HostedDB - Dedicated UNIX Servers

ICMP_Scanning_39
ICMP Usage in Scanning 39 Copyright Ó Ofir Arkin, 2000 http://www.sys-security.com Appendix A: The ICMP Protocol28 Internet  Control  Message  Protocol  (ICMP)  is  used when a  router or a  destination  host need to inform the source host about errors in a datagram processing.   Some of ICMP’s characteristics are: o ICMP uses IP as if it were a higher-level protocol, however, ICMP is already an internal part of IP, and must be implemented by every IP module. o ICMP is used to provide feedback about some errors in a datagram processing, not to make IP reliable. Datagrams may still be undelivered without any report of their loss. If a higher level protocol that use IP need reliability he must implement it. o No ICMP messages are sent in response to ICMP messages to avoid infinite repetitions. The exception is a response to ICMP query messages (ICMP Types 0,8-10,13-18. See Table 1 ICMP Query Messages). o For  fragmented  IP  datagrams  ICMP  messages  are  only  sent  about  errors  on  fragment zero (first fragment). o ICMP  error  messages  are  never  sent  in  response  to  a  datagram  that  is  destined  to  a broadcast or a multicast address. o ICMP  error  messages  are  never  sent  in  response  to  a  datagram  sent  as  a  link  layer broadcast. o ICMP error messages are never sent in response to a datagram whose source address does not represents a unique host – the source IP address cannot be zero, a loopback address, a broadcast address or a multicast address.   o When an ICMP message of unknown type is received, it must be silently discarded.   o Routers will almost always generate ICMP messages but when it comes to a destination host(s), the number of ICMP messages generated is implementation dependent. ICMP Query Messages ICMP error Messages ECHO Destination Unreachable Router Advertisement Source Quench Router Solicitation Redirect Time Stamp Time Exceeded Information Parameter Problem Address Mask Table 1: ICMP message types                                                  28 ICMP is described in RFC 972 (http://www.ietf.org/rfc/rfc0972.txt) with updates in RFC 950 (http://www.ietf.org/rfc/rfc0950.txt).