codes
            0  No Code

 17     Address Mask Request                     [RFC950]

        Codes
            0  No Code

 18     Address Mask Reply                       [RFC950]

        Codes
            0  No Code

 19     Reserved (for Security)                    [Solo]

 20-29  Reserved (for Robustness Experiment)        [ZSu]

 30     Traceroute                              [RFC1393]

 31     Datagram Conversion Error               [RFC1475]

 32     Mobile Host Redirect              [David Johnson]

 33     IPv6 Where-Are-You                 [Bill Simpson]

 34     IPv6 I-Am-Here                     [Bill Simpson]

 35     Mobile Registration Request        [Bill Simpson]

 36     Mobile Registration Reply          [Bill Simpson]

 39     SKIP                                    [Markson]

 40     Photuris                                [Simpson]

Code

0	Reserved
1	unknown security parameters index
2	valid security parameters, but authentication failed
3 	valid security parameters, but decryption failed

===================================================================

REFERENCES

[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
         RFC 792, USC/Information Sciences Institute, September 1981. 

[RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
         Procedure", STD 5, RFC 950, Stanford, USC/Information
         Sciences Institute, August 1985.  

[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
          the Internet Protocol", RFC 1108, November 1991.

[RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
          1256, Xerox PARC, September 1991.

[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
          Xylogics, Inc., January 1993. 

[RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
          Software Corporation, June 1993. 

[RFC1812] Baker, F., "Requirements for IP Version 4 Routers", RFC
          1812, Cisco Systems, June 1995.


PEOPLE

[JBP] Jon Postel, , September 1995.

[David Johnson]

[Markson] Tom Markson, , September 1995.

[Simpson]  Bill Simpson, , October 1995.

[Solo]

[ZSu] Zaw-Sing Su

 
Edit this page Upload file Page history - Page last update: Mon Oct 11 09:14:50 GMT 2004 by 194.204.64.99 | Your address: 34.229.223.223 | Admin