TCP vs UDP

[HTRegz]

Originally posted here by gore
ICMP deals in error checking and so on. The user interface for ICMP is the ping program. You can use ping to send ICMP packets and see if something responds with "Hello, I'm up and running"

ping 192.168.0.1

{192.168.0.1} Hello, I'm up and running.

Of course you can set hardware and software to NOT respond to ping.

Come on gore.. I expect better from you ..... ICMP TYPE 8 is ICMP ECHO REQUEST which is what ping is a user interface for, and the client should (if not blocking) responde with an ICMP TYPE 0 (ECHO REPLY)... However ping is not the user interface for all ICMP. how about Type 30 which is traceroute or type 13 which is timestamp. There are many programs that make use of ICMP and provide a front-end for users to form ICMP packets and requests. The best one, IMHO, is sing (http://sourceforge.net/projects/sing). ICMP is quite an amazing protocol. You can do a lot of basic (and sometimes more advanced) osdetection using only a few ICMP packets. A good example is the TTL field in the ping reply. This can be changed on most operating systems, but if you assume the default is set you can usually get a pretty good idea as to what OS the person is running.

Peace,

HT

[ammo]

Originally posted here by HTRegz
Come on gore.. I expect better from you ..... ICMP TYPE 8 is ICMP ECHO REQUEST which is what ping is a user interface for, and the client should (if not blocking) responde with an ICMP TYPE 0 (ECHO REPLY)... However ping is not the user interface for all ICMP. how about Type 30 which is traceroute or type 13 which is timestamp. There are many programs that make use of ICMP and provide a front-end for users to form ICMP packets and requests. The best one, IMHO, is sing (http://sourceforge.net/projects/sing). ICMP is quite an amazing protocol. You can do a lot of basic (and sometimes more advanced) osdetection using only a few ICMP packets. A good example is the TTL field in the ping reply. This can be changed on most operating systems, but if you assume the default is set you can usually get a pretty good idea as to what OS the person is running.

Peace,

HT

Well, lets see, I really expected better from you HTRegz!

While the first part of your comment about icmp type 0/8 for ping is right, the part about traceroute being icmp type 30 isn't quite correct:
Yes, type 30 IS defined as traceroute. However, this is the traceroute definded in RFC1393, which is mearly a memo published in 1993 as an experimental protocol to redefine the means of doing traceroute, which was never really adopted (afaik). The way traceroute is still actually done is to send successive icmp or udp packets with TTLs of 1, 2, 3, ... N until it reaches the actual host. When the packets with insufficient TTLs expire, the router sends back a "ICMP TTL exceeded" messages to the sender, enabling him to "trace the route".

This also leads me to a second point: the TTL field isn't a feature of ping or ICMP, it's a feature of IP. It's purpose is to make sure no IP packets stay looping indefinately on the (inter)net. The way it does this is that every router, when it routes a IP packet, decrements the TTL of that packet by 1. When a router gets a packet with a TTL of 1, it discards it and sends a "icmp ttl exceeded" (icmp type 11) back to the source of that packet.


Ammo

[HTRegz]

Hehe.. I guess we all expect better from people

I knew the TTL stuff, I guess I just didn't elaborate very well... However the traceroute info is new to me.. I just remembered the Type 30 from reading the RFC in one of my networking classes, however we never got much past that...... Live and learn..... Now work has been productive.. I've learned something new