Internet Control Message Protocol (ICMP) Objective

14/09/55Internet Control Message Protocol(ICMP)ผศ.ดร. หม ัดอามีน หม ันหลินFaculty of IST, MUTEmail: mmunlin@gmail.comObjectiveIn this lecture you will learn:• ICMP Protocol• ICMP Packet• Raw Socket• Ping• Traceroute• Findmask14/09/55 C# Network Programming 2Dr. M. Munlin 1

14/09/55The ICMP Protocol• The Internet Control Message Protocol (ICMP) is used tocommunicate with remote hosts on the network.• .Net does not have a helper class for ICMP, therefore wehave to create a separate ICMP class to encapsulate aprotocol in a class and send as a raw socket.• We can use the ICMP class in C# network programs tocreate ICMP utility programs such as ping and traceroute.• ICMP uses IP to communicate across the network.• IP packets identify the next layer protocol contained in thedata section using the protocol Type field.• ICMP packets are identified by IP protocol Type 1. Theentire ICMP packet is then contained within the datasection of the IP packet.14/09/55 C# Network Programming 3The Ethernet, IP and ICMP packet formats14/09/55 C# Network Programming 4Dr. M. Munlin 2

14/09/55IP Next Layer Protocol Field• The Protocol field is used to identify the next layerprotocol contained in the IP packet.• The IANA has defined 135 values for this field that can beused in IP packets.14/09/55 C# Network Programming 5ICMP Packet Format• Type: The 1-byte Type element defines what kind of ICMPmessage is in the packet. Many types of ICMP packets areused to send control request messages to remote hosts.Code: The 1-byte Code element further defines the Typefield. The various ICMP message types require specificcontrol and data options.• Checksum: The 2-byte Checksum element ensures that theICMP packet has arrived without corruption or tampering.When computing the checksum value, the Checksum field isset to zero.• Message: The multi-bytes Message element contains variousother data elements that are unique to each ICMP messagetype. The Message data fields are often contain informationsent to and from the remote host.14/09/55 C# Network Programming 6Dr. M. Munlin 3

14/09/55ICMP Packet Types• There are many types of ICMP packets.• Each type of ICMP packet is defined by the 1-byte valuein the Type element.• the following are the ICMP types originally defined inRFC 792.14/09/55 C# Network Programming 7Echo Request Packets• Two of the ICMP packets used most often are the EchoRequest and Echo Reply.• These packets allow a device to request an ICMP responsefrom a remote device on the network, e.g. the ping utility.• The Echo Request packet uses ICMP Type 8, with a Codevalue of 0. The Message data area contains three elements:◦ A 1-byte Identifier that uniquely identifies the EchoRequest packet.◦ A 1-byte Sequence number providing additionalidentification for the ICMP packet.◦ A stream of A multi-bytes data element containing datathat should be returned by the receiving host.14/09/55 C# Network Programming 8Dr. M. Munlin 4

14/09/55Echo Reply Packets• When a device receives an Echo Request packet, it mustrespond with an Echo Reply packet, ICMP Type 0.• The Echo Reply packet must contain the same Identifierand Sequence number values as the Echo Request packetto which it is responding.• Also, the data element value must be the same as receivedin the Echo Request packet14/09/55 C# Network Programming 9Destination Unreachable Packet• The Destination Unreachable ICMP packet (Type 3) isusually returned by a router device after it receives an IPpacket that it cannot forward to the appropriatedestination.• The data portion of the Destination Unreachable packetcontains the IP header plus the first 64 bits of thedatagram.• In this packet, the Code field identifies the reason thepacket could not be forwarded by the router.14/09/55 C# Network Programming 10Dr. M. Munlin 5

