Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống
1
/ 51 trang
THÔNG TIN TÀI LIỆU
Thông tin cơ bản
Định dạng
Số trang
51
Dung lượng
1,07 MB
Nội dung
120 Part I: Internet Layer Protocols For example, to ping 10.0.0.1 through neighboring router interfaces 192.168.1.1 and 192.168.2.1, use the following command: ping -j 192.168.1.1 192.168.2.1 10.0.0.1 Network Monitor Capture 05-05 (in the \Captures folder on the companion CD-ROM) provides an example of Ping.exe tool traffic and the use of the Loose Source Route option. By default, an IP router running Windows Server 2008 or Windows Vista does not forward source-routed IP packets. You can change the behavior of IP for source-routed IP packets with the following command: netsh interface ipv4 set global sourceroutingbehavior=drop|forward|dontforward You can also use the following registry value: DisableIPSourceRouting Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters Value type: REG_DWORD Valid range: 0 - 2 Default: 1 Present by default: No Set the DisableIPSourceRouting registry value to 0 to forward source-routed packets, to 1 to not forward source-routed packets (for packets being forwarded), or to 2 to drop all incoming source-routed packets (for packets being forwarded and for packets destined to the node). IP Router Alert The IP Router Alert option is used to indicate to IP routers that additional processing of the IP datagram is required even when the IP datagram is not addressed to the router. The IP Router Alert option is used for the Resource Reservation Protocol (RSVP), IGMP version 2, and IGMP version 3. For example, when a router receives an IP datagram with the IP Router Alert option, it looks at the IP Protocol field to see if the IP payload requires additional processing before making a forwarding decision. RFC 2113 describes the IP Router Alert option. The IP Router Alert option contains the following fields: ■ Option Code Set to 148 (Copy Bit=1, Option Class=0, Option Number=20). ■ Option Length Set to the fixed length of 4. ■ Value A 2-byte field set to 0. All other values are reserved. The value of 0 indicates that the router must examine the packet. Option Code Option Length Value =148 =0 Chapter 5: Internet Protocol (IP) 121 Internet Timestamp The Internet Timestamp option is used to record the time that an IP datagram arrived at each IP router in the path between the source and destination host. The Internet Timestamp option is similar to the Record Route option in that the sending node creates blank entries in the IP header that routers fill out as the packet travels through the IP internetwork. Each entry con- sists of the router’s IP address and a 32-bit integer timestamp that indicates the number of mil- liseconds since midnight, Universal Time. If Universal Time is not being used, the high-order bit of the timestamp field is set to 1. Note To use Internet timestamps, Internet timestamping must be enabled on all the routers in the path between the source and destination hosts. It is common for routers to either not support Internet timestamping or have it disabled. The Internet Timestamp option contains the following fields: ■ Option Code Set to 68 (Copy Bit=0, Option Class=2, Option Number=4). ■ Option Length Set by the sending host to the number of bytes in the Internet Times- tamp option. ■ Next Slot Pointer Set to the byte offset (starting at 1) within the Internet Timestamp option of the next slot for the recording of the IP address and timestamp. The Next Slot Pointer field’s minimum value is 5. ■ Overflow Set by routers to indicate the number of routers that were unable to record their IP address and timestamp. ■ Flags Set by the sending host to indicate the format of the IP Address/Timestamp slots. When Flags is set to 0, the IP address is omitted. This allows up to nine timestamps to be recorded. When Flags is set to 1, the IP address is recorded, allowing up to four IP address/timestamp pairs to be recorded. The Internet Timestamp option format shown assumes Flags is set to 1. When Flags is set to 3, the sending node specifies the IP Option Code Option Length Next Slot Pointer Overflow Flags First IP Address First Timestamp =68 122 Part I: Internet Layer Protocols addresses of successive routers: A timestamp is recorded only if the IP address in the slot matches the router’s IP address. ■ First IP Address/First Timestamp Set by routers to record the IP address and timestamp of the routers encountered (when Flags is set to 1) or specified (when Flags is set to 3). When a sending host sends an IP datagram with the Internet Timestamp option, the sending host does the following: 1. Sets the Next Slot Pointer field’s value to 5. 