ICMP(Internet Control Message Protocol)
°³¿ä
°ü·Ã RFCs
¢¹RFC792 : ÀÎÅÍ³Ý Á¦¾î ¸Þ½ÃÁö ÇÁ·ÎÅäÄÝ
¢¹RFC950 : ÀÎÅÍ³Ý Ç¥ÁØ ¼ºê³ÝÈ ÀýÂ÷
¢¹RFC1812 : IPv4 ¶ó¿ìÅÍ ¿ä±¸»çÇ× :À¯Çü 13,14,15¿¡ ¼ö·Ï
¢¹RFC1122 : ÀÎÅÍ³Ý È£½ºÆ®¿ä±¸»çÇ×-Åë½Å°èÃþ
¢¹RFC1256 : ICMP ¶ó¿ìÅÍ ¹ß°ß ¹ß°ß ¸Þ½ÃÁö
¢¹RFC1191 : °æ·Î MTU¹ß°ß
Router°¡ °æ·Î¼³Á¤À» ÇÒ ¼ö ¾ø´Â °æ¿ì³ª data¸¦ Àü´ÞÇÒ ¼ö ¾ø´Â °æ¿ì°¡ ¹ß»ýµÆÀ» ¶§, router´Â
network»óÀÇ ¹®Á¦¸¦ ÇÇÇϰųª º¹±¸Çϵµ·Ï source host¿¡ ICMP¸¦ ÀÌ¿ëÇØ Å뺸ÇÑ´Ù.
Router¿Í host°£ÀÇ Á¦¾î ¶Ç´Â ¿À·ùÁ¤º¸¸¦ ¼·Î Åë½ÅÇÏ´Â ¹æ½ÄÀ» ¼³¸íÇÑ´Ù.
ICMP¼ºñ½º Á¾·ù
¢¹¹ÝÇâ : IP³ëµåÀÇ Áø´Üµµ±¸
¢¹¸ñÀûÁö ¹Ìµµ´Þ : ¸ñÀûÁö IP ³ëµå¿¡ µµ´ÞÇÏÁö ¾Ê¾Ò´Ù´Â °ÍÀ» ³ªÅ¸³»±âÀ§ÇØ »ç¿ë
¢¹Ãâ¹ßÁö ¾ïÁ¦ : Ãâ¹ßÁö ÁýÁß¹®Á¦¸¦ ³ªÅ¸³»±â À§ÇØ »ç¿ë
¢¹ÀçÁöÁ¤ : ´ëü °æ·Î¸¦ ¾Ë¸®±â À§ÇØ ¶ó¿ìÅÍ¿¡ »ç¿ë
¢¹½Ã°£ ÃÊ°ú : IP header TTL field °ªÀÇ ¸¸·á¸¦ ³ªÅ¸³»±â À§ÇØ »ç¿ë
¢¹¸Å°³º¯¼ö ¹®Á¦ : IP datagram¹®Á¦¸¦ ³ªÅ¸³»±â À§ÇØ »ç¿ë
¢¹Å¸ÀÓ ½ºÅÛÇÁ : ÀÎÅͳݿ¡¼ ½Ã°£À» Àç±â À§ÇØ »ç¿ë
¢¹ÁÖ¼Ò ¸¶½ºÅ© : ³×Æ®¿öÅ©ÀÇ ¼ºê³Ý ¸¶½ºÅ© Á¤º¸¸¦ ÀÔ¼öÇϱâ À§ÇØ »ç¿ë
Type code
Type
|
ICMP message
|
Type
|
ICMP message
|
0
|
¹ÝÇâ ÀÀ´ä
|
13
|
ŸÀÓ½ºÅÛÇÁ ¿äû
|
3
|
¸ñÀûÁö ¹Ìµµ´Þ
|
14
|
ŸÀÓ½ºÅÆÇÁ ÀÀ´ä
|
4
|
Ãâ¹ßÁö ¾ïÁ¦
|
15
|
Á¤º¸ ¿äû
|
5
|
ÀçÁöÁ¤
|
16
|
Á¤º¸ ÀÀ´ä
|
8
|
¹ÝÇâ ÀÀ´ä
|
17
|
ÁÖ¼Ò¸¶½ºÅ© ¿äû
|
11
|
½Ã°£ ÃÊ°ú
|
18
|
ÁÖ¼Ò¸¶½ºÅ© ÀÀ´ä
|
12
|
ºñÁö´ÉÀû ¸Å°³º¯¼ö(IP)
|
|
|
ICMP format
IP header20 bytes |
ICMP messagen bytes |
|
type1 byte |
code1 byte |
checksum2 byte |
type°ú Äڵ忡 °ü·ÃµÈ ³»¿ëµém bytes |
IP datagram |
ICMP format ¼³¸í
¢¹type : message¸¦ ±¸º°
¢¹code : messageÀ¯Çü¿¡ ´ëÇÑ Ãß°¡Á¤º¸
¢¹hecksum : ICMP message¿¡ ´ëÇÑ checksum
¢¹message : type°ú code¿¡ ¿¬°üµÈ ³»¿ë
ICMP frameÀ» sniffer·Î º» ȸé
ICMP echo frame
ICMP echo reply
