Chapter 16 - Network Troubleshooting (PDF)
Document Details
Uploaded by barrejamesteacher
null
Tags
Summary
This chapter discusses network troubleshooting concepts, including destination unreachable messages and ICMP error messages.
Full Transcript
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting Basic Network Issues: Destination Unreachable Message ;: If aa datagram cannot be forwarded to its des...
Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting Basic Network Issues: Destination Unreachable Message ;: If aa datagram cannot be forwarded to its destination, ICMP returns a destination unreachable message, indicating to the sender that the datagram could not be properly forwarded ”¢ A destination unreachable message may also be sent when packet fragmentation is required to forward a packet: » Fragmentation is usually necessary when a datagram is forwarded from a Token Ring network to an Ethernet network » If the datagram does not allow fragmentation, the packet cannot be forwarded; consequently, a destination unreachable message is sent 59 Destination unreachable messages may also be generated if IP-related services such as FTP or web services are unavailable Copyright © O by Copyright by EC-L L AN Al Rights Rights Reserved. Reserved. Reproduction Reproduction isis Strictly Strictly Prohibited. Prohibited. Basic Network Issues: Destination Unreachable Message We have already discussed the concept of unreachable networks in previous sections. As we know, IP is a connectionless protocol that does not consider the information being sent. If a host that IP attempts to send information to is unavailable, this has to be notified to IP. This notification can be accomplished using ICMP destination unreachable message. If a a datagram cannot be forwarded to its destination, ICMP returns a destination unreachable message indicating to the sender that the datagram could not be properly forwarded. A destination unreachable message may also be sent when packet fragmentation is required to forward a packet: =*= Fragmentation is usually necessary when a datagram is forwarded from a Token Ring network to an Ethernet network. = |f the datagram does not allow fragmentation, the packet cannot be forwarded; consequently, a destination unreachable message is sent. Destination unreachable messages may also be generated if IP-related services such as FTP or web services are unavailable. Module 16 Page 1933 Certified Cybersecurity Technician Copyright © by EG-Bouncil EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting 0 4 8 12 16 20 24 28 32 | | | | | Type =3 Code (Error Subtype) Checksum Unused Original IP Datagram Portion (Original IP Header + First 8 bytes of Data Field) Figure 16.8: Format of an ICMP Destination Unreachable Message Each field in the ICMP destination unreachable message is described below. = Type (1 byte): This field defines the type of the ICMP message; for a destination unreachable message, its value is 3. = Code (1 byte): This field defines the reason behind the error, and a series of numbers represent various types of errors; for example, code 0 represents a network unreachable error, and code 1 represents a host unreachable error. = Checksum (2 bytes): This field defines a checksum for the ICMP header. * Unused (4 bytes): This field is left blank. = Original datagram portion (variable): This field defines the IP header of the datagram and the first 8 bytes of the datagram that prompted this error message to be sent. ‘ Administrator: Command Prompt — O > Microsoft Windows [Version 10.0.10586] (c) 2016 Microsoft Corporation. All rights reserved. C:\Windows\system32>ping 1©.1©.10.16 Pinging 1©..10.16 1©.10.10.16 w with - 32 bytes of data: Reply from 1©.1©.10.10: Destination host unreachable. Reply from 10.10.10.10:..10. - Destination host unreachable. Reply from 1©.1©.10.10:.1e.1e. : Destination host unreachable. Reply from 1©.1©.1©.10: Destination host unreachable. Ping statistics for 10.10.10.16:.10.10.16: Packets: Sent 4, Received £ s © (8% loss), C:\Windows\system32> Figure 16.9: Destination Unreachable Message Module 16 Page 1934 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting Basic Network Issues: Time Exceeded Message ICMP Time Exceeded Type =11 I IP Header |I 16 31 [oabit |y, nm«?! 1i 8-bit Type of | 16-bit Total Length (in bytes) Parameters Parameters 5Vmi°fli Length | Service (T0S) | 3-bit Data.......... Data e 16-bit Identification | i 13-bit Fragment Offset [ 8-bit Time-to-Live O ATTLvalue ATTL value is defined in each datagram (IP packet) bi brtiees (TTL) 16:it Header 16-bit Header Checksum Checksum () OQO As each router processes the datagram, it decreases 32-bit Source IP Address the TTL value by one O When the TTL of the datagram value reaches zero, the 32-bit Destination IP Address packet is discarded Options (if any) O ICMP uses a time exceeded message to notify the source device that the TTL of the datagram has been exceeded 1. AllAll Rights Reserved., Reserved. Reproduction is Strictly Prohibitec Prohibited Basic Network Issues: Time Exceeded Message In huge networks with hundreds of interconnected devices, the packet delay is a common problem. This delay might be caused by too many routers to choose the shortest path, router issues, router loop, etc. The router loop problem arises in the following kind of scenario: = Let there be two networks exchanging information. = The first network sends a packet to router R1, and R1 must choose the shortest path to reach the second network. = R1chooses router R2 as the shortest path and sends the packet to it. = R2 chooses router R3 as the shortest path and sends the packet to it. = R3chooses router R1 as the shortest path and sends the packet to it. = Likewise, the packet loops around these routers indefinitely, causing the router loop problem. A router loop is a serious problem that causes packets to loop around a network continuously. To avoid this kind of overhead, the IP header of a packet contains a time to live (TTL) field that sets the number of hops the packet can travel. Each time the packet reaches a router, its TTL value reduces by 1, and the process continuous until TTL = 0. At this moment, the packet loses its lifetime and expires. The device at which the packet expired, sends an ICMP time exceeded message to the source machine that sent the packet. Module 16 Page 1935 Certified Cybersecurity Technician Copyright © by EG-Council EC-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting The figure shows the TTL expiry scenario. Source Network Router 4 Router 6 Router 5 sends the ICMP Time Exceeded message to ML Source Network Router 3 Destination Network Router 1 Figure 16.10: TTL Expiry Scenario There is another scenario that leads to packet expiry and creates an error message. In certain situations, the IP packet is fragmented into small parts; these fragments choose different routing paths to reach the destination. It is the duty of the destination machine to join all these fragments into a full packet after the arrival of all the packets. If a fragment took the shortest path and reached the destination while the others are yet to reach, the destination host must wait till it gathers all the fragments. This may cause the destination host to wait for a long or even indefinite amount of time if any fragments were lost. To avoid such a scenario, the destination host sets a timer when it collects the first fragment and waits for the others. If this timer expires, the destination host discards the fragments that it received and sends an ICMP time exceeded message to the source host. The ICMP time exceeded message contains the following fields. = Type (1 byte): This field defines the type of ICMP message; for a time exceeded message, it is set to 11. = Code (1 byte): This field defines the reason behind the error, and a series of numbers represent various types of errors; for example, code 0 represents the expiration of TTL, and code 1 represents fragment reassembly timeout. = Checksum (2 bytes): This field defines a checksum for the ICMP header. = Unused (4 bytes): This field is not used and left blank. = Original datagram portion: This field contains the IP header and first 8 bits of the IP packet that was discarded because of the time exceeded error. Module 16 Page 1936 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting ICMP Time Exceeded Type =11 Parameters 3 -bitHeaderé 8-bit Type of i Version i Length : Service (TOS) 8-bit Time-to-Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Figure 16.12: IP Header Module 16 Page 1937 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.
