icmp數(shù)據(jù)包格式分析

ICMP數(shù)據(jù)包格式分析ICMP報文格式ICMP網(wǎng)絡(luò)控制報文協(xié)議包含有一下幾個字段，類型、代碼、校驗和、identifier、序列圖1請求應(yīng)答報文對請求與應(yīng)答報文對可分為回應(yīng)請求與應(yīng)答報文、路由器請求與通告報文、時間戳請求與應(yīng)答報文和地址掩碼請求與應(yīng)答報文。如圖2所示為一組回應(yīng)請求與應(yīng)答報文：10.00000012.12.12.112.12.12.2ICMP114Echo(ping)requestid=0x0000sseq=l/256sttl=25520.03100012.12.12.212.12.12.1ICMP114Echo(ping)replyid=0x0000sseq=l/256,Ttl=25530.06300012.12.12.112.12.12.2ICMP114Echo(ping)request1d=0x0000,seq=2/512sttl=25540.10900012.12.12.212.12.12.1ICMP114Echo(ping)replyid=0x0000sseq=2/512sTT1=25550.14100012.12.12.112.12.12.2ICMP114Echo(ping)requestid=0x0000,seq=3/768,ttl=25560.17200012.12.12.212.12.12.1ICMP114Echo(ping)replyid=0x0000sseq=3/768,"1=25570.20300012.12.12.112.12.12.2ICMP114Echo(ping)request1d=0x0000sseq=4/1024ttl=25580.21900012.12.12.212.12.12.1ICMP114Echo(ping)reply1d=0x0000sseq=4/1024ttl=255圖2請求報文類型為8,表示回應(yīng)請求報文，傳遞的ping命令通常用于測試信宿的可到達(dá)性（如圖3）。日inter門Etcontrc/lMessageProtocolType:8(Echo(ping)request)code:0Checksum:0xe90a[correct]Identifier(BE):0(0x0000)Identifier(LE):0(0x0000)sequencenumber(BE):1(0x0001)Sequencenumber(LE):256(0x0100)「民esdd門se工門：2~l田Data(72bytes)圖3應(yīng)答報文類型為0，表示回應(yīng)應(yīng)答報文。比較這組報文對，其標(biāo)識符和序列號是一樣的，且數(shù)據(jù)部分也是一樣的（如圖4）。日internetcontrolMessageProtocolType:0(Echo(ping)reply)code:0Checksum:OxflOa[correct]Identifier(BE):0(0x0000)Identifier(LE):0(0x0000)sequencenumber(BE):1(0x0001)Sequencenumber(LE):256(0x0100)「民esdd門seTo:l~l[ResponseTime:31.000ms]田Data(72bytes)圖4差錯報告1．下圖為一個UDP數(shù)據(jù)報錯誤引發(fā)的信宿不可達(dá)報告：SourceDestinationProtocol亠Info222.95.20.45220.181.51.201UDPSourceport:4574Destinationport:80220.181.61.201222.95.20.45ICMPDestinationunreachable(Portunreachab1e)Filter:|ip.id—26391TExpression...ClearApply■InternEtControlMessageProtocolType:3(Destinationunreachab1e)Code:3(Portunreachab1e)Checksurn:Oxde55[匚匚〕meet]InternetProtocol,Src:222.95.20.45(222.95.20.45),Dst:220.181.61.201(220.181.61.201)Version:4Header1ength:20bytesDifferentiatedServicesField:0x00(DSCP0x00:Default;ECN:0x00)TotalLength:780Identifi匚ation:0x6717(26391)i>Flags:0x00Fragmentoffset:0Timetolive:122Protocol:UDP(0x11)i>Header匚卜iecksurn:Ox匚gbe[comeet]Source:222.95.20.45(222.95.20.45)DEStiwtio門：22O.181.61.2Ol〔220.181.61.201)Data.grajnProtocol,SrcPort:4574(4574),DstPort:80(80)Data〔520bytes)報告類型為3，代碼為3，說明產(chǎn)生信宿不可達(dá)報文的原因可能是端口不可達(dá)。在ICMP報文的數(shù)據(jù)部分封裝了出錯數(shù)據(jù)報的部分信息。本例中封裝了出錯的IP數(shù)據(jù)報首部和該IP數(shù)據(jù)報封裝的UDP首部和一部分?jǐn)?shù)據(jù)段（這里與書上有些差異，書上說是數(shù)據(jù)部分的前64位，本例中為520個字節(jié)的數(shù)據(jù)，看了其他同類型報文封裝的數(shù)據(jù)大小不一）產(chǎn)生信宿不可達(dá)報文的原因還有可能是網(wǎng)絡(luò)不可達(dá)、主機不可達(dá)和協(xié)議不可達(dá)等。其代碼分別為0、1、2。如下圖是主機不可達(dá)：78.226.196.10222.95.20.45ICMPDestinatlonunreachabIe(HostunreachabIe2．下圖為一個ICMP請求超時引發(fā)的數(shù)據(jù)報超時報告：

工門te廠門et匸□門工門te廠門et匸□門t廠口1 ProtQDiplCode:0(Timetoliveexceededintransit)Checksum:Ox9fa3[correct]-InternetProtocol,Src:222.95.20.45(222.95.20.45),Dst:218.31.91.1(218.31.91.1)Version:4Headerlength:20bytesDifferentiatedServicesField:0x00(D5CP0x00:Default;ECN:0x00)TotalLength:60Identification:OxbBel(46817)>Flags:0x00Fragmentoffs