【文件属性】:
文件名称:ICMP消息格式-漏洞扫描技术
文件大小:842KB
文件格式:PPT
更新时间:2021-04-26 01:57:28
漏洞扫描
ICMP消息格式
0
8
16
31
type
code
checksum
identifier
sequence number
example specific format: echo request/reply
optional data
general format
0
8
16
31
type
code
checksum
contents depend on type and code
ICMP提供不能传送的信息包的错误报告和发现并修理故障的工具。举例说来,如果IP不能将一信息包传送到目的地主机,ICMP将发送一个目的地不能到达的信息给源主机。表4列出了大多数普通ICMP信息。
ICMP(Internet Control Message Protocal) In ternet 控制报文协议
1、正式规范参见RFC 792 。
2、ICMP报文是在IP数据报内部被传输的。
3、ICMP报文的格式如图所示。所有报文的前4个字节都是一样的,但是剩下的其它字节则互不相同。
4、类型字段可以有15个不同的值,以描述特定类型的ICMP报文。某些ICMP报文还使用代码字段的值来进一步描述不同的条件。
5、 检验和字段覆盖整个ICMP报文。使用的算法与IP首部检验和算法相同。ICMP的检验和是必需的。
ICMP is an adjunct of IP and is the simplest protocol that we will discuss in this course. ICMP is generally used by various network protocols to transmit informational and administrative/error messages (we've already seen that routers send back time exceeded error messages when an IP packet's TTL value drops to zero).
There are a number of different ICMP messages, each of which is differentiated by a unique message type. Each message type can be further distinguished by one of many unique codes. After an ICMP checksum (which is distinct from the IP datagram checksum), the rest of the ICMP header varies based on the message type (only the message type and not the message code determine the format of the rest of the ICMP header) and there is an optional data area.
As an example, consider the ping program which sends out ICMP echo request messages and receives back ICMP echo reply messages from the destination host. Since the administrator may wish to have multiple ping programs firing messages to the same destination, each stream of echo request messages needs to be identified with a unique number. Typically a ping program sends out a regular stream of ICMP echo requests with a increasing sequence number so that the program can know when packets are being dropped. The echo response packets reflect these parameters as well.
On the other hand, there are no such requirements for time exceeded messages, and these messages have a completely different header format from the fourth byte onwards.