ICMP协议报文通用格式
有很多情况都会发送ICMP消息,例如,报文无法发送到目的地址,再如,网关设备没有足够的缓存来存储转发报文。
一、ICMP报文格式
+0------7-------15---------------31
| Type | Code | Checksum |
+--------------------------------+
| Message Body |
| (Variable length) |
+--------------------------------+
二、ICMP报文格式解释
| 字段 | 长度 | 含义 |
|---|---|---|
| Type | 1字节 | 报文类型,用来标识报文,Type字段的取值和含义如下表1所示。 |
| Code | 1字节 | 代码,提供报文类型的进一步信息,Code字段的取值和含义如下表1所示。 |
| Checksum | 2字节 | 校验和,使用和IP相同的加法校验和算法,但是ICMP校验和仅覆盖ICMP报文。 |
| Message Body | 可变 | 字段的长度和内容,取决于消息的类型和代码,请参见下表1。 |
三、ICMP消息类型代码
其中,最后一个字段的长度和内容,取决于消息的类型和代码。对应的列表如下:
表1 ICMP消息类型代码对应表
| 类型Type | 代码Code | 描述 |
|---|---|---|
| 0 | 0 | 回显应答(ping应答) |
| 3 | 0 | 网络不可达 |
| 3 | 1 | 主机不可达 |
| 3 | 2 | 协议不可达 |
| 3 | 3 | 端口不可达 |
| 3 | 4 | 需要进行分片但设置不分片比特 |
| 3 | 5 | 源站选路失败 |
| 3 | 6 | 目的网络不认识 |
| 3 | 7 | 目的主机不认识 |
| 3 | 8 | 源主机被隔离(作废不用) |
| 3 | 9 | 目的网络被强制禁止 |
| 3 | 10 | 目的主机被强制禁止 |
| 3 | 11 | 由于TOS,网络不可达 |
| 3 | 12 | 由于TOS,主机不可达 |
| 3 | 13 | 由于过滤,通信被强制禁止 |
| 3 | 14 | 主机越权 |
| 3 | 15 | 优先权中止生效 |
| 4 | 0 | 源端被关闭 |
| 5 | 0 | 对网络重定向 |
| 5 | 1 | 对主机重定向 |
| 5 | 2 | 对服务类型和网络重定向 |
| 5 | 3 | 对服务类型和主机重定向 |
| 8 | 0 | 请求回显(ping请求) |
| 9 | 0 | 路由器通告 |
| 10 | 0 | 路由器请求告 |
| 11 | 0 | 传输期间生存时间为0 |
| 11 | 1 | 在数据报组装期间生存时间为0 |
| 12 | 0 | 坏的IP首部 |
| 12 | 1 | 缺少必须的选项 |
| 13 | 0 | 时间戳请求(作废不用) |
| 14 | 0 | 时间戳应答(作废不用) |
| 15 | 0 | 信息请求(作废不用) |
| 16 | 0 | 信息应答(作废不用) |
| 17 | 0 | 地址掩码请求 |
| 18 | 0 | 地址掩码应答 |
四、 ICMP消息报文示例
Frame 1: 50 bytes on wire (400 bits), 50 bytes captured (400 bits)
Arrival Time: Mar 17, 2015 14:04:15.071870000
Epoch Time: 1426572255.071870000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 50 bytes (400 bits)
Capture Length: 50 bytes (400 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a), Dst: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Destination: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Address: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Address: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.30.129.205 (10.30.129.205), Dst: 10.168.121.153 (10.168.121.153)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 36
Identification: 0x3c81 (15489)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)
Header checksum: 0x0000 [incorrect, should be 0x962a (maybe caused by "IP checksum offload"?)]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.30.129.205 (10.30.129.205)
Destination: 10.168.121.153 (10.168.121.153)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xf3df [correct]
Identifier (BE): 1056 (0x0420)
Identifier (LE): 8196 (0x2004)
Sequence number (BE): 0 (0x0000)
Sequence number (LE): 0 (0x0000)
Data (8 bytes)
Data: 0000000000000000
[Length: 8]
五、 ICMP协议栈结构
ICMP消息封装在IP报文中,格式如下:
+-------------------------------+
| ICMP message |
+-------------------------------+
| IP header (Protocol = 0x01) |
+-------------------------------+
| L2 header |
+-------------------------------+
发表评论