Dialysis ICMP protocol (1): Protocol principle ================================ This article originally founded Bugfree / 9CBS platform: VC6 Windows XP
ICMP Introduction: --------
For those familiar with the network, ICMP is more familiar. It works like the IP protocol in the network layer of the ISO model, its full name is: Internet Control Message Protocal. The main role in the network is: - Host detection - Routing Maintenance - Routing - Traffic Control
I mainly surround the host detection. Several articles: - Dialy Analysis ICMP Protocol (1): Basic Knowledge Agreement Principle - Dialy Analysis ICMP Protocol (2): Function Introduction Windows Socket Introduction - Dialysis ICMP Protocol (3): One of the first test Application PING (ICMP.DLL) - Dialysis ICMP Protocol (4): Two Applications Ping (Raw Socket) - Dialysis ICMP Protocol (5): Application Routing Tracking
For host probes, there are many ways, and some of the hosts of the host, some applications, or use tools to detect hosts, such as NMAP, and www.netcraft.com on the Web to easily estimate hosts. The following is the use of the ICMP protocol to detect the host, mainly to understand the ICMP protocol, the most important thing here is the ICMP protocol,
First of all, I will talk about the ICMP packet used by the host: (I don't talk all the packets, please refer to the RFC792 protocol)
1. Recycling or return response
We use an icmpecho packet to detect whether the host address survives (of course, the host is not configured to filter the ICMP form), by simple transmission of ICMPECHO (Type 8) packets to the target host, if ICMPECHOREPLY (ICMPTYPE0) packet is received Description Host is survived. If you don't have to judge that the host does not have online or use some filter devices to filter the replement of ICMP. This mechanism is that the ping command we usually use to detect if the target host can ping.
The source address of the return message is the destination address of the return response message. To form a feedback response message, the source and destination address should be exchanged, change the type code to 0, and reconstitute check code.
Here is the format of this message:
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - - - - - - - - - - - - - - - - - - | TYPE | CODE | CHECKSUM | - - - - - - - - - - - - - - - - - - - - - - - - - - | Identifier | SEQUENCE NUMBER | - - - - - - - - - - - - - - - - - - - - - - - - - - - - | Data ... - - - - - Type: 8 Represents a return message; 0 represents the return response message. Code: 0 Check code: 16-bit data (starting from the ICMP type) reverse code and rework. To calculate the check code, the check code domain should be zero. These zeros will be replaced by the check code in the future. Identifier: If code = 0, the code that helps match the feedback and returning response can be 0. Sequence code: If code = 0, the sequence code that helps match the feedback and the return response can be 0. Note: The message received in the return message should return in the returning response message. The identifier and sequence code are used by the return sender to help match the response request. Code: Receive 0 from the host or gateway
2. Timed
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - - - - - - - - - - - - - - - - - - | TYPE | CODE | CHECKSUM | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | Internet Header 64 Bits of Original Data DataGram | - - - - - - - - - - - - - - - - - Type: 11 Code: 0 = Transmission timeout; 1 = Segment stage overtime. Check code: 16-bit data (starting from the ICMP type), the reverse code and rework. To calculate the check code, the check code domain should be zero. These zeros will be replaced by the check code in the future. Internet Baotou 64 Bit Source Data Newspaper: The Internet Baotou plus the head 64 bits of the source data. This data is used to match the host matching information to the corresponding process. If the high-level protocol uses the port number, it should be assumed to be in the 64 bytes of the source data. Note: If the gateway discovers that the living cycle field is zero when the gateway is processed, this datagram must abandon. The gateway must be notified the source host through the timeout information. This data report must be discarded if the host is assembled during the assembly segmentation. The gateway sends timeout information. If the paragraph zero is not available, you don't have to send timeout information. Code 0 is sent by the gateway, and the code 1 is transmitted by the host. 3. Target hosts do not reach packets
0 1 2 3 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 - - - - - - - - - - - - - - - - - - | TYPE | CODE | CHECKSUM | - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | Internet Header 64 Bits of Original Data DataGram | - - - - - - - - - - - - - - - - - - Type: 3 code: 0 = Network is not arrogant; 1 = host is not reached; 2 = protocol is not available; 3 = port is not arrogant; 4 = required segment And DF settings; 5 = source routing failed; check code: 16-bit data (starting from the ICMP type) reverse code and rework. To calculate the check code, the check code domain should be zero. These zeros will be replaced by the check code in the future. Internet Baotou Source Dativity News: The Internet Package plus the head 64 bits of the source data. This data is used to match the host matching information to the corresponding process. If the high-level protocol uses the port number, it should be assumed to be in the 64 bytes of the source data. Description: Corresponding to the gateway routing table, if the network specified in the destination domain is unreachable, if the network distance is unlimited, the gateway sends a dedicated message to the host of the transmit source data. Moreover, in some networks, the gateway has the ability to determine whether the host is up to. If the destination is unreachable, it will send an irreparable information to the host of the transmitted source data. At the destination host, if the IP module is unavailable because the specified protocol module and the process port are not available, the destination host will send an unreachable information to the host of the source data.
Another situation is that when the datagram must be segmented, the "Inseparable" bit is opened, in which case the gateway must discard this datagram and send it to the host of the transmitted source data. Codes 0, 1, 4, and 5 are transmitted by the gateway, and code 2 and 3 are transmitted by the host.
Link: ------- My other article, << dialysis ICMP protocol >>, and other articles see: http://www.9cbs.net/develop/author/netauthor/bugfree/
Dialysis ICMP protocol (5): Application 2 Route Tracking Dialysis ICMP Protocol (4): Two Applications of Catleler Try Ping (Raw Socket) Dialysis ICMP Protocol (3): One of the first test of the cow knife PING (ICMP.DLL) dialysis ICMP Protocol (2): Windows Socket Introduction Dialysis ICMP Protocol (1): Principles of Agreement
Contact: ------- zhangliangsd@hotmail.com
