ICMP目的不可达消息格式
IP是一个尽力而为的交付机制,不会轻易丢弃数据报。当路由设备无法转发或者交付IP数据报时,会向源站发送一个目的站不可达的报文,然后丢弃该数据报。
一、ICMP目的不可达消息报文格式
+0------7-------15---------------31
| Type | Code | Checksum |
+--------------------------------+
| unused |
+--------------------------------+
| Internet Header |
| +64 bits of |
| Original Data Datagram |
+--------------------------------+二、ICMP目的不可达消息报文格式解释
| 字段 | 长度 | 含义 |
|---|---|---|
| Type | 1字节 | 消息类型,此处值为3。 |
| Code | 1字节 | 消息代码:
|
| Checksum | 2字节 | 检验和,使用和IP相同的加法校验和算法,但是ICMP校验和仅覆盖ICMP报文。 |
| unused | 4字节 | 未使用,必须填0。 |
| Internet Header + 64 bits of Original Data Datagram | 可变 | IP首部+原始数据包的前8字节:
该数据是主机用来匹配消息。对于更高层协议的用户端口号,原始数据包的前64比特的这些数据会被重组。 |
三、ICMP目的不可达消息(端口不可达)报文示例
Frame 1: 360 bytes on wire (2880 bits), 360 bytes captured (2880 bits)
Arrival Time: Feb 18, 2013 21:52:38.043263000
Epoch Time: 1361195558.043263000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 360 bytes (2880 bits)
Capture Length: 360 bytes (2880 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:ip:udp:bootp]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: b9:20:0a (00:13:5f:b9:20:0a), Dst: IETF-VRRP-VRID_02 (00:00:5e:00:01:02)
Destination: IETF-VRRP-VRID_02 (00:00:5e:00:01:02)
Address: IETF-VRRP-VRID_02 (00:00:5e:00:01:02)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: b9:20:0a (00:13:5f:b9:20:0a)
Address: b9:20:0a (00:13:5f:b9:20:0a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.27.216.217 (10.27.216.217), Dst: 10.99.65.167 (10.99.65.167)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 346
Identification: 0xb59f (46495)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 60
Protocol: ICMP (1)
Header checksum: 0xd844 [correct]
[Good: True]
[Bad: False]
Source: 10.27.216.217 (10.27.216.217)
Destination: 10.99.65.167 (10.99.65.167)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0xed37 [correct]
Internet Protocol Version 4, Src: 10.99.65.167 (10.99.65.167), Dst: 10.27.216.217 (10.27.216.217)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 318
Identification: 0x0000 (0)
Flags: 0x02 (Don't Fragment)
0... .... = Reserved bit: Not set
.1.. .... = Don't fragment: Set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 59
Protocol: UDP (17)
Header checksum: 0x4fb0 [correct]
[Good: True]
[Bad: False]
Source: 10.99.65.167 (10.99.65.167)
Destination: 10.27.216.217 (10.27.216.217)
User Datagram Protocol, Src Port: bootps (67), Dst Port: bootpc (68)
Source port: bootps (67)
Destination port: bootpc (68)
Length: 298
Checksum: 0x856b [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Bootstrap Protocol
Message type: Boot Reply (2)
Hardware type: Ethernet
Hardware address length: 6
Hops: 0
Transaction ID: 0x32cfcc75
Seconds elapsed: 0
Bootp flags: 0x0000 (Unicast)
0... .... .... .... = Broadcast flag: Unicast
.000 0000 0000 0000 = Reserved flags: 0x0000
Client IP address: 10.27.216.217 (10.27.216.217)
Your (client) IP address: 10.27.216.217 (10.27.216.217)
Next server IP address: 0.0.0.0 (0.0.0.0)
Relay agent IP address: 0.0.0.0 (0.0.0.0)
Client MAC address: Sunniwel_4e:0e:3c (00:07:63:4e:0e:3c)
Client hardware address padding: 00000000000000000000
Server host name not given
Boot file name not given
Magic cookie: DHCP
Option: (t=53,l=1) DHCP Message Type = DHCP ACK
Option: (53) DHCP Message Type
Length: 1
Value: 05
Option: (t=6,l=8) Domain Name Server
Option: (6) Domain Name Server
Length: 8
Value: ca636044ca636844
IP Address: 10.99.96.68
IP Address: 10.99.104.68
Option: (t=51,l=4) IP Address Lease Time = 10 minutes
Option: (51) IP Address Lease Time
Length: 4
Value: 00000258
Option: (t=58,l=4) Renewal Time Value = 5 minutes
Option: (58) Renewal Time Value
Length: 4
Value: 0000012c
Option: (t=59,l=4) Rebinding Time Value = 9 minutes, 30 seconds
Option: (59) Rebinding Time Value
Length: 4
Value: 0000023a
Option: (t=3,l=4) Router = 10.27.192.1
Option: (3) Router
Length: 4
Value: 0a1bc001
Option: (t=1,l=4) Subnet Mask = 10.255.224.0
