ICMP实验四:ping - ICMP回显请求、应答

2015年11月10日

一、实验目的

通过ping程序来了解ICMP回显请求与应答报文

二、简介

  • ICMP回显请求与应答报文格式
    • 类型和代码:类型8,代码0,表示ICMP回显请求;类型0,代码0,表示ICMP回显应答

图片失效

  • IP数据报首部RR(Record route,记录路由)选项字段
    • code:7
    • len(Bytes):39;第40个Bytes为EOL(数值为0x00)
    • ptr:记录下一个IP地址的开始位置,为4,8,12…36;40代表空间已满

图片失效

  • ping程序
    • 作用:检测主机之间网络是否联通的一种手段
    • -s选项
      • Specify the number of data bytes to be sent. The default is 56,which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data. Only the superuser may specify values more than default. This option cannot be used with ping sweeps.
    • -R选项
      • Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note that the IP header is only large enough for nine such routes; the traceroute(8) command is usually better at determining the route packets take to a particular destination. If more routes come back than should, such as due to an illegal spoofed packet, ping will print the route list and then truncate it at the correct spot. Many hosts ignore or discard the RECORD_ROUTE option.

三、实验环境

表1 ICMP实验环境
机器名称 网卡名称 IP地址 MAC地址
FreeBSD V1 em0 192.168.146.141 00:0c:29:4b:8e:c3
Mac vmnet8 192.168.146.1 00:50:56:c0:00:08

四、实验步骤一

  • 在FreeBSD V1上监听FreeBSD V1和Mac之间的ICMP数据包
1
2
# 命令
tcpdump -nex -ttt -i em0 -vnn icmp and \(host 192.168.146.1 and 192.168.146.141\)
  • 在Mac上向FreeBSD V1进行ping操作
1
2
3
4
5
6
7
8
9
10
# 命令
ping -c 1 192.168.146.141

# 结果
PING 192.168.146.141 (192.168.146.141): 56 data bytes
64 bytes from 192.168.146.141: icmp_seq=0 ttl=64 time=0.324 ms

--- 192.168.146.141 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.324/0.324/0.324/0.000 ms
  • FreeBSD V1监听到的网络内容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
00:00:00.000000 00:50:56:c0:00:08 > 00:0c:29:4b:8e:c3, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 166, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.146.1 > 192.168.146.141: ICMP echo request, id 20236, seq 0, length 64
	0x0000:  4500 0054 00a6 0000 4001 d423 c0a8 9201
	0x0010:  c0a8 928d 0800 c4be 4f0c 0000 5641 8255
	0x0020:  000a 2091 0809 0a0b 0c0d 0e0f 1011 1213
	0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
	0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
	0x0050:  3435 3637
00:00:00.000043 00:0c:29:4b:8e:c3 > 00:50:56:c0:00:08, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 24941, offset 0, flags [none], proto ICMP (1), length 84)
    192.168.146.141 > 192.168.146.1: ICMP echo reply, id 20236, seq 0, length 64
	0x0000:  4500 0054 616d 0000 4001 735c c0a8 928d
	0x0010:  c0a8 9201 0000 ccbe 4f0c 0000 5641 8255
	0x0020:  000a 2091 0809 0a0b 0c0d 0e0f 1011 1213
	0x0030:  1415 1617 1819 1a1b 1c1d 1e1f 2021 2223
	0x0040:  2425 2627 2829 2a2b 2c2d 2e2f 3031 3233
	0x0050:  3435 3637

五、实验结果分析一

  • 分析FreeBSD V1监听到的数据报,易得:
表2 IP数据报首部解析
版本 首部长度 服务类型 总长度 标识 标志 片偏移 TTL 协议 首部校验和 源IP地址 目的IP地址
0x4 0x5 0x00 0x0054 0x00a6 0x0 0x0 0x40 0x01 0xd423 0xc0a89201 0xc0a8928d
IPV4 20 Bytes 一般服务 84Bytes(20Bytes IP首部 + 64Bytes ICMP报文) 166 64 ICMP 置为0x0000 192.1658.146.1 192.1658.146.141