2. For a specified route (when Flags is set to 3), places the series of IP addresses in the Internet Timestamp option. When an IP router receives an IP datagram with the Internet Timestamp option, it compares the Option Length and Next Slot Pointer fields. If the Next Slot Pointer field’s value is less than the Option Length field’s value, it does the following: ■ If Flags is set to 3, the router replaces the IP header’s destination IP address with the IP address that is recorded in the next slot (based on the Next Slot Pointer field). ■ If Flags is set to 1 or 3, the router records the IP address of the interface on which the IP datagram was received in the same slot. ■ If Flags is set to 0, the router records the timestamp and adds 4 to the Next Slot Pointer field. If Flags is set to 1, the router records the timestamp after the IP address and adds 8 to the Next Slot Pointer field. If Flags is set to 3, the router replaces the IP address and adds 4 to the Next Slot Pointer field. If the Next Slot Pointer field’s value is greater than the Option Length field’s value, the router increments the Overflow field. If the Overflow field is 15 before incrementing, an ICMP Parameter Problem is sent back to the source host. Setting the Internet Timestamp Option with Ping The Windows Server 2008 and Windows Vista Ping.exe tool and the -s option can be used to send ICMP Echo messages with the Internet timestamp. The syntax is the following: ping -s Slots Destination For example, to ping the IP address of 10.9.1.1 using Internet timestamps with three slots, use the following command: ping -s 3 10.9.1.1 Network Monitor Capture 05-06 (in the \Captures folder on the companion CD-ROM) provides an example of Ping.exe tool traffic and the use of the Internet Timestamp option. Chapter 5: Internet Protocol (IP) 123 Summary IP provides the internetworking building block for all other Internet Layer and higher proto- cols in the TCP/IP suite. IP provides a best effort, unreliable, connectionless datagram delivery service between networks of an IP internetwork. The IP header provides addressing, type of delivery, maximum link count, fragmentation, and checksum services. IP fragmentation pro- vides a way for IP datagrams to travel over links with a lower IP MTU than the original IP dat- agram. The basic services of the IP header are extended through IP options, the most common of which provide source routing, path recording, router alert, and timestamping functions. 125 Chapter 6 Internet Control Message Protocol (ICMP) In this chapter: ICMP Message Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126 ICMP Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127 Ping.exe Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148 Tracert.exe Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150 Pathping.exe Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155 IP provides end-to-end datagram delivery capabilities for IP datagrams. However, IP does not provide any facilities for reporting routing or delivery errors encountered by an IP datagram in its journey from the source to the destination. The Internet Control Message Protocol (ICMP) reports error and control conditions on behalf of IP. When a protocol encounters an error that cannot be recovered in the processing of a packet, it can do one of the following: ■ Discard the offending packet without sending an error notification to the sending host. This is known as a silent discard. For example, an Ethernet network adapter checks each Ethernet frame for bit-level errors by performing a checksum and comparing its own result with the Frame Check Sequence value stored in the frame. If the two checksums do not match, the adapter considers the frame invalid and silently discards it. ■ Discard the offending packet and send an error notification to the sending host. This is known as an informed discard. ICMP provides an informed discard service for specific types of IP routing and delivery errors. ICMP is an extensible protocol that also provides functions to check IP connectivity and aid in the automatic configuration of hosts. ICMP does not make IP reliable. There are no facilities within IP or ICMP to provide sequenc- ing or retransmission of IP datagrams that encounter errors. ICMP messages are unreliably sent as IP datagrams, and although ICMP reports an error, there are no requirements for how the sending host treats the error. It is up to the TCP/IP implementation to interpret the error and adjust its behavior accordingly. 126 Part II: Internet Layer Protocols ICMP messages are sent only for the first fragment of an IP datagram. ICMP messages are not sent for problems encountered by ICMP error messages or for problems encountered by broadcast or multicast datagrams. ICMP is defined in RFCs 792, 950, 1812, 1122, 1191, and 1256. More Info All of the RFCs referenced in this chapter can be found in the \Standards\Chap06_ICMP folder on the companion CD-ROM. ICMP Message Structure ICMP messages are sent as IP datagrams. Therefore, an ICMP message consisting of an ICMP header and ICMP message data is encapsulated with an IP header using IP Protocol number 1. The resulting IP datagram is then encapsulated with the appropriate Network Interface Layer header and trailer. Figure 6-1 shows the resulting frame. Figure 6-1 ICMP message encapsulation showing the IP header and Network Interface Layer header and trailer In the IP header of ICMP messages, the Source IP Address field is set to the router or host inter- face that sent the ICMP message. The Destination IP Address field is set to the sending host of the offending packet (in the case of ICMP error messages), a specific host, an IP broadcast, or IP multicast address. Every ICMP message has the same structure, as Figure 6-2 shows. Figure 6-2 The structure of an ICMP message showing the fields common to all types of ICMP messages The common fields in the ICMP message are defined as follows: ■ Type A 1-byte field that indicates the type of ICMP message (Echo vs. Echo Reply, and so on). Table 6-1 lists the most commonly used ICMP types. Network Interface header IP header ICMP header ICMP message Network Interface Layer frame IP datagram ICMP message data Network Interface trailer Type Code Checksum Type-specific data Chapter 6: Internet Control Message Protocol (ICMP) 127 ■ Code A 1-byte field that indicates a specific ICMP message within an ICMP message type. If there is only one ICMP message within an ICMP type, the Code field is set to 0. The combination of ICMP Type and Code determines a specific ICMP message. ■ Checksum A 2-byte field for a 16-bit checksum covering the ICMP message. ICMP uses the same checksum algorithm as IP for the IP header checksum. ■ Type-Specific Data Optional data for each ICMP type. ICMP Messages Table 6-1 lists the most commonly used ICMP types. For a complete list of ICMP types, see http://www.iana.org/assignments/icmp-parameters. The following sections discuss the ICMP messages supported by TCP/IP for Windows Server 2008 and Windows Vista. ICMP Echo and Echo Reply One of the most heavily used ICMP facilities is the ability to send a simple message to an IP node and have the message echoed back to the sender. This facility is useful for network troubleshooting and debugging. The simple message sent is an ICMP Echo, and the message echoed back to the sender is an ICMP Echo Reply. For Windows Server 2008 and Windows Vista, the Ping.exe, Tracert.exe, and Pathping.exe tools use Echo and Echo Reply messages to provide information about reachability and the path taken to reach a destination node. Figure 6-3 shows the ICMP Echo message structure. The fields in the ICMP Echo message are defined as follows: ■ Type Set to 8. ■ Code Set to 0. Table 6-1 Common ICMP Types ICMP Type Description 0 Echo Reply 3 Destination Unreachable 4 Source Quench 5 Redirect 8 Echo (also known as an Echo Request) 9 Router Advertisement 10 Router Solicitation 11 Time Exceeded 12 Parameter Problem 128 Part II: Internet Layer Protocols Figure 6-3 The structure of the ICMP Echo message ■ Identifier A 2-byte field that stores a number generated by the sender that is used to match the ICMP Echo with its corresponding Echo Reply. ■ Sequence Number A 2-byte field that stores an additional number that is used to match the ICMP Echo with its corresponding Echo Reply. The combination of the values of the Identifier and Sequence Number fields identifies a specific Echo message. ■ Optional Data Optionally, data can be added at the end of the ICMP packet. For information on how Windows Server 2008 and Windows Vista determine Identifier, Sequence Number, and Optional Data fields, see the sections “Ping.exe Tool” and “Tracert.exe Tool,” later in this chapter. Frame 1 of the Network Monitor Capture 06-01 (in the \Captures folder on the companion CD-ROM) shows the structure of an ICMP Echo message. Figure 6-4 shows the ICMP Echo Reply message structure. Figure 6-4 The structure of the ICMP Echo Reply message The fields in the ICMP Echo Reply message are defined as follows: ■ Type Set to 0. ■ Code Set to 0. ■ Identifier Set to the value of the Identifier field of the Echo message being echoed. Type Code Checksum Identifier Sequence # Optional data =8 =0 Type Code Checksum Identifier Sequence # Optional data =0 =0 Chapter 6: Internet Control Message Protocol (ICMP) 129 ■ Sequence Number Set to the value of the Sequence Number field of the Echo message being echoed. ■ Optional Data Set to the value of the Optional Data field of the Echo message being echoed. Echoed in the Echo Reply message are the Identifier, Sequence Number, and Optional Data fields. The host that sent the original Echo message can verify these fields on receipt. If the fields are not correctly echoed, the Echo Reply message can be ignored. Frame 2 of the Network Monitor Capture 06-01 (in the \Captures folder on the companion CD-ROM) shows the structure of an ICMP Echo Reply message sent in response to an ICMP Echo message. Sending ICMP Echo messages and receiving ICMP Echo Reply messages checks for the following: ■ The host sending the Echo message can forward the Echo message to either the destina- tion (direct delivery) or to a neighboring router (indirect delivery). ■ The routing infrastructure between the host sending the Echo message and the destina- tion can forward the Echo message to the destination. ■ The host sending the Echo Reply message can forward the Echo Reply message to either the destination (the sender of the Echo message) or to a neighboring router. ■ The routing infrastructure between the host sending the Echo Reply message and the destination can forward the Echo Reply message to the destination. ICMP Destination Unreachable IP attempts a best-effort delivery of datagrams to their destination. Routing or delivery errors can occur along the path or at the destination. When a routing or delivery error occurs, a router or the destination discards the offending datagram and attempts to report the error by sending an ICMP Destination Unreachable message to the source IP address of the offending packet. Figure 6-5 shows the ICMP Destination Unreachable message structure. Figure 6-5 The structure of the ICMP Destination Unreachable message Type Code Checksum Unused IP Header and first 8 bytes of datagram =3 =0 - 13 [...]... 157. 54. 231.130 157.59.11.19 157. 54. 231.130 157.59.11.19 157. 54. 231.130 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 Destination 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157. 54. 11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 157.59.2 24. 33 157.59.11.19 157. 54. 2 24. 33 157.59.11.19 Protocol... for IPv6 traffic -4 Forces Tracert to use an IPv4 address when the DNS name query Not used for a host name returns both IPv4 and IPv6 addresses -6 Forces Tracert to use an IPv6 address when the DNS name query Not used for a host name returns both IPv4 and IPv6 addresses 40 00 Not used Pathping.exe Tool The Pathping command-line tool for Windows Server 2008 and Windows Vista is used to test router and. .. to 1 to enable and to 0 to disable 148 Part II: Internet Layer Protocols Ping.exe Tool The Ping.exe command-line tool for Windows Server 2008 and Windows Vista is the primary network tool for troubleshooting IP connectivity The Ping tool tests reachability, name resolution, source routing, network latency, and other issues for both IP version 4 (IPv4) and IP version 6 (IPv6) For IPv4, Ping sends an... lookup In Windows Server 2008 and Windows Vista, TCP/ IP behavior for ICMP Redirect messages can be controlled by the netsh interface ipv4 set global icmpredirects=enabled|disabled command By default, support for ICMP Redirect messages is enabled When enabled, when a host running TCP/ IP for Windows Server 2008 and Windows Vista receives an ICMP Redirect message, it first checks the source IP address to... the IP header and the first 8 bytes of the discarded datagram In Windows Server 2008 and Windows Vista, TCP/ IP does not implement TCP flow control if an ICMP Source Quench message is received When acting as a router, TCP/ IP for Windows Server 2008 and Windows Vista does not send ICMP Source Quench messages when the router buffers fill and packets are discarded ICMP Redirect It is common for hosts to... -4 Forces Pathping to use an IPv4 address when the DNS Not used name query for a host name returns both IPv4 and IPv6 addresses -6 Forces Pathping to use an IPv6 address when the DNS Not used name query for a host name returns both IPv4 and IPv6 addresses 30 250 Summary ICMP is a set of messages that provides services that are not part of IP ICMP includes the following services: diagnostic (Echo and. .. valid for IPv6 traffic -4 Forces Ping to use an IPv4 address when the DNS name query for Not used a host name returns both IPv4 and IPv6 addresses -6 Forces Ping to use an IPv6 address when the DNS name query for Not used a host name returns both IPv4 and IPv6 addresses Note Not used For more information about the Record Route, Strict Source Route, Loose Source Route, and Internet Timestamps IP header... tracert a destination IP address, the default behavior is to trace the route and report the round-trip time, the near-side router IP address, and the DNS name corresponding to the near-side router IP address When you tracert a name, normal name resolution techniques resolve the name to an IP address before the ICMP Echo messages are sent If TCP/ IP for Windows Server 2008 and Windows Vista is unable... the Perform Router Discovery option (option code 31) sent by the DHCP server The following registry value controls how TCP/ IP in Windows Server 2008 and Windows Vista sends ICMP Router Solicitation messages 144 Part II: Internet Layer Protocols SolicitationAddressBCast Location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Services\ Tcpip\Parameters\Interfaces\ InterfaceGUID Data type: REG_DWORD Valid... interface in the IPv4\General node in the Routing and Remote Access snap-in Preference Level ICMP Router Solicitation Hosts send the ICMP Router Solicitation message to the all-routers multicast IP address (2 24. 0.0.2), the subnet (or network) broadcast address, or the limited broadcast address Chapter 6: Internet Control Message Protocol (ICMP) 143 TCP/ IP for Windows Server 2008 and Windows Vista listens . Windows Server 2008 and Windows Vista, TCP/ IP does not implement TCP flow control if an ICMP Source Quench message is received. When acting as a router, TCP/ IP for Windows Server 2008 and Windows. supported by TCP/ IP for Windows Server 2008 and Windows Vista. ICMP Echo and Echo Reply One of the most heavily used ICMP facilities is the ability to send a simple message to an IP node and have. Just in case 17,9 14 16-Mbps IBM Token Ring 8166 IEEE 802 .4 4352 IEEE 802.5 (4 Mbps) and Fiber Distributed Data Interface (FDDI) 2002 Wideband Network and IEEE 802.5 (4 Mbps) 149 2 Ethernet/IEEE