ICMP重定向消息
ICMP重定向消息是ICMP控制报文中的一种。在特定的情况下,当路由器检测到一台主机或网络设备使用非优化路由的时候,它会向该主机或网络设备发送一个ICMP重定向报文,请求主机或网络设备改变路由。路由器也会把初始数据报向它的目的地转发。
一、ICMP重定向消息报文格式
+0------7-------15---------------31
| Type | Code | Checksum |
+--------------------------------+
| Gateway Internet Address |
+--------------------------------+
| Internet Header |
| +64 bits of |
| Original Data Datagram |
+--------------------------------+
二、ICMP重定向消息报文格式解释
| 字段 | 长度 | 含义 |
|---|---|---|
| Type | 1字节 | 消息类型,此处值为5。 |
| Code | 1字节 | 消息代码:
|
| Checksum | 2字节 | 检验和。 |
| Gateway Internet Address | 4字节 | 即原始数据包里的IP目的地址域。 |
| Internet Header + 64 bits of Original Data Datagram | 可变 | IP头和原始数据包的前64比特数据。该数据是主机用来匹配消息。对于更高层协议的用户端口号,原始数据包的前64比特的这些数据会被重组。 |
三、ICMP重定向消息报文示例
Frame 1: 74 bytes on wire (592 bits), 74 bytes captured (592 bits)
Arrival Time: Mar 17, 2015 14:04:15.071870000
Epoch Time: 1426572255.071870000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 74 bytes (592 bits)
Capture Length: 74 bytes (592 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:data]
[Coloring Rule Name: ICMP]
[Coloring Rule String: icmp || icmpv6]
Ethernet II, Src: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a), Dst: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Destination: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
Address: PaloAlto_00:01:1a (00:1b:17:00:01:1a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
Address: 40:f2:e9:2e:b2:5a (40:f2:e9:2e:b2:5a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.1.1.3 (10.1.1.3), Dst: 10.168.121.153 (10.168.121.153)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 60
Identification: 0x3c81 (15489)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)
Header checksum: 0x0000 [incorrect, should be 0x962a (maybe caused by "IP checksum offload"?)]
[Good: False]
[Bad: True]
[Expert Info (Error/Checksum): Bad checksum]
[Message: Bad checksum]
[Severity level: Error]
[Group: Checksum]
Source: 10.1.1.3 (10.1.1.3)
Destination: 10.168.121.153 (10.168.121.153)
Internet Control Message Protocol
Type: 5 (Redirect)
Code: 1 (Redirect for host)
Checksum: 0x01f6 [correct]
Gateway address: 10.1.1.2 (10.1.1.2)
Internet Protocol, Src: 10.1.1.3 (10.1.1.3), Dst: 10.1.1.4 (10.1.1.4)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 100
Identification: 0x0041 (65)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0x0000 [correct]
[Good: True]
[Bad: False]
Source: 10.1.1.3 (10.1.1.3)
Destination: 10.168.121.153 (10.168.121.153)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0x74af[incorrect, should be 0xf7f2]
Identifier: 0x000d
Sequence number: 0 (0x0000)
Sequence number (LE): 0 (0x0000)
发表评论