Echo reply°¡ ÀÌ·ç¾î Á³À» ¶§ win98 ¸í·É¾îâ¿¡¼ È®ÀεǴ ȸé
Á¤»óÀÎ °æ¿ì
ºñÁ¤»óÀÎ °æ¿ì : Àå¾Ö¹ß»ý
Destination Unreachable Message
type(3)1 byte |
code(0-15)1 byte |
checksum2 bytes |
unused (must be 0)4 bytes |
IP header + fist 64 bits of original IP datagram data |
¢¹type
3
¢¹code
0 = network unreachable
* IP ¸ñÀûÁö ÁÖ¼Ò¿¡ ÁöÁ¤µÈ ³×Æ®¿öÅ©°¡ ¾øÀ» ¶§(¶ó¿ìÅÍ¿¡¼¸¸ »ý¼º,°æ·Î¼³Á¤ ½ÇÆÐ)
1 = host unreachable
* µ¥ÀÌÅͱ׷¥ÀÌ ¶ó¿ìÅÍ¿¡¼´Â ¼º°øÀûÀ¸·Î Àü´ÞµÇ¾úÁö¸¸ ¸¶Áö¸· ¶ó¿ìÅÍ°¡ È£½ºÆ®¿Í Åë½Å ºÒ°¡
* ¹ß»ýÀÌÀ¯ : È£½ºÆ®Á¾·á,±¸¼º¿À·ù,IP¼³Á¤¿À·ù,(¸ñÀûÁö³×Æ®¿öÅ©¿¡ Á÷Á¢ ¿¬°áÇÏ´Â ¶ó¿ìÅÍ¿¡¼ »ý¼º)
2 = protocol unreachable
* µ¥ÀÌÅͱ׷¥ÀÌ ¸ñÀûÁö È£½ºÆ®¿¡ µµÂøÇßÁö¸¸ IPµ¥ÀÌÅͱ׷¥ÀÌ ¿î¹ÝÇÏ°í IPÇì´õÀÇ ÇÁ·ÎÅäÄÝ Çʵå·Î
½Äº°µÈ »óÀ§ ÇÁ·ÎÅäÄÝÀ» »ç¿ëÇÒ ¼ö ¾ø´Ù´Â ¶æ
* TCP/IP È£½ºÆ®¿¡¼ ±¸ÇöµÇ´Â °øÅëÀÇ »óÀ§ ÇÁ·ÎÅäÄÝÀº TCP,UDP,OSPFÀÓ.
* IP headerÀÇ ÇÁ·ÎÅäÄÝ ID¸¦ ÀÌ¿ëÇØ »ç¿ë°¡´É¿©ºÎ¸¦ È®ÀÎÇÏ¿© ¹®Á¦¸¦ ÇØ°áÇÒ ¼ö ÀÖ´Ù.
3 = port unreachable
* ÁöÁ¤µÈ ¿î¹Ý°èÃþ ÇÁ·ÎÅäÄÝ(TCP,UDP)ÀÌ µ¥ÀÌÅͱ׷¥À» °³º°ÈÇÒ ¼ö ¾ø°í ¼Û½ÅÀÚ¿¡°Ô ¾Ë¸± ¼ö ÀÖ´Â
´Ù¸¥ ÇÁ·ÎÅäÄÝ ¸ÞÄ¿´ÏÁòÀ» °¡Áö°í ÀÖÁö ¾ÊÀ» °æ¿ì »ý¼º(ex: ¼¹öÀÇ µ¥¸óµî)
4 = fragmentation needed but DF bit set
* ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽ºÀÇ MTU size°¡ datagramÀÇ Å©±âº¸´Ù À۱⠶§¹®¿¡ datagramÀ» ¹ß»ýÇØ¾ß ÇÏ´Â
¶ó¿ìÅÍ°¡ »ý¼º.±×·¯³ª datagram IP header¿¡ DF flag°¡ 1·Î ¼³Á¤µÇ¸é ¶ó¿ìÅÍ´Â datagram DFÇÒ ¼ö ¾ø´Ù
* DF flag´Â TFTP ÆÄÀÏÀü¼ÛÀ» ¼öÇàÇÏ´Â µð½ºÅ©¾ø´Â WSÀÌ ½Ã½ºÅÛ ºÎÆ® ¸Þ½ÃÁö ´Ù¿î·Îµå¸¦ À§ÇØ 1·Î ¼³Á¤
5 = source router failed
* IPÃâ¹ßÁö °æ·Î ¿É¼ÇÀ» »ç¿ëÇÏ´Â IP datagram¿¡ ´ëÇØ ¶ó¿ìÅÍ¿¡¼ »ý¼º, ¶ó¿ìÅÍ´Â datagram»èÁ¦
6 = destination network unknown
* ¶ó¿ìÅÍ°¡ °æ·Î ¼³Á¤Ç¥¿¡¼ ¸ñÀûÁö ³×Æ®¿öÅ©¸¦ ¾Ë ¼ö ¾ø´Ù´Â °ÍÀ» ŽÁö ÇßÀ» ¶§ »ý¼º.
