hping wiki

Differences for page ICMP

Current version compared with version Tue Aug 31 09:55:30 GMT 2004

- ^^HULK^^+ Internet Control Message Protocol [ICMP] is the bookeeping protocol of the Internet.
+ Defined by RFC [link http://ietf.org/rfc/rfc0792.txt 792].
+ 
+ There are broadly two types of ICMP messages. Connection related ("Error") messages, and standalone ICMP messages.
+ 
+ ===ICMP Packet Types===
+ Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being received.
+ ==="Error" ICMP packets===
+ These are used to convey information about another packet sent. Whenever a packet or a connection has problems on the IP layer (and sometimes even higher), these are reported using an ICMP error packet.
+ 
+ 
+ *Typical messages seen on the internet:*
+ 
+ Time to live expired (mostly seen during traceroutes)   - type 11 code 0
+ 
+ Fragmentation needed but don't fragment set             - type 3 code 4 (see below)
+ 
+ Port unreachable (UDP connection to non-listening port) - type 3 code 3
+ 
+ 
+ In order to identify the connection/packet on which error ICMPs are sent, several bytes of the original packet are quoted inside the error packet. The RFC calls for quoting the entire IP header + 64bit (8 bytes) of the original packet's layer 4. For offending [TCP/IP] and [UDP] packets, this is enough to get the IP protocol, source IP, destination IP, and the source and destination ports, which is usually enough information to identify the offending connection. This is also used by some state keeping firewalls to pass the ICMP without an explicit rule allowing ICMP, based on it's relevance for the connection.
+ ===Standalone ICMP packets===
+ These are packets that are potentially unrelated to any other connection. They mean to perform an operation in and on themselves. These packets are usually defined in pairs, where one is the "request", and the other is the "response". 
+ 
+ 
+ *Typical messages seen on the internet:*
+ 
+ Echo request/reply (Ping) - type 8 (request) and type 0 (reply)
+ 
+ 
+ Typically, the response message has a type that is one more than the request message. The noteable exception to this rule is the "echo request" message (aka "ping"), that is type 8, while the echo reply message is type 0.
+ ===Common ICMP related connectivity problems===
+ Tunneled connections, such as ADSL PPPoE or PPTP connections, typically lower the maximum transfer unit [MTU]. This means a packet needs to be fragmented in order to fit the narrower pipe of the tunneled connection. Many hosts employ an algorithm called "path MTU discovery", or [PMTU]. This algorithm relies heavilly on dropped packets being reported using the ICMP "Fragmentation needed but don't fragment set" message (type 3 code 4). Sadly, some over-eager firewall admins block all ICMP messages, type 3 code 4 included. This results in attempts to download large files/email to hang indefenitely, as big packets are repeatedly sent, repeatedly dropped, and the ICMP that reports this drop is dropped as well. Worse, this problem only happend with some sites, as the problem is really not on the user's end at all.
+ 
+ The way to deal with this problem is to decrease the maximum segment size [MSS] advertised on the initial [TCP/IP] [SYN] packet. This can be achieve by either configuring the firewall that does the [NAT] (clamp MSS in [IPTables]), or by setting each machine's MTU to match that of the ADSL (1450 is a good value for ethernet based home networks).
+ ===Credits and copyright===
+ This entry was written by [link http://www.shemesh.biz Shachar Shemesh], and may be distributed under the terms of the GFDL
+ 
+ ===ICMP types and codes table===
+  ICMP TYPE NUMBERS
+  
+  The Internet Control Message Protocol (ICMP) has many messages that
+  are identified by a "type" field.
+  
+  Type	Name					Reference
+  ----	-------------------------		---------
+    0	Echo Reply				 [RFC792]
+    1	Unassigned				    [JBP]
+    2	Unassigned				    [JBP]
+    3	Destination Unreachable			 [RFC792]
+    4	Source Quench			 	 [RFC792]
+    5	Redirect				 [RFC792]
+    6	Alternate Host Address			    [JBP]
+    7	Unassigned				    [JBP]
+    8	Echo					 [RFC792]
+    9	Router Advertisement			[RFC1256]
+   10	Router Selection			[RFC1256]
+   11	Time Exceeded				 [RFC792]
+   12	Parameter Problem			 [RFC792]
+   13	Timestamp				 [RFC792]
+   14	Timestamp Reply				 [RFC792]
+   15	Information Request			 [RFC792]
+   16	Information Reply			 [RFC792]
+   17	Address Mask Request                     [RFC950]
+   18	Address Mask Reply			 [RFC950]
+   19	Reserved (for Security)			   [Solo]
+   20-29	Reserved (for Robustness Experiment)	    [ZSu]
+   30	Traceroute				[RFC1393]
+   31	Datagram Conversion Error		[RFC1475]
+   32     Mobile Host Redirect              [David Johnson]
+   33     IPv6 Where-Are-You                 [Bill Simpson]
+   34     IPv6 I-Am-Here                     [Bill Simpson]
+   35     Mobile Registration Request        [Bill Simpson]
+   36     Mobile Registration Reply          [Bill Simpson]
+   37     Domain Name Request                     [Simpson]
+   38     Domain Name Reply                       [Simpson]
+   39     SKIP                                    [Markson]
+   40     Photuris                                [Simpson]
+   41-255 Reserved				    [JBP]
+  
+  Many of these ICMP types have a "code" field.  Here we list the types
+  again with their assigned code fields.
+  
+  Type    Name                                    Reference
