Chapter 16 - 01 - Discuss Network Troubleshooting - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 Basic Network Issues: Destination Unreachable Message : ¢ If a datagram cannot be forwarded to its destination, ICMP returns a destination unreachable message, indicating to the sender that the datagram could not be properly forwarded A destination unreachable message may also be sent when packet fragmentation is required to forward a packet: » Fragmentation is usually necessary when a datagram is forwarded from a Token Ring network to an Ethernet network » If the datagram does not allow fragmentation, the packet cannot be forwarded; consequently, a 9 destination unreachable message is sent Destination unreachable messages may also be generated if IP-related services such as FTP or web services are unavailable Copyright O by Al Rights Reserved. Reproduction is Strictly Prohibited. Basic Network Issues: Destination Unreachable Message We have already discussed the concept of unreachable networks in previous sections. As we know, IP is a connectionless protocol that does not consider the information being sent. If a host that IP attempts to send information to is unavailable, this has to be notified to IP. This notification can be accomplished using ICMP destination unreachable message. If a datagram cannot be forwarded to its destination, ICMP returns a destination unreachable message indicating to the sender that the datagram could not be properly forwarded. A destination unreachable message may also be sent when packet fragmentation is required to forward a packet: *= Fragmentation is usually necessary when network to an Ethernet network. a datagram is forwarded from a Token = |f the datagram does not allow fragmentation, the packet consequently, a destination unreachable message is sent. cannot be Ring forwarded; Destination unreachable messages may also be generated if IP-related services such as FTP or web services are unavailable. Module 16 Page 1933 Certified Cybersecurity Technician Copyright © by EG-Bouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 0 4 8 | 12 16 | Type =3 20 24 | Code 28 | 32 | Checksum (Error Subtype) Unused Original IP Datagram Portion (Original IP Header + First 8 bytes of Data Field) Figure 16.8: Format of an ICMP Destination Unreachable Message Each field in the ICMP destination unreachable message is described below. = Type (1 byte): This field defines the type of the ICMP message; for a destination unreachable message, its value is 3. = Code (1 byte): This field defines the reason behind the error, and a series of numbers represent various types of errors; for example, code 0 represents a network unreachable error, and code 1 represents a host unreachable error. = Checksum (2 bytes): This field defines a checksum for the ICMP header. * Unused (4 bytes): This field is left blank. = Original datagram portion (variable): This field defines the IP header of the datagram and the first 8 bytes of the datagram that prompted this error message to be sent. ‘ Administrator: 2016 Command Windows Microsoft Prompt [Version — 10.0.10586] Corporation. All rights C:\Windows\system32>ping 1©.1©.10.16 Pinging 1©. Reply from Reply from Reply from -.10.16 w 1©.1©.10.10:..10..1e.1e. : host host host host O > reserved. unreachable. unreachable. unreachable. unreachable..10.10.16: Received £ s © (8% loss), C:\Windows\system32> Figure 16.9: Destination Unreachable Message Module 16 Page 1934 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 Basic Network Issues: Time Exceeded Message ICMP Time Exceeded Type =11 I IP Header 1 i Parameters Data e 16 | | O ATTL value is defined in each datagram (IP packet) QO As each router processes the datagram, it decreases the TTL value by one O When the TTL of the datagram value reaches zero, the packet is discarded O ICMP uses a time exceeded message to notify the I 31 16-bit Total Length (in bytes) 3-bit 8-bit Time-to-Live i 13-bit Fragment Offset [ 16:it Header Checksum () 32-bit Source IP Address 32-bit Destination IP Address Options (if any) source device that the TTL of the datagram has been exceeded 1. All Rights Reserved. Reproduction is Strictly Prohibited Basic Network Issues: Time Exceeded Message In huge networks with hundreds of interconnected devices, the packet delay is a common problem. This delay might be caused by too many routers to choose the shortest path, router issues, router loop, etc. The router loop problem arises in the following kind of scenario: = Let there be two networks exchanging information. = The first network sends a packet to router R1, and R1 must choose the shortest path to reach the second network. = R1chooses router R2 as the shortest path and sends the packet to it. = R2 chooses router R3 as the shortest path and sends the packet to it. = R3chooses router R1 as the shortest path and sends the packet to it. = Likewise, the packet problem. loops around these routers indefinitely, causing the router loop A router loop is a serious problem that causes packets to loop around a network continuously. To avoid this kind of overhead, the IP header of a packet contains a time to live (TTL) field that sets the number of hops the packet can travel. Each time the packet reaches a router, its TTL value reduces by 1, and the process continuous until TTL = 0. At this moment, the packet loses its lifetime and expires. The device at which the packet expired, sends an ICMP time exceeded message to the source machine that sent the packet. Module 16 Page 1935 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Exam 212-82 Network Troubleshooting The figure shows the TTL expiry scenario. Source Network Router 4 Router 6 Router 5 sends the ICMP Time Exceeded message to Source Network Router 3 ML Destination Network Router 1 Figure 16.10: TTL Expiry Scenario There is another scenario that leads to packet expiry and creates an error message. In certain situations, the IP packet is fragmented into small parts; these fragments choose different routing paths to reach the destination. It is the duty of the destination machine to join all these fragments into a full packet after the arrival of all the packets. If a fragment took the shortest path and reached the destination while the others are yet to reach, the destination host must wait till it gathers all the fragments. This may cause the destination host to wait for a long or even indefinite amount of time if any fragments were lost. To avoid such a scenario, the destination host sets a timer when it collects the first fragment and waits for the others. If this timer expires, the destination host discards the fragments that it received and sends an ICMP time exceeded message to the source host. The ICMP time exceeded message contains the following fields. = Type (1 byte): This field defines the type of ICMP message; for a time exceeded message, it is set to 11. = Code (1 byte): This field defines the reason behind the error, and a series of numbers represent various types of errors; for example, code 0 represents the expiration of TTL, and code 1 represents fragment reassembly timeout. = Checksum (2 bytes): This field defines a checksum for the ICMP header. = Unused (4 bytes): This field is not used and left blank. = Original datagram portion: This field contains the IP header and first 8 bits of the IP packet that was discarded because of the time exceeded error. Module 16 Page 1936 Certified Cybersecurity Technician Copyright © by EG-Gouncil All Rights Reserved. Reproduction is Strictly Prohibited. Certified Cybersecurity Technician Network Troubleshooting Exam 212-82 ICMP Time Exceeded Type =11 Parameters 3 -bitHeaderé i Version i Length : 8-bit Type of Service (TOS) 8-bit Time-to-Live (TTL) 32-bit Source IP Address 32-bit Destination IP Address Options (if any) Figure 16.12: IP Header Module 16 Page 1937 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited.