ICMP超时消息格式
报文在转发或组装过程中,发现报文中TLL字段为0,则向源端发送ICMP超时报文。Traceroute正是利用了ICMP超时报文来获得路由器的IP地址,再用端口不可达报文来判断数据报是否已经送达目的端。
一、ICMP超时消息格式报文格式
+0------7-------15---------------31
| Type | Code | Checksum |
+--------------------------------+
| unused |
+--------------------------------+
| Internet Header |
| +64 bits of |
| Original Data Datagram |
+--------------------------------+
二、ICMP超时消息格式报文格式解释
|
字段 |
长度 |
含义 |
|---|---|---|
|
Type |
1字节 |
消息类型,此处值为11。 |
|
Code |
1字节 |
消息代码:
|
|
Checksum |
2字节 |
检验和,使用和IP相同的加法校验和算法,但是ICMP校验和仅覆盖ICMP报文。 |
|
Internet Header + 64 bits of Original Data Datagram |
可变 |
IP头和原始数据包的前64比特数据。该数据是主机用来匹配消息。对于更高层协议的用户端口号,原始数据包的前64比特的这些数据会被重组。 |
三、ICMP TTL超时消息示例
Frame 1: 70 bytes on wire (560 bits), 70 bytes captured (560 bits)
Arrival Time: Feb 25, 2014 02:30:55.060937000
Epoch Time: 1393266655.060937000 seconds
[Time delta from previous captured frame: 0.000000000 seconds]
[Time delta from previous displayed frame: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Frame Length: 70 bytes (560 bits)
Capture Length: 70 bytes (560 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ip:icmp:ip:icmp:data]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3), Dst: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
Destination: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
Address: HuaweiTe_06:5f:38 (00:e0:fc:06:5f:38)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3)
Address: 00:e1:fc:45:2b:f3 (00:e1:fc:45:2b:f3)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol Version 4, Src: 10.143.0.57 (10.143.0.57), Dst: 10.45.76.95 (10.45.76.95)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 56
Identification: 0x99cd (39373)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 254
Protocol: ICMP (1)
Header checksum: 0xc1a3 [correct]
[Good: True]
[Bad: False]
Source: 10.143.0.57 (10.143.0.57)
Destination: 10.45.76.95 (10.45.76.95)
Internet Control Message Protocol
Type: 11 (Time-to-live exceeded)
Code: 0 (Time to live exceeded in transit)
Checksum: 0xf4ff [correct]
Internet Protocol Version 4, Src: 10.45.76.95 (10.45.76.95), Dst: 220.181.112.143 (220.181.112.143)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00: Not-ECT (Not ECN-Capable Transport))
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..00 = Explicit Congestion Notification: Not-ECT (Not ECN-Capable Transport) (0x00)
Total Length: 92
Identification: 0x0134 (308)
Flags: 0x00
0... .... = Reserved bit: Not set
.0.. .... = Don't fragment: Not set
..0. .... = More fragments: Not set
Fragment offset: 0
Time to live: 1
[Expert Info (Note/Sequence): "Time To Live" only 1]
[Message: "Time To Live" only 1]
[Severity level: Note]
[Group: Sequence]
Protocol: ICMP (1)
Header checksum: 0x149d [correct]
[Good: True]
[Bad: False]
Source: 10.45.76.95 (10.45.76.95)
Destination: 220.181.112.143 (220.181.112.143)
Internet Control Message Protocol
Type: 8 (Echo (ping) request)
Code: 0
Checksum: 0xf781
Identifier (BE): 1 (0x0001)
Identifier (LE): 256 (0x0100)
Sequence number (BE): 125 (0x007d)
Sequence number (LE): 32000 (0x7d00)
发表评论