• Best VPN Service

    Top VPNs that Unlock Netflix, provide Secure Torrenting, Strong Encryption, Fast Downloads, DNS Leak Protection, Identity Protection and have Cheap VPN prices.

    read more

    Hyper-V Concepts

    It's time to get familiar with Hyper-V Virtualization, virtual servers, virtual switches, virtual CPUs, virtual deployment infrastructure (VDI) and more.
    Read more

Hot Downloads

Introduction To The ICMP Protocol

Posted in ICMP Protocol

The Internet Control Message Protocol (ICMP), is a very popular protocol and actually part of an Internet Protocol (IP) implementation. Because IP wasn't designed to be absolutely reliable, ICMP came into the scene to provide feedback on problems which existed in the communication environment.

ICMP is one of the most useful protocols provided to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more, however caution must be taken because you can easily end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) from a web server when in fact its firewall is configured not to reply to 'pings' for security reasons! This usually leads most engineers to the incorrect conclusion that the remote host might be down.

Note
A few years ago there was a program released, which still circulates around the Internet, called Click (I got my hands on version 1.4). Click was designed to run on a Windows platform and work against MIRC users - Windows based program for the Internet Relay Chat (IRC) network. The program would utilise the different messages available within the ICMP protocol to send special error messages to Mirc users, making the remote user's program think it had lost connectivity with the IRC server, thus disconnecting them from the server ! The magic is not what the program can do, but how it does it!

 

The ICMP Protocol

ICMP is defined in RFC (Request For Comments) RFC792. Looking at its position in the OSI model we can see that it's sitting in the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above:

icmp-intro-1

 

The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.

I am going to break down the different message descriptions as they have been defined by the RFC792.

There is a lot of information to cover in ICMP so I have broken it down to multiple pages rather than sticking everything into one huge page that would bore you!

 

 

Also, I haven't included all the messages which ICMP supports, rather I selected a few of the more common ones that you're likely to come across. You can always refer to the RFC792 to get the details on all messages.

 

We will start with a visual example of where the ICMP header and information are put in a packet, to help you understand better what we are dealing with :)

icmp-header

The structure is pretty simple, not a lot involved, but the contents of the ICMP header will change depending on the message it contains. For example, the header information for an 'echo' (ping) message (this is the correct term) is different to that of a 'destination unreachable' message, also a function of ICMP.

TCP Header Length Analysis - Section 3

Posted in TCP Protocol Analysis

The third field under close examination is the TCP Header length. There really isn't that much to say about the Header length other than to explain what it represents and how to interpret its values, but this alone is very important as you will soon see.

Let's take a quick look at the TCP Header length field, noting its position within the TCP structure:

tcp-analysis-section-3-1

You might also have seen the Header length represented as "Data offset" in other packet sniffers or applications, this is virtually the same as the Header length, only with a 'fancier' name.

Analysing the Header length

If you open any networking book that covers the TCP header, you will almost certainly find the following description for this particular field:

TCP Flag Options - Section 4

Posted in TCP Protocol Analysis

As we have seen in the previous pages, some TCP segments carry data while others are simple acknowledgements for previously received data. The popular 3-way handshake utilises the SYNs and ACKs available in the TCP to help complete the connection before data is transferred.

Our conclusion is that each TCP segment has a purpose, and this is determined with the help of the TCP flag options, allowing the sender or receiver to specify which flags should be used so the segment is handled correctly by the other end.

Let's take a look at the TCP flags field to begin our analysis:

tcp-analysis-section-4-1

You can see the 2 flags that are used during the 3-way handshake (SYN, ACK) and data transfers.

As with all flags, a value of '1' means that a particular flag is 'set' or, if you like, is 'on'. In this example, only the "SYN" flag is set, indicating that this is the first segment of a new TCP connection.

In addition to this, each flag is one bit long, and since there are 6 flags, this makes the Flags section 6 bits in total.

 

 

 You would have to agree that the most popular flags are the "SYN", "ACK" and "FIN", used to establish connections, acknowledge successful segment transfers and, lastly, terminate connections. While the rest of the flags are not as well known, their role and purpose makes them, in some cases, equally important.

We will begin our analysis by examining all six flags, starting from the top, that is, the Urgent Pointer:

 

1st Flag - Urgent Pointer

TCP Window Size, Checksum & Urgent Pointer - Section 5

Posted in TCP Protocol Analysis

Our fifth section contains some very interesting fields that are used by the TCP transport protocol. We see how TCP helps control how much data is transferred per segment, make sure there are no errors in the segment and, lastly, flag our data as urgent, to ensure it gets the priority it requires when leaving the sender and arriving at the recipient.

So let's not waste any time and get right into our analysis!

tcp-analysis-section-5-1

The fifth section we are analysing here occupies a total of 6 bytes in the TCP header.

These values, like most of the fields in the protocol's header, remain constant in size, regardless of the amount of application data.

This means that while the values they contain will change, the total amount of space the field occupied will not.






 

The Window Flag

Analysing TCP Header Options - Section 6

Posted in TCP Protocol Analysis

The TCP Options (MSS, Window Scaling, Selective Acknowledgements, Timestamps, Nop) are located at the end of the TCP Header which is also why they are covered last. Thanks to the TCP Options field we have been able to enhance the TCP protocol by introducing new features or 'addons' as some people like to call them, defined by their respective RFC's.

As data communication continues to become more complex and less tolerable to errors and latency, it was clear that these new features had to be incorporated to the TCP transport to help overcome the problems created by the new links and speeds available.

To give you an example, Window Scaling, mentioned in the previous pages and elaborated here, is possible using the TCP Options field because the original Window field is only 16 bits long, allowing a maximum decimal number of 65,535. Clearly this is far too small when we want to express 'Window size' values using numbers in the range of thousands to a million e.g 400,000 or 950,000.

Before we delve into any details, let's take a look at the TCP Options field:

tcp-analysis-section-6-1

 

As you can see, the TCP Options field is the sixth section of the TCP Header analysis.

Located at the end of the header and right before the Data section, it allows us to make use of the new enhancements recommended by the engineers who help design the protocols we use in data communications today.







 

TCP Options

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup