ICMP(控制信息協議) Internet Control Message Protocol經常被認爲是IP層的一個組成部分。用於在IP主機,路由器之間傳遞控制消息。
控制消息是指網絡通不通,主機是否可達,路由是否可用等網絡本身的消息。
目的:檢測網絡的連線情況。
ICMP報文通常被I P層或更高層協議( TCP或UDP)使用。一些ICMP報文把差錯報文返回給用戶進程。ICMP報文是在IP數據報內部被傳輸的
ICMP的報文格式如下:
ICMP的報文類型如下:
實驗:
拓撲
配置:
R1:
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0
no shut
interface Ethernet0/1
ip address 14.1.1.1 255.255.255.0
no shut
R2:
interface Ethernet0/1
ip address 10.1.1.2 255.255.255.0
no shut
interface Loopback0
ip address 22.1.1.1 255.255.255.0
R3:
interface Ethernet0/2
ip address 10.1.1.3 255.255.255.0
no shut
R4:
interface Ethernet0/1
ip address 14.1.1.4 255.255.255.0
no shut
現象1:觀察 ARP request type =8 code =0 及 ARP reply type=0 code=0
在R3上ping 測試:
R3#debug ip packet detail //開啓debug信息
IP packet debugging is on (detailed)
R3#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
*Nov 8 06:07:17.373: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending
*Nov 8 06:07:17.373: ICMP type=8, code=0
*Nov 8 06:07:17.373: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending full packet
*Nov 8 06:07:17.373: ICMP type=8, code=0
*Nov 8 06:07:17.374: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 100, input feature
*Nov 8 06:07:17.374: ICMP type=0, code=0, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
通過R3的E0/2接口wireshark抓包,顯示如下:
現象2:觀察 目的不可達信息中主機不可達,type =3 code=1
此時R3新添加一個靜態路由:
ip route 22.0.0.0 255.0.0.0 10.1.1.2
R3#ping 22.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 22.2.2.2, timeout is 2 seconds:
U.U.U
Success rate is 0 percent (0/5)
在R3 上ping 22.2.2.2,添加路由以後有去往22.2.2.2的路由,交給下一跳R2,但是R2上沒有22.2.2.2該地址,提示主機不可達。
R3#debug ip packet detail //開啓debug信息
IP packet debugging is on (detailed)
*Nov 8 06:17:07.623: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3
R3# (Ethernet0/2), len 56, rcvd 3
*Nov 8 06:17:07.623: ICMP type=3, code=1
*Nov 8 06:17:07.623: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 56, stop process pak for forus packet
*Nov 8 06:17:07.623: ICMP type=3, code=1
通過R3的E0/2接口wireshark抓包,顯示如下:
現象3:觀察 目的不可達信息中需要進行分片但設置了不分片比特,type =3 code=4
修改R1 E0/1接口MTU
R1:
interface Ethernet0/1
ip address 14.1.1.1 255.255.255.0
ip mtu 1480 //修改MTU爲1480
R3:
ip route 14.1.1.0 255.255.255.0 10.1.1.1
R4:
ip route 10.1.1.0 255.255.255.0 14.1.1.1
R3#ping 14.1.1.4 size 1500 //設置發送數據包的大小爲1500,允許分片
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 14.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
R3#ping 14.1.1.4 size 1500 df-bit //設置DF位,不允許分片
Type escape sequence to abort.
Sending 5, 1500-byte ICMP Echos to 14.1.1.4, timeout is 2 seconds:
Packet sent with the DF bit set
M.M.M //該顯示錶示需要分片,但不允許分片。
Success rate is 0 percent (0/5)
R3#debug ip packet detail
IP packet debugging is on (detailed)
*Nov 8 06:29:03.940: IP: s=10.1.1.1 (Ethernet0/2), d=10.1.1.3 (Ethernet0/2), len 56, rcvd 3
*Nov 8 06:29:03.940: ICMP type=3, code=4
*Nov 8 06:29:03.940: IP: s=10.1.1.1 (Ethernet0/2), d=10.1.1.3, len 56, stop process pak for forus packet
*Nov 8 06:29:03.940: ICMP type=3, code=4
通過R3的E0/2接口wireshark抓包,顯示如下:
現象4:觀察 目的不可達信息中由於過濾通信被強制禁止,type =3 code=13
R2: 設置ACL進行過濾。
access-list 10 deny 10.1.1.3
interface Ethernet0/1
ip access-group 10 in //接口下調用ACL
R3 上進行ping測試:
R3#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
U.U.U //由於被過濾,禁止訪問
Success rate is 0 percent (0/5)
R3#debug ip packet detail
IP packet debugging is on (detailed)
*Nov 8 06:36:59.881: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending full packet
*Nov 8 06:36:59.881: ICMP type=8, code=0
*Nov 8 06:36:59.882: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 56, input feature
*Nov 8 06:36:59.882: ICMP type=3, code=13, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
通過R3的E0/2接口wireshark抓包,顯示如下:
後續會更新, ICMP的重定向和tracertroute ……