Chapter 16 - 01 - Discuss Network Troubleshooting - 03_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

Basic Network Issues: IP
Parameter Problem

ICMP Parameter Problem | Type(3) Code (0-12) Checksum
Type=12 Unused (must be zero)
Internet Header + First 64 Bits of Datagram
[|

Basic Network Issues: IP Parameter Problem

Devices that process datagrams may not be able to forward a datagram owing to some type of
error in the header. This error does not relate to the state of the destination host or network
but still prevents the datagram from being processed and delivered. An ICMP type-12
parameter problem message is sent to the source of the datagram.

(1]
0 8 16 31

ICMP Parameter Problem |= Type (3) Code (0-12) Checksum
Type =12 Unused (must be zero)

Internet Header + First 64 Bits of Datagram

Figure 16.13: IP Parameter Problem

The parameter problem occurs when invalid data exist in the fields of an IP header. In this case,
the device that traced this invalid information from the IP header sends an ICMP parameter
problem message to the source machine that sent the packet. This message contains a pointer
that points to the field that caused the error, instead of error codes.

Module 16 Page 1938 Certified Cybersecurity Technician Copyright © by EG-Council
EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

The figure shows the format of the ICMP parameter problem message.

0 4 8 12 16 20 24 28 32
I I I I I
Type =12 (mcbggsm Checksum

Pointer Unused

Original IP Header
+

First 8 bits of Data Field

Figure 16.14: Format of an ICMP parameter problem message

Each field of an ICMP parameter problem message is discussed below.

* Type (1 byte): This field defines the type of the ICMP message; for parameter problem
messages, it is set to 12.

* Code (1 byte): This field defines the reason behind the error.
= Checksum (2 bytes): This field defines a checksum for the ICMP header.
= Pointer (1 byte): This field defines the cause of this message by pointing to the field that
is responsible.
= Unused (3 bytes): This field is not used and left blank.
= Original datagram portion: This field contains the IP header and first 8 bits of the IP
packet that was discarded because of the parameter problem.

Code and Pointer fields of the ICMP Parameter Problem Message:
We have already discussed that the pointer field is used to point out the field that caused the
parameter problem. Generally, the pointer to the field that caused this error message contains
the code value 0. However, to provide a meaningful reason for the generation of the parameter
problem message, two more code values are introduced, as described in the table below.

Code Message Details
It is a common way of showing the error field through
0 Pointer for the field.
the pointer.

Missing mandatory When a required field is missed, this code is indicated.
field The pointer cannot point an empty field.

Invalid size of the datagram packet indicates that the
2 Bad length error is in whole packet but not with a particular field.
Here there is nothing to do with a pointer to a field.

Table 16.1: Pointer and Code fields in an ICMP parameter problem message

Module 16 Page 1939 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Troubleshooting

Basic Network Issues: ICMP Control Messages

WY (=1
\Y ( ,
P e I S g