Internet Protocol Analysis/Internet Control Message Protocol

This lesson continues the Internet layer and looks at the Internet Control Message Protocol (ICMP and ICMPv6). Activities include using Wireshark to examine ICMP and ICMPv6 network traffic.

Readings

 * 1)  Internet Control Message Protocol
 * 2)  ICMPv6
 * 3)  Path MTU Discovery

Multimedia

 * 1) YouTube: ICMP Packet Capture with Michael Gregg

Activities

 * 1) Review Wireshark: Internet Control Message Protocol (ICMP).
 * 2) Use Wireshark to  capture and analyze ICMP Echo traffic.
 * 3) Use Wireshark to  capture and analyze ICMP Time Exceeded traffic.
 * 4) Use Wireshark to  capture and analyze ICMP tracert/traceroute traffic.
 * 5) Review Wireshark: ICMPv6.
 * 6) Use Wireshark to  capture and analyze ICMPv6 Echo traffic.
 * 7) Use Wireshark to  capture and analyze ICMPv6 Time Exceeded traffic.
 * 8) Use Wireshark to  capture and analyze ICMPv6 tracert/traceroute traffic.
 * 9) Use  ping to determine local network MTU.
 * 10) Use  ping to determine Path MTU to an Internet host such as Google's public DNS server 8.8.8.8.
 * Note that Internet routers frequently drop large ICMP packets to prevent Denial of Service attacks, so it may not be possible to capture ICMPv6 Packet Too Big messages with this approach.
 * 1) Consider situations in which a packet analyzer might be used to troubleshoot ICMP traffic.

Lesson Summary

 * ICMP is a core protocol operating in the Internet layer of the Internet Protocol Suite.
 * ICMP messages are used for diagnostic or control purposes or generated in response to errors in IP operations.
 * ICMP messages may be classified into two categories: error messages and information messages.
 * ICMP errors are directed to the source IP address of the originating packet.
 * ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), and provides a framework for extensions to implement future changes.
 * ICMPv6 error messages include Destination Unreachable, Packet Too Big, Time Exceeded, and Parameter Problem.
 * ICMPv6 informational messages include Echo Request, Echo Reply, and a variety of multicast messages that will be covered in the next lesson.
 * The tracert (traceroute) and Pathping commands are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.
 * The ping utility is implemented using ICMP Echo Request and Echo Reply messages.
 * Path MTU Discovery in IPv4 is performed by routers and supported through fragmentation.
 * Path MTU Discovery in IPv6 must be performed by the sending host, because IPv6 routers do not support fragmentation.

Key Terms

 * Destination Unreachable
 * An ICMP error message which is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.


 * Echo Reply
 * An ICMP informational message response to an echo request.


 * Echo Request
 * An ICMP informational message whose data is expected to be received back in an echo reply.


 * Packet Too Big
 * An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the size being too large for the link layer.


 * Parameter Problem
 * An ICMP error message which is generated by a host to inform the source of a problem with a field in the IPv6 header or extension headers of a packet that has been discarded.


 * Path MTU Discovery (PMTUD)
 * A standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentation.


 * Redirect Message
 * An ICMP message which informs a host to update its routing information (to send packets on an alternate route).


 * Source Quench
 * An ICMP message which requests that the sender decrease the rate of messages sent to a router or host.


 * Time Exceeded
 * An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the time to live / hop count field reaching zero.

Assessments

 * /Lesson Flashcards/
 * /Terms Flashcards/
 * /Quiz/