Socket Subroutines       Sendto & Recvfrom       Struct Sockaddr       Address Family       Raw Sockets       Own IP Header       Protocol Type       Traceroute Packet       UDP Ports       Type of Service       Setsockopt       Again IP Header       Select       Timeout    Protocol ICMP is the part of the IP layer and ICMP messages are transmitted within IP datagrams. IP datagram consists of the IP header (20 bytes) and ICMP message. The first byte of the ICMP message contains the type field. For example, Ping uses the messages echo reply (type 0) and echo request (type 8). The Traceroute sends UDP datagrams. Destination UDP port should be chose as an unlikely value, so that it is impossible that any destination application uses this port. UDP destination side sends an ICMP message port unreachable (type 3, code 3). If TTL is 0 in the received datagram the router sends back the ICMP message time exceeded (type 11, code 0). ICMP messages are exchanged between hosts without port numbers. The second byte of the ICMP message contains the code field. If a router cannot forward a packet because it has no routes at all to the destination specified in the packet, the router generates network unreachable (type 3,code 0). If the router have routes to the destination network specified in the packet, but the TOS specified ( TOS = type of service, second byte in the IP header) for the routes is neither the default TOS (0000) nor the TOS of the packet that the router is attempting to route, then the router generates network unreachable for TOS (type 3, code 11) 8-byte code field is given in the first column, second column contains description of code. The main message codes that Traceroute uses are port unreachable (type 3, code 3) and TTL equals 0 during transit (type 11, code 0). In the next table obly codes for the ICMP message type destination unreachable (type 3) are shown. Code Description 0 network unreachable 1 host unreachable 2 protocol unreachable 3 port unreachable 4 fragmentation needed 5 source route failed 6 destinantion network unknown 7 destinantion host unknown 8 source host isolated 9 destinantion network administartively prohibited 10 destinantion host administartively prohibited 11 network unreachable for TOS 12 host unreachable for TOS 13 communiction administrativly prohibited by filtering 14 host precedence violation 15 precedence cutoff in effect If the router decides that there is no path to the destination host then the router generates the ICMP message host unreachable (type 3, code 1). If router cannot forward the packet because no route to the destination and the packet has a TOS that is either equal to the TOS requested in the packet or is the default TOS (0000) then the router generates the message host unreachable for TOS (type 3, code 12) One of the two ICMP messages that Traceroute receives is the message port unreachable. (type 3, code 3).The second one is time exceeded (type 11) and it's received if TTL (time to live) is 0. When Traceroute sends UDP datagrams, there are two cases. Case 1: Destination is reached. But destination port is chose as unlikely value, so that destination UDP module generates an ICMP message port unreachable. Case 2: Destination host hasn't reached and TTL is 0. then UDP module of the current host sends back the ICMP message time exceeded and the host IP address.

Traceroute Servlet Traceroute List Traceroute Download WhoIs Service URL Geography  Producer Consumer   Applet Producer Consumer View Thread Monitor View Sender/Receiver, Asynchronous and Synchronous layers, Publish/Subscriber Patterns: Producer-Consumer, Half-Sync/Half-Async, Model-View-Controller One of the two ICMP messages that Traceroute receives is the message port unreachable. The second one is the message time exceeded (TTL is 0). 8-byte type field is given in the first column, second column contains description of type, the last column shows message distinction: Query/Error. The main message types that Traceroute receives are time exceeded and destination unreachable. Type Description Query/Error 0 echo reply Query 3 destination unreachable Error 4 source quench Error 5 redirect Error 8 echo request Query 9 router advertisment Query 10 router solicitation Query 11 time exceeded Error 12 paramter problem Error 13 timestamp request Query 14 timestamp reply Query 15 information request(obsolete) Query 16 information reply(obsolete) Query 17 addressmask request Query 18 addressmask reply Query     The Traceroute program uses the next socket subroutines: socket (create sockets), sendto (send message) , recvfrom (receive message), setsockopt (set socket options), select (check I/O status). struct sockaddr whereto; sendto(snd_socket, (char *)op, op_len,       0, &whereto, sizeof(struct sockaddr)); struct sockaddr_in *from; recvfrom(rcv_socket, (char *)packet, PACKET_SIZE,       0, (struct sockaddr *)from, &fromlen);       The subroutins send and recv are applied only when the socket is connected (TCP). The subroutins sendto and recvfrom allows an application program to send and receive messages through an unconnected socket (UDP, ICMP). For the sendoto a destination address has to be specifyied in the struct sockaddr (or sockaddr_in). The recvfrom returns the source address accosiated with each incoming data in the same structure.        struct sockaddr {    u_char sa_len;    u_char sa_family;    char sa_data[14]; }; or struct sockaddr_in {    u_char sin_len;    u_char sin_family;    u_short sin_port;    struct in_addr sin_addr;    char sin_zero[8]; }; struct in_addr {    u_long s_addr; /* 32-bit, IP address */ };      The subroutine socket creates two sockets: for sending and for receiving. For the case of the multithreaded traceroute these sockets are created for every traceroute client. The first parameter of the socket is the Addrees Family. For both sockets this parameter have to be AF_INET. The field sin_family from the struct sockaddr_in have to be AF_INET as well. pe = getprotobyname("icmp"); rcv_socket = socket(AF_INET, SOCK_RAW, pe->p_proto); snd_socket = socket(AF_INET, SOCK_RAW, IPPROTO_RAW);     The second parameter Socket Type have to be SOCK_RAW. It provides access to internal network protocols and interfaces. This type of socket is available only to the root user. Raw sockets are applied in the next cases:   - to send and receive ICMP messages ( Ping )   - to build own IP headers. The Traceroute program builds its own UDP datagrams, including the IP and UDP headers.    