14/09/55The Destination Unreachable Code Values14/09/55 C# Network Programming 11Time Exceeded Packet• The Time Exceeded (ICMP Type 11) packet has become animportant tool that is used for network troubleshooting.• It reports that an IP packet has exceeded the time to live(TTL) value defined in the IP header.• Each time an IP packet traverses a network router, the TTLvalue is decreased by 1.• If the TTL value reaches 0 before the IP packet reaches theintended destination, the last receiving router must send aTime Exceeded ICMP packet to the sending host.• This procedure is exploited in the traceroute program.14/09/55 C# Network Programming 12Dr. M. Munlin 6

14/09/55Implemented ICMP Using Raw Sockets• Because ICMP packets do not use either TCP or UDP,we cannot use either of the socket helper classes,TcpClient or UdpClient.• We have to use the raw sockets socket type of theSocket class.• Raw sockets allow us to define our own network packetabove the IP layer.• However, we have to do all the work manually to createall the individual fields in the ICMP packet, rather thanhaving the .NET library create the packet for us, as itdoes with TCP and UDP.14/09/55 C# Network Programming 13Socket Parameters• SocketTypes must match ProtocolTypes.• .Net does not allow to mix and match SocketTypes andProtocolTypes14/09/55 C# Network Programming 14Dr. M. Munlin 7

14/09/55Raw Sockets Format• To create a raw socket, we must use the SocketType.Rawsocket type when the socket is created.• There are several Protocol Type values that we can use tomatch with the raw socket type; they are:14/09/55 C# Network Programming 15Sending Raw Packets• ICMP is a connectionless protocol, we do not have to bindthe socket to a specific local port to send a packet or use theConnect() method to connect it to a specific remote host.• We must use the SendTo() method to specify the IPEndPointobject of the destination address.• ICMP does not use ports, so the value of the port propertyof the IPEndPoint object is not important (usually 0).• The following creates a socket and an IPEndPoint destinationobject with no port and sends a packet to it:Socket sock = new Socket(AddressFamily.InterNetwork,SocketType.Raw, ProtocolType.Icmp);IPEndPoint iep = newIPEndPoint(IPAddress.Parse("192.168.1.2"), 0);sock.SendTo(packet, iep);14/09/55 C# Network Programming 16Dr. M. Munlin 8

14/09/55Receiving Raw Packets• To receive data from the raw socket, we must use theReceiveFrom() method.• Because the raw socket does not identify a higher-layerprotocol, the data returned from a ReceiveFrom() methodcall contains the entire IP packet contents.• We must extract the data from the raw IP packet to createthe ICMP packet elements.• In the IP packet, the ICMP data starts at byte 20, we haveto start reading the byte array at the 20th position in thereceived IP packet to extract the ICMP data and header.• Because the ReceiveFrom() method returns the entire IPpacket, we must declare the receiving buffer size to be atleast 20 bytes larger than the expected data.14/09/55 C# Network Programming 17Creating an ICMP Class• The raw socket does not automatically format the ICMPpacket, so we must do this ourselves.• We‘ll create an ICMP class to format an ICMP packet andmanipulate the packet contents.• We can then use this ICMP class in any of the networkapplications that use ICMP packets.• The ICMP class should define a data variable for eachelement in the ICMP packet.14/09/55 C# Network Programming 18Dr. M. Munlin 9

14/09/55The Default Constructor• The default ICMP constructor creates an instance of theICMP class but does not assign any values to the datavariables.• We’ll assign these data within the ICMP applicationprogram when we are ready to create the ICMP packet.• The following is the ICMP class and a default constructor:14/09/55 C# Network Programming 19Create an ICMP Packet• To construct a new ICMP packet, just create a new ICMPobject and assign the values to the data elements:14/09/55 C# Network Programming 20Dr. M. Munlin 10