表3 ICMP回显请求报文首部解析
类型 代码 检验和 标识符 序号
0x08 0x00 0xc4be 4f0c 0000
ICMP回显请求 第一个ICMP回显请求


表4 ICMP回显应答报文首部解析
类型 代码 检验和 标识符 序号
0x00 0x00 0xccbe 4f0c 0000
ICMP回显应答 与回显请求一致 第一个ICMP回显应答


六、实验步骤二(-R选项)

  • 在Mac上监听ICMP数据包
1
2
# 命令
sudo tcpdump -nex -ttt -vnn icmp
  • 在Mac上向bbs.whnet.edu.cn进行ping操作
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 命令
ping -c 1 -R bbs.whnet.edu.cn

# 结果
PING bbs.whnet.edu.cn (202.114.0.248): 56 data bytes
64 bytes from 202.114.0.248: icmp_seq=0 ttl=48 time=53.041 ms
RR: 	10.0.10.30
	10.163.4.54
	115.238.118.186
	115.238.118.185
	101.4.115.157
	101.4.116.74
	101.4.116.73
	101.4.119.5
	202.114.1.186

--- bbs.whnet.edu.cn ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 53.041/53.041/53.041/0.000 ms
  • Mac监听到的网络内容如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
00:00:00.000000 ac:bc:32:91:42:7b > 00:25:b4:db:e9:c0, ethertype IPv4 (0x0800), length 138: (tos 0x0, ttl 64, id 53711, offset 0, flags [none], proto ICMP (1), length 124, options (RR 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0,EOL))
    10.242.142.102 > 202.114.0.248: ICMP echo request, id 11534, seq 0, length 64
	0x0000:  0025 b4db e9c0 acbc 3291 427b 0800 4f00
	0x0010:  007c d1cf 0000 4001 2ec8 0af2 8e66 ca72
	0x0020:  00f8 0727 0400 0000 0000 0000 0000 0000
	0x0030:  0000 0000 0000 0000 0000 0000 0000 0000
	0x0040:  0000 0000 0000 0000 0000 0800 2724 2d0e
	0x0050:  0000 5641 8f40 000e d33a 0809 0a0b 0c0d
	0x0060:  0e0f 1011 1213 1415 1617 1819 1a1b 1c1d
	0x0070:  1e1f 2021 2223 2425 2627 2829 2a2b 2c2d
	0x0080:  2e2f 3031 3233 3435 3637
00:00:00.052985 00:25:b4:db:e9:c0 > ac:bc:32:91:42:7b, ethertype IPv4 (0x0800), length 138: (tos 0x0, ttl 48, id 42738, offset 0, flags [none], proto ICMP (1), length 124, options (RR 10.0.10.30, 10.163.4.54, 115.238.118.186, 115.238.118.185, 101.4.115.157, 101.4.116.74, 101.4.116.73, 101.4.119.5, 202.114.1.186,,EOL))
    202.114.0.248 > 10.242.142.102: ICMP echo reply, id 11534, seq 0, length 64
	0x0000:  acbc 3291 427b 0025 b4db e9c0 0800 4f00
	0x0010:  007c a6f2 0000 3001 8879 ca72 00f8 0af2
	0x0020:  8e66 0727 280a 000a 1e0a a304 3673 ee76
	0x0030:  ba73 ee76 b965 0473 9d65 0474 4a65 0474
	0x0040:  4965 0477 05ca 7201 ba00 0000 2f24 2d0e
	0x0050:  0000 5641 8f40 000e d33a 0809 0a0b 0c0d
	0x0060:  0e0f 1011 1213 1415 1617 1819 1a1b 1c1d
	0x0070:  1e1f 2021 2223 2425 2627 2829 2a2b 2c2d
	0x0080:  2e2f 3031 3233 3435 3637

七、实验结果分析二(-R选项)

  • 分析Mac监听到的数据报,易得:
表5 ICMP回显请求-IP数据报首部选项字段解析
code len ptr
0x07 0x27 0x04
7 39 04


表6 ICMP回显应答-IP数据报首部选项字段解析
code len ptr
0x07 0x27 0x28
7 39 40


八、参考内容