Option: (1) Subnet Mask
Length: 4
Value: ffffe000
Option: (t=54,l=4) DHCP Server Identifier = 10.99.65.167
Option: (54) DHCP Server Identifier
Length: 4
Value: ca6341a7
End Option四、ICMP目的不可达消息(协议不可达)报文示例
Frame 501: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Mar 17, 2015 14:04:41.429806000
Epoch Time: 1426572281.429806000 seconds
[Time delta from previous captured frame: 0.000992000 seconds]
[Time delta from previous displayed frame: 0.000992000 seconds]
[Time since reference or first frame: 29.882139000 seconds]
Frame Number: 501
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:ip]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: 54:39:df:1d:73:d0 (54:39:df:1d:73:d0), Dst: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Destination: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Address: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 54:39:df:1d:73:d0 (54:39:df:1d:73:d0)
Address: 54:39:df:1d:73:d0 (54:39:df:1d:73:d0)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.30.129.137 (10.30.129.137), Dst: 10.30.129.205 (10.30.129.205)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
1100 00.. = Differentiated Services Codepoint: Class Selector 6 (0x30)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 60
Identification: 0x54ef (21743)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (1)
Header checksum: 0x0a7e [correct]
[Good: True]
[Bad: False]
Source: 10.30.129.137 (10.30.129.137)
Destination: 10.30.129.205 (10.30.129.205)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 2 (Protocol unreachable)
Checksum: 0xfd15 [correct]
Internet Protocol Version 4
Version: 4
Header length: 24 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total length: 8 bytes (bogus, less than header length 24)
[Expert Info (Error/Protocol): Bogus IP length]
[Message: Bogus IP length]
[Severity level: Error]
[Group: Protocol]五、ICMP目的不可达消息(目的主机被强制禁止)报文示例
ng: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3), Dst: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
Destination: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
Address: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3)
Address: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.76.239.245 (10.76.239.245), Dst: 10.45.76.95 (10.45.76.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 104
Identification: 0x3603 (13827)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 248
Protocol: ICMP (1)
Header checksum: 0xc8c3 [correct]
[Good: True]
[Bad: False]
Source: 10.76.239.245 (10.76.239.245)
Destination: 10.45.76.95 (10.45.76.95)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 10 (Host administratively prohibited)
Checksum: 0xc65a [correct]
Internet Protocol Version 4, Src: 10.45.76.95 (10.45.76.95), Dst: 10.76.239.245 (10.76.239.245)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 76
Identification: 0x02c2 (706)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 120
Protocol: UDP (17)
Header checksum: 0x9ac2 [incorrect, should be 0x7c11 (maybe caused by "IP checksum offload"?)]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.45.76.95 (10.45.76.95)
Destination: 10.76.239.245 (10.76.239.245)
User Datagram Protocol, Src Port: 62562 (62562), Dst Port: ntp (123)
Source port: 62562 (62562)
Destination port: ntp (123)
Length: 56
Checksum: 0xc40c [validation disabled]
[Good Checksum: False]
[Bad Checksum: False]
Network Time Protocol
Flags: 0x1b
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .011 = Mode: client (3)
Peer Clock Stratum: unspecified or invalid (0)
Peer Polling Interval: invalid (0)
Peer Clock Precision: 1.000000 sec
Root Delay: 0.0000 sec
Root Dispersion: 0.0000 sec
Reference ID: NULL
Reference Timestamp: Jan 1, 1970 00:00:00.000000000 UTC
Origin Timestamp: Jan 1, 1970 00:00:00.000000000 UTC
Receive Timestamp: Jan 1, 1970 00:00:00.000000000 UTC
Transmit Timestamp: Feb 24, 2014 18:32:59.064000000 UTC
发表评论