ICMP and it’s Applications


图1.Ip Header 和Icmp Header



图2.ICMP Subnet Request packet format



ICMP Packet

Similar to TCP and UDP, ICMP uses a specific packet format to identify information in the packet. As seen in Figure 1, the ICMP packet contains the following fields:

 

Type   The 1-byte Type element defines what kind of ICMP message is in the packet. Many types of ICMP packets are used to send control request messages to remote hosts. Each message type has its own format and data requirements.

 

Code   The 1-byte Code element further defines the Type field. The various ICMP message types require specific control and data options. These options are defined in the Code field.

Checksum    The 2-byte Checksum element ensures that the ICMP packet has arrived without corruption or tampering. The checksum is computed on only the ICMP portion of the packet, using a specific algorithm defined in RFC 792. When computing the checksum value, the Checksum field is set to zero.

Message   The multibyte Message element contains various other data elements that are unique to each ICMP message type. The Message data fields are often used to contain information sent to and from the remote host. Many of the ICMP message types define the first two fields in the Message element as an Identifier and a Sequence number. Both of these fields are used to uniquely identify the ICMP packet to the hosts.

ICMP Packet Types
There are many types of ICMP packets. Each type of ICMP packet is defined by 1-byte value in the Type element. Below lists some ICMP types, but they are not enough.

Type                  Description
0                       Echo Reply
8                       Echo Request
11                     Time Exceeded
17                     Subnet Request

Raw Socket

和Tcp, Udp编程不同,ICMP编程要自己组织和分析包的内容。ICMP编程收和发的是IP包,要建立Raw Socket, 建立方式如下:
Socket sock = new Socket(AddressFamily.InterNetwork, SocketType.Raw,
  ProtocolType.Icmp);
在发送ICMP包时,自己填充ICMP的头和内容,然后用SendTo发送(不需要填充IP包头的内容)。在接收ICMP包时,要忽略IP包的头之后(20字节)才是ICMP包的内容。

ICMP应用之Ping的原理(图1)
发送方发送Type为8(Echo Request)的ICMP请求(Code为0,Message里包括16位的标示号indication,和16位的序号sequence),如果接收方返回Type为0(Echo Reply)的包,并且标示号、序号和内容与发送的相同的话,则证明能够Ping通,网络设备可用。

ICMP应用之TraceRoute的原理
IP包里面包括TTL(Time To Live,整形值,跨过路由器时减1)信息,当TTL为0时还没有到达目的设备,则路由器会返回Type为11(Exceed Time)的超时包。向目标设备发送Echo Request请求,设置TTL的值由1开始递增,直到到达目标设备,这样通过路由器发送的超时包,就能够记录由发送端到目标设备的路由路径。

ICMP应用之FindMask的原理(得到子网掩码)
Type为17的ICMP请求是用来得到子网掩码的。包的格式如图2。向子网中广播Type为17的ICMP请求,填充Identifer和Sequence,Sub Mask域填0。会有回应设备填充Sub Mask为相应的值,发回请求端。

(注:现今网络环境下,Ping不通不代表网络设备不可用,有些网络设备为了防止被攻击,架设防火墙,不响应Ping请求)

posted on 2004-06-27 23:38  星星之火  阅读(1103)  评论(0编辑  收藏  举报

导航