ICMP_Scanning_44
ICMP Usage in Scanning
44
Copyright Ó Ofir Arkin, 2000
http://www.sys-security.com
The only required behavior is that a host must attempt to avoid sending more messages with the
same PMTU value in the near future. A host can either cease setting the Dont Fragment bit in the
IP header (and allow fragmentation by the routers in the way) or reduce the datagram size. The
better strategy would be to lower the message size because fragmentation will cause more traffic
and consume more Internet resources.
A host using the PMTU Discovery process must detect decreases in Path MTU as fast as
possible. A host may detect increases in Path MTU, by sending datagrams larger than the current
estimated PMTU, which will usually be rejected by some router on the path to a destination since
the PMTU usually will not increase. Since this would generate traffic back to the host, the check
for the increases must be done at infrequent intervals. The RFC specify that an attempt for
detecting an increasment must not be done less than 10 minutes after a datagram Too Big has
been received for the given destination, or less than 2 minute after a previously successful
attempt to increase.
The sending host must know how to handle an ICMP Fragmentation Needed and the DF bit was
set error message that was sent by a device who does not know how to handle the PMTU
protocol and does not include the next-hop MTU in the error message. Several strategies are
available:
·
The PMTU should be set to the minimum between the currently assumed PMTU and
57632. The DF bit should not be set in future datagrams for that path.
·
Searching for the accurate value for the PMTU for a path. We keep sending datagrams
with the DF bit set with lowered PMTU until we do not receive errors.
A host must not reduce the estimation of a Path MTU value below 68 bytes.
A host MUST not increase its estimate of the Path MTU in response to the contents of a
Datagram Too Big message.
B.3 Router Specification
When a router cannot forward a datagram because it exceeded the MTU of the next-hop network
and the Dont Fragment bit was set, he is required to generate an ICMP Destination Unreachable
message to the source of the datagram., with the appropriate code indicating Fragmentation
needed and the Dont Fragment Bit was set. In the error message the router must include the
MTU of the next-hop in a 16bit field inside the error message.
Checksum
Link MTU
Unused ( zero )
Code = 4
Type = 3
IP header + 64 bits of original data of the datagram
0
8
16
31
Figure 11: ICMP Fragmentation Required with Link MTU
32
The usage of the lesser between 576 and the first-hop MTU as the PMTU for a destination, which is not connected to
the same network was the old implementation. The results were the use of smaller datagrams than necessary, waste of
Internet resources, and not being optimal.