+  ----    -------------------------               ---------
+    0     Echo Reply                               [RFC792]
+  
+          Codes
+              0  No Code
+  
+    1     Unassigned                                  [JBP]
+  
+    2     Unassigned                                  [JBP]
+  
+    3     Destination Unreachable                  [RFC792]
+  
+  	Codes
+  	    0  Net Unreachable
+  	    1  Host Unreachable
+              2  Protocol Unreachable
+              3  Port Unreachable
+              4  Fragmentation Needed and Don't Fragment was Set
+              5  Source Route Failed
+              6  Destination Network Unknown
+              7  Destination Host Unknown
+              8  Source Host Isolated
+              9  Communication with Destination Network is
+                 Administratively Prohibited
+             10  Communication with Destination Host is
+                 Administratively Prohibited
+             11  Destination Network Unreachable for Type of Service
+             12  Destination Host Unreachable for Type of Service
+             13  Communication Administratively Prohibited      [RFC1812]
+             14  Host Precedence Violation                      [RFC1812]
+             15  Precedence cutoff in effect                    [RFC1812]
+  
+  
+    4     Source Quench                            [RFC792]
+          Codes
+              0  No Code
+  
+    5     Redirect                                 [RFC792]
+  
+          Codes
+              0  Redirect Datagram for the Network (or subnet)
+              1  Redirect Datagram for the Host
+              2  Redirect Datagram for the Type of Service and Network
+              3  Redirect Datagram for the Type of Service and Host
+  
+    6     Alternate Host Address                      [JBP]
+  
+          Codes
+              0  Alternate Address for Host
+  
+    7     Unassigned                                  [JBP]
+  
+    8     Echo                                     [RFC792]
+  
+          Codes
+              0  No Code
+  
+    9     Router Advertisement                    [RFC1256]
+  
+          Codes
+              0  No Code
+  
+   10     Router Selection                        [RFC1256]
+  
+          Codes
+              0  No Code
+  
+   11     Time Exceeded                            [RFC792]
+  
+          Codes
+              0  Time to Live exceeded in Transit
+              1  Fragment Reassembly Time Exceeded
+  
+   12     Parameter Problem                        [RFC792]
+  
+          Codes
+              0  Pointer indicates the error
+              1  Missing a Required Option        [RFC1108]
+              2  Bad Length
+  
+  
+   13     Timestamp                                [RFC792]
+  
+          Codes
+              0  No Code
+  
+   14     Timestamp Reply                          [RFC792]
+  
+          Codes
+              0  No Code
+  
+   15     Information Request                      [RFC792]
+  
+          Codes
+              0  No Code
+  
+   16     Information Reply                        [RFC792]
+  
+          Codes
+              0  No Code
+  
+   17     Address Mask Request                     [RFC950]
+  
+          Codes
+              0  No Code
+  
+   18     Address Mask Reply                       [RFC950]
+  
+          Codes
+              0  No Code
+  
+   19     Reserved (for Security)                    [Solo]
+  
+   20-29  Reserved (for Robustness Experiment)        [ZSu]
+  
+   30     Traceroute                              [RFC1393]
+  
+   31     Datagram Conversion Error               [RFC1475]
+  
+   32     Mobile Host Redirect              [David Johnson]
+  
+   33     IPv6 Where-Are-You                 [Bill Simpson]
+  
+   34     IPv6 I-Am-Here                     [Bill Simpson]
+  
+   35     Mobile Registration Request        [Bill Simpson]
+  
+   36     Mobile Registration Reply          [Bill Simpson]
+  
+   39     SKIP                                    [Markson]
+  
+   40     Photuris                                [Simpson]
+  
+  Code
+  
+  0	Reserved
+  1	unknown security parameters index
+  2	valid security parameters, but authentication failed
+  3 	valid security parameters, but decryption failed
+  
+  ===================================================================
+  
+  REFERENCES
+  
+  [RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
+           RFC 792, USC/Information Sciences Institute, September 1981. 
+  
+  [RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
+           Procedure", STD 5, RFC 950, Stanford, USC/Information
+           Sciences Institute, August 1985.  
+  
+  [RFC1108] Kent, S., "U.S. Department of Defense Security Options for
+            the Internet Protocol", RFC 1108, November 1991.
+  
+  [RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
+            1256, Xerox PARC, September 1991.
+  
+  [RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
+            Xylogics, Inc., January 1993. 
+  
+  [RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
+            Software Corporation, June 1993. 
+  
+  [RFC1812] Baker, F., "Requirements for IP Version 4 Routers", RFC
+            1812, Cisco Systems, June 1995.
+  
+  
+  PEOPLE
+  
+  [JBP] Jon Postel, , September 1995.
+  
+  [David Johnson]
+  
+  [Markson] Tom Markson, , September 1995.
+  
+  [Simpson]  Bill Simpson, , October 1995.
+  
+  [Solo]
+  
+  [ZSu] Zaw-Sing Su

The following is the old page content