The Traceroute was the first process that need to write its own IP headers (to change the TTL field) (TCP/IP, vol.2, 32.3, Gary R. Wright, W.Richard Stevens )    The third parameter of the subroutine socket is Protocol Type. It is equal to IPPROTO_RAW for the send socket and ICMP type for the receive socket. The value IPPROTO_RAW is set to point that own IP headers will be sent.    The Traceroute packet struct opacket (38 bytes) contains the IP header struct ip (20 bytes) and UDP header struct udphdr (8 bytes). struct opacket {    struct ip ip; /* 20 bytes */    struct udphdr udp; /* 8 bytes */    u_char seq; /* sequence number*/    u_char ttl; /* ttl packet left */    struct timeval tv; /* 8 bytes */ }; struct udphdr {    u_short uh_sport; /* src port */    u_short uh_dport; /* dst port */    short uh_ulen;     /* udp length */    u_short uh_sum;   /* checksum */ }; struct ip { #if BYTE_ORDER == LITTLE_ENDIAN     u_char ip_hl:4, /* header length */     ip_v:4; /* version */ #endif #if BYTE_ORDER == BIG_ENDIAN     u_char ip_v:4, /* version */     ip_hl:4; /* header length */ #endif     u_char ip_tos; /* type of service */     short ip_len; /* total length */     u_short ip_id; /* identification */     short ip_off; /* fragment offset field */     u_char ip_ttl; /* time to live */     u_char ip_p; /* protocol */     u_short ip_sum; /* checksum */     struct in_addr ip_src; /* source addr */     struct in_addr ip_dst; /* dest address */ };    The UDP source port uh_sport isn't mandatory. In the case of multithreaded traceroute this field may be used to thread identification. The incoming ICMP message is checking with the sent one to check the thread, which sent the corresponding UDP message. Destination UDP port uh_dport should be chose as an unlikely value, so that it is impossible that any destination application uses this port.    The 8-bit TOS field (type-of-service) of the IP header has only 4 bits, which are in use today. These 4 TOS bits are minimize delay, maximize throughput, maximize reliability, minimize monetary cost. Only 1 of these 4 bits can be turned on. If all 4 bits are 0 it implies normal service. The TOS feature isn't supported by most TCP/IP implementations. The TOS value for the Traceroute program is 0.    The subroutine setsockopt set options at all levels of the TCP stack. The second parameter of the setsockopt is the level. Possible values for the level are SOL_SOCKET (any protocol), IPPROTO_IP (protocols UDP/IP, TCP/IP, ICMP/IP), IPPROTO_TCP (protocol TCP). To enble a option the fourth parameter optval of the setsockopt is set to a nonzero value. To disable an option, optval is set to 0. on = 1; setsockopt(snd_socket, IPPROTO_IP, IP_HDRINCL,      (char *)&on, sizeof(on));    The Traceroute sets the level to IPPROTO_IP and the third parameter of the setsockopt optname to IP_HDRINCL allowing a process to send its own IP header with the wildcard entry. Therefore, there are 3 places regard to the own IP header:    - The value SOCK_RAW in the procedure socket, parameter Socket Type    - The value IPPROTO_RAW in the procedure socket, parameter Protocol Type    - The value IP_HDRINCL in the procedure setsockopt, parameter optname    The select subroutine checks the specified file descriptors to see if they are ready for reading (receiving) or writing (sending), or if they have an exceptional condition pending. Select waits in the blocking mode and notifies when data is available. Traceroute uses the select subroutine together with recvfrom, so that the second and third parameters ( write and exception file descriptor lists ) are set to 0. The first parameter fsd (read file descriptor list) is set by macroses FD_ZERO and FD_SET. After receiving data this parameter fds is cleared by FD_CLR. FD_ZERO(&fds); FD_SET(rcv_socket, &fds); if (select(rcv_socket+1, &fds, (fd_set *)0, (fd_set *)0, &wait) > 0)      /* do recvfrom */ FD_CLR(rcv_socket, &fds);    The first parameter nfds of the select specifies the number of file descriptors to check. Select notifies about file descriptors in the range [0, ndfs - 1], so that the first parameter of the select above is rcv_socket+1.    The last parameter of the select is the timeout defined in the structure timeval. static struct timeval wait; wait.tv_sec = 5; /* for example*/ wait.tv_usec = 0; struct timeval{    long tv_sec; /* seconds */    long tv_usec; /* microseconds */ };    The timeout is reset in the select subroutine every time the Traceroute sends the probe message to the destination host. What is ..ICMP    - Defenition and Links ICMP    - ICMP is used by a device, often a router, to report and acquire a wide     range of communications-related information. ICMP Router Discovery Protocol    - IRDP is not a routing protocol like Routing Information Protocol (RIP)     or Interior Gateway Routing Protocol (IGRP). It is an extension to ICMP. Path MTU Discovery and Filtering ICMP    - MTU: The maximum transmission unit is a link layer restriction on     the maximum number of bytes of data in a single transmission. ICMP Rate Limiting    - Some sites simply block pings, others limit the amount of traffic that     is accepted from pings. Denial of Service Attacks    - "Smurf" attack. A perpetrator sends a large amount of ICMP echo packets.     The "smurf" attack's cousin is called "fraggle", which uses UDP echo. RFC 2267. Network Ingress Filtering.     - Defeating Denial of Service Attacks. Restricting forged traffic.     TCP SYN flood attacks, UDP and ICMP flooding.

Maintained by Rafael Stekolshchik        klivlend1@yahoo.com