What are the proper contents of an ICMP message? (Buffer, Don't Fragment, etc..)

What are the proper contents of an ICMP message? (Buffer, Don't Fragment, etc..)

I'm creating a Tracert program and am wondering if the value "buffer" used in the Ping payload really matters. Can it be anything, or do routers respond differently based on the contents of the buffer?

What about the other parts of an ICMP ping message? Don't Fragment, etc...

http://msdn.microsoft.com/en-us/library/ms144962.aspx

I found one sample that sets the buffer like this:

    byte[] Buffer
    {
        get
        {
            if (_buffer == null)
            {
                _buffer = new byte[32];
                for (int i = 0; i < Buffer.Length; i++)
                {
                    _buffer[i] = 0x65;
                }
            }
            return _buffer;
        }
    }

答案1

No, the data section of an ICMP echo is not meaningful.

It serves as a means to make the request and reply packets larger (potentially past the point of fragmentation, the path's MTU) to test network conditions, but is not handled in any way by ICMP implementations (aside from being copied into the echo reply by a responding device).

答案2

The data section of an echo request is optional. You only need to include it if you wish to

  • make the message larger to test for fragmentation-realated problems
  • test whether specific bit-patterns cause problems for your network devices (e.g. they might interpret long strings of ones or zeroes as a command to enter test mode)

A good reference on this topic is Eric Hall's Internet Core Protocols.

答案3

It depends. For timestamps, redirects, and unreachable messages the payload contains valuable information. Even echo request and reply payloads can contain information like timestamps.

You say that you're writing a traceroute program, but then you use the phrase "Ping payload" which suggests that you're trying to process ICMP echo requests and replies. While it's certainly possible to use ICMP messages for tracing routes (it's your only option with tracert on Windows) you won't be able to trace the complete path in many cases since overzealous admins often block echoes.

You might want to consider using other protocols for your probes, specifically TCP. When tracing the route to a web server for example, traceroute (which uses UDP by defualt) or tracert (ICMP) isn't nearly as useful as nmap -Pn --traceroute -p 80 or tcptraceroute.

相关内容