14/09/55Sending ICMP Packet• After a new ICMP object is created, we cannot directly sendthe ICMP object in a SendTo() method; it must be turnedinto a byte array.IPEndPoint iep = new IPEndPoint(IPAddress.Parse("192.168.1.2"), 0);sock.SendTo(packet.getBytes(), iep);14/09/55 C# Network Programming 21Receiving and rebuilding an ICMP Object• After sending an ICMP packet, we will get an ICMP packetreturned from the remote device.• To decipher the contents of the packet, we should createanother ICMP class constructor that can take a raw ICMPbyte array and place the values into the appropriate dataelements in the class:14/09/55 C# Network Programming 22Dr. M. Munlin 11

14/09/55Display ICMP Data• After creating the new ICMP object with the receivedpacket data, we can display data elements:14/09/55 C# Network Programming 23The ICMP Checksum Method• We simply create a self-contained method for calculatingthe checksum and place it in the ICMP class to be used bythe ICMP application program.14/09/55 C# Network Programming 24Dr. M. Munlin 12

14/09/5514/09/55 C# Network Programming 25A Simple Ping Program• Ping is an important and fundamental diagnostic tool tocheck a network connectivity of a remote device.• The ping program uses the ICMP Echo Request packet(Type 8) to send a simple message to a remote host.• When the remote host receives the message, it replies withan ICMP Echo Reply packet (Type 0), which contains theoriginal message.14/09/55 C# Network Programming 26Dr. M. Munlin 13

14/09/5514/09/55 C# Network Programming 2714/09/55 C# Network Programming 28Dr. M. Munlin 14

14/09/55An Advanced Ping Program• The SimplePing has the following limitations:◦ The destination address had to be entered as an IPaddress.◦ Only one ping message was sent and received.◦ The size of the ping data was not configurable.◦ The elapsed time for the ping to process was notrecorded.14/09/55 C# Network Programming 29An Advanced Ping Program14/09/55 C# Network Programming 30Dr. M. Munlin 15

14/09/5514/09/55 C# Network Programming 31The TraceRoute Program• The TraceRoute program creates an ICMP Echo Requestpacket and then enters a loop, setting the IP TTL value toincreasing values until the destination host is reached:• Each time an Echo Request packet is sent out, the programwaits for a response.• The Type element of the return packet is examined todetermine if the packet made it to the destination.• By displaying the sending address of each packet, we canwatch each router along the path of the ping packet.14/09/55 C# Network Programming 32Dr. M. Munlin 16

14/09/5514/09/55 C# Network Programming 35The FindMask Program• The FindMask program uses another ICMP message type toautomatically discover the subnet mask of the subnet thedevice .• FindMask uses ICMP Subnet Request packet type (ICMPType 17) to query devices on a network to determine whatthe network subnet mask is.• Each packet must have unique Identifier and Sequencevalues to distinguish it from other Subnet Request packetssent out by the device.14/09/55 C# Network Programming 36Dr. M. Munlin 18

14/09/55Query subnet• After the Identifier and Sequence field, a 4-byte integerfield identifies the subnet.• The Subnet Request packet places all zeros in this field.• A responding device on the network will replace the zeroswith the appropriate value for the subnet.• Because the value is returned as a long integer, we have toconvert it to an IPAddress object for easier reading:• The BitConverter class extracts the 4-byte value from thereceived ICMP packet and convert it to a long integervalue to later create a new IPAddress object.14/09/55 C# Network Programming 3714/09/55 C# Network Programming 38Dr. M. Munlin 19

14/09/5514/09/55 C# Network Programming 39Summary• ICMP allows a network device to quickly send queries anderror messages to other network devices.• We program ICMP using the Socket class andSocketType.Raw and the ProtocolType.Icmp property.• The ping program uses the ICMP Echo Request packet tosend a simple message to a remote host. When the remotehost receives the message, it replies with an ICMP EchoReply packet, which contains the original message.• The TraceRoute program creates an ICMP Echo Requestpacket and then enters a loop, setting the IP TTL value toincreasing values until the destination host is reached .• The ICMP Subnet Request packet type queries networkdevices to determine the configured subnet mask for anetwork.14/09/55 C# Network Programming 40Dr. M. Munlin 20