7 = destination host unknown
* ¶ó¿ìÅÍ°¡ ³×Æ®¿öÅ© ÀÎÅÍÆäÀ̽º¿¡ ÀÖ´Â µ¥ÀÌÅ͸µÅ©Ãþ ¼ÒÇÁÆ®¿þ¾î¸¦ ÅëÇØ ¸ñÀûÁö È£½ºÆ®°¡ ¾ø´Ù´Â °ÍÀ» ŽÁö ÇßÀ» ¶§ ¶ó¿ìÅÍ¿¡¼ »ý¼º
8 = source host isolated(not used)
* ¶ó¿ìÅÍ°¡ ³ª¸ÓÁö ³×Æ®¿öÅ©¿¡¼ È£½ºÆ®°¡ °Ý¸®µÈ °ÍÀ» ŽÁöÇÏ¸é »ý¼º,RFC1812¿¡¼ »ç¿ë¸øÇϵµ·Ï ÇÔ
9 = destination network administratively prohibited
* ¸ñÀûÁö ³×Æ®¿öÅ©¿ÍÀÇ Åë½ÅÀÌ °ü¸®»ó ±ÝÁöµÊ.
10 = destination host administratively prohibited
* ¸ñÀûÁö È£½ºÆ®¿ÍÀÇ Åë½ÅÀÌ °ü¸®»ó ±ÝÁöµÊ
11 = network unreachable for TOS
* ¶ó¿ìÅÍ¿¡¼ °æ·Î ¼³Á¤Å×À̺íÀÇ °æ·Î°¡ ¿äûÇÑ ToS°ª ¶Ç´Â ±âº» ToS¿Í ÀÏÄ¡ÇÒ ¼ö ¾ø±â ¶§¹®¿¡
datagramÀ» ¹ß¼ÛÇÒ ¼ö ¾øÀ» °æ¿ì »ý¼º
12 = host unreachable for TOS
* ¸ñÀûÁö È£½ºÆ®¿¡ µµ´ÞÇÒ ¼ö ¾øÀ» °æ¿ì(code 11°ú À¯»ç)
13 = communication administratively prohibited by filtering
* Åë½Å ¹æȺ® ¶§¹®¿¡ °ü¸®»ó ±ÝÁöµÊ.
14 = host precedence violation
* È£½ºÆ® ¿ì¼±±Ç À§¹Ý(¼Û½ÅÀÚ È£½ºÆ®¿¡ ´ëÇÑ Ã¹ ¹ø° È© ¶ó¿ìÅÍ°¡ »ý¼º)
15 = precedence cutoff in effect
* ¿ì¼±±Ç È¿·ÂÀÌ Â÷´ÜµÊ(¶ó¿ìÅÍ¿¡¼ ¿ì¼±±ÇÀ» ³·°Ô º¸³½ datagramÀ» »èÁ¦ÇÏ°í ¼Û½ÅÀÚ¿¡°Ô º¸³½ MSG)
Time Exceeded Message
type(11)1 byte |
code(0/1)1 byte |
checksum2 bytes |
unused (must be 0)4 bytes |
IP header + fist 64 bits of original IP datagram data |
¢¹type
11
¢¹code
0 = time to live(TTL) equals 0 during transit
1= time to live(TTL) equals 0 during reassembly
Source Quench Message
Áß°£¿¡ ÀÖ´Â routerÀÇ buffer°¡ ²Ë Â÷¼ ´õÀÌ»ó ÀڷḦ ¹ÞÀ» ¼ö ¾øÀ» ¶§ ÀڷḦ º¸³»´Â source host¿¡
º¸³»´Â message.
type(4)1 byte |
code(0)1 byte |
checksum2 bytes |
unused (must be 0)4 bytes |
IP header + fist 64 bits of original IP datagram data |
- type
4
- code
0
Redirect Message
type(5)1 byte |
code(0-3)1 byte |
checksum2 bytes |
router IP address that should be used4 bytes |
IP header + fist 64 bits of original IP datagram data |
¢¹type
5
¢¹code
0 = redirect for networks
1 = redirect for host
2 = redirect for type of service and network
3 = redirect for type of service and host
Echo Request and Echo Reply Message
ping¸í·É¾î¿¡ »ç¿ëÇÑ´Ù.
type(0/8)1 byte |
code(0)1 byte |
checksum2 bytes |
identifier2 bytes |
sequence number2 bytes |
optional data |
¢¹type
0 = echo reply (ping reply)
8 = echo request (ping request)
¢¹code
0
|