ICMP(控制信息协议) Internet Control Message Protocol经常被认为是IP层的一个组成部分。用于在IP主机,路由器之间传递控制消息。
控制消息是指网络通不通,主机是否可达,路由是否可用等网络本身的消息。
目的:检测网络的连线情况。
ICMP报文通常被I P层或更高层协议( TCP或UDP)使用。一些ICMP报文把差错报文返回给用户进程。ICMP报文是在IP数据报内部被传输的
ICMP的报文格式如下:
ICMP的报文类型如下:
实验:
拓扑
配置:
R1:
interface Ethernet0/0
ip address 10.1.1.1 255.255.255.0no shut
interface Ethernet0/1
ip address 14.1.1.1 255.255.255.0no shut
R2:
interface Ethernet0/1
ip address 10.1.1.2 255.255.255.0no shut
interface Loopback0
ip address 22.1.1.1 255.255.255.0R3:
interface Ethernet0/2
ip address 10.1.1.3 255.255.255.0no shut
R4:
interface Ethernet0/1
ip address 14.1.1.4 255.255.255.0no shut
现象1:观察 ARP request type =8 code =0 及 ARP reply type=0 code=0
在R3上ping 测试:
R3#debug ip packet detail //开启debug信息
IP packet debugging is on (detailed)
R3#ping 10.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
*Nov 8 06:07:17.373: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending
*Nov 8 06:07:17.373: ICMP type=8, code=0
*Nov 8 06:07:17.373: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending full packet
*Nov 8 06:07:17.373: ICMP type=8, code=0
*Nov 8 06:07:17.374: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 100, input feature
*Nov 8 06:07:17.374: ICMP type=0, code=0, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE
通过R3的E0/2接口wireshark抓包,显示如下:
现象2:观察 目的不可达信息中主机不可达,type =3 code=1
此时R3新添加一个静态路由:
ip route 22.0.0.0 255.0.0.0 10.1.1.2
R3#ping 22.2.2.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 22.2.2.2, timeout is 2 seconds:U.U.USuccess rate is 0 percent (0/5)在R3 上ping 22.2.2.2,添加路由以后有去往22.2.2.2的路由,交给下一跳R2,但是R2上没有22.2.2.2该地址,提示主机不可达。
R3#debug ip packet detail //开启debug信息
IP packet debugging is on (detailed)
*Nov 8 06:17:07.623: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3
R3# (Ethernet0/2), len 56, rcvd 3*Nov 8 06:17:07.623: ICMP type=3, code=1*Nov 8 06:17:07.623: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 56, stop process pak for forus packet*Nov 8 06:17:07.623: ICMP type=3, code=1通过R3的E0/2接口wireshark抓包,显示如下:
现象3:观察 目的不可达信息中需要进行分片但设置了不分片比特,type =3 code=4
修改R1 E0/1接口MTU
R1:
interface Ethernet0/1
ip address 14.1.1.1 255.255.255.0 ip mtu 1480 //修改MTU为1480
R3:
ip route 14.1.1.0 255.255.255.0 10.1.1.1
R4:
ip route 10.1.1.0 255.255.255.0 14.1.1.1R3#ping 14.1.1.4 size 1500 //设置发送数据包的大小为1500,允许分片
Type escape sequence to abort.Sending 5, 1500-byte ICMP Echos to 14.1.1.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msR3#ping 14.1.1.4 size 1500 df-bit //设置DF位,不允许分片
Type escape sequence to abort.Sending 5, 1500-byte ICMP Echos to 14.1.1.4, timeout is 2 seconds:Packet sent with the DF bit setM.M.M //该显示表示需要分片,但不允许分片。Success rate is 0 percent (0/5)R3#debug ip packet detail
IP packet debugging is on (detailed)*Nov 8 06:29:03.940: IP: s=10.1.1.1 (Ethernet0/2), d=10.1.1.3 (Ethernet0/2), len 56, rcvd 3
*Nov 8 06:29:03.940: ICMP type=3, code=4*Nov 8 06:29:03.940: IP: s=10.1.1.1 (Ethernet0/2), d=10.1.1.3, len 56, stop process pak for forus packet*Nov 8 06:29:03.940: ICMP type=3, code=4通过R3的E0/2接口wireshark抓包,显示如下:
现象4:观察 目的不可达信息中由于过滤通信被强制禁止,type =3 code=13
R2: 设置ACL进行过滤。
access-list 10 deny 10.1.1.3
interface Ethernet0/1
ip access-group 10 in //接口下调用ACLR3 上进行ping测试:
R3#ping 10.1.1.2
Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:U.U.U //由于被过滤,禁止访问Success rate is 0 percent (0/5)R3#debug ip packet detail
IP packet debugging is on (detailed)*Nov 8 06:36:59.881: IP: s=10.1.1.3 (local), d=10.1.1.2 (Ethernet0/2), len 100, sending full packet
*Nov 8 06:36:59.881: ICMP type=8, code=0*Nov 8 06:36:59.882: IP: s=10.1.1.2 (Ethernet0/2), d=10.1.1.3, len 56, input feature*Nov 8 06:36:59.882: ICMP type=3, code=13, MCI Check(99), rtype 0, forus FALSE, sendself FALSE, mtu 0, fwdchk FALSE通过R3的E0/2接口wireshark抓包,显示如下:
后续会更新, ICMP的重定向和tracertroute ……