Networking ICMP错误消息与生成它们的IP数据包之间的相关性
我需要发送一组IP数据包,我确信这些数据包将触发ICMP TTL过期错误消息。如何准确地将每个错误消息与生成它的数据包相关联?ICMP标头中的哪个字段用于此操作Networking ICMP错误消息与生成它们的IP数据包之间的相关性,networking,ip,packet,icmp,ttl,Networking,Ip,Packet,Icmp,Ttl,我需要发送一组IP数据包,我确信这些数据包将触发ICMP TTL过期错误消息。如何准确地将每个错误消息与生成它的数据包相关联?ICMP标头中的哪个字段用于此操作 我是否应该在原始IP报头中使用一些自定义ID号,这样我就可以知道哪个错误消息对应于哪个数据包?如果是,哪个字段最适合此项?ICMP TTL过期消息的正文必须包括原始数据包的IP报头(包括源端口/目标端口)和原始报头之外的64位 根据定时和该报头信息,您可以导出触发TTL过期消息的数据包 我在下面包含一个由NTP数据包触发的示例 有关更多
我是否应该在原始IP报头中使用一些自定义ID号,这样我就可以知道哪个错误消息对应于哪个数据包?如果是,哪个字段最适合此项?ICMP TTL过期消息的正文必须包括原始数据包的IP报头(包括源端口/目标端口)和原始报头之外的64位 根据定时和该报头信息,您可以导出触发TTL过期消息的数据包 我在下面包含一个由NTP数据包触发的示例 有关更多详细信息,请参阅(第5页)
ICMP TTL过期消息
ICMP TTL过期消息的正文必须包括原始数据包的IP报头(包括源端口/目标端口)和原始报头之外的64位 根据定时和该报头信息,您可以导出触发TTL过期消息的数据包 我在下面包含一个由NTP数据包触发的示例 有关更多详细信息,请参阅(第5页)
ICMP TTL过期消息
好的,所以我应该跟踪每个报头和每个数据包的前8个字节的有效负载,对吗?搜索时不会太快,但如果没有其他方法,我会处理它。好的,所以我应该跟踪每个头和每个数据包的前8字节有效负载,对吗?搜索的速度不太快,但如果没有其他方法,我会处理它。
Ethernet II, Src: JuniperN_c3:a0:00 (b0:c6:9a:c3:a0:00), Dst: 78:2b:cb:37:4c:7a (78:2b:cb:37:4c:7a)
Destination: 78:2b:cb:37:4c:7a (78:2b:cb:37:4c:7a)
Address: 78:2b:cb:37:4c:7a (78:2b:cb:37:4c:7a)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: JuniperN_c3:a0:00 (b0:c6:9a:c3:a0:00)
Address: JuniperN_c3:a0:00 (b0:c6:9a:c3:a0:00)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 172.25.116.254 (172.25.116.254), Dst: 172.25.116.10 (172.25.116.10)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 56
Identification: 0x86d7 (34519)
Flags: 0x02 (Don't Fragment)
0.. = Reserved bit: Not Set
.1. = Don't fragment: Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 255
Protocol: ICMP (0x01)
Header checksum: 0xb3b1 [correct]
[Good: True]
[Bad : False]
Source: 172.25.116.254 (172.25.116.254)
Destination: 172.25.116.10 (172.25.116.10)
Internet Control Message Protocol
Type: 11 (Time-to-live exceeded)
Code: 0 (Time to live exceeded in transit)
Checksum: 0x4613 [correct]
Internet Protocol, Src: 172.25.116.10 (172.25.116.10), Dst: 172.25.0.11 (172.25.0.11)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 36
Identification: 0x0001 (1)
Flags: 0x00
0.. = Reserved bit: Not Set
.0. = Don't fragment: Not Set
..0 = More fragments: Not Set
Fragment offset: 0
Time to live: 0
[Expert Info (Note/Sequence): "Time To Live" only 0]
[Message: "Time To Live" only 0]
[Severity level: Note]
[Group: Sequence]
Protocol: UDP (0x11)
Header checksum: 0xee80 [correct]
[Good: True]
[Bad : False]
Source: 172.25.116.10 (172.25.116.10)
Destination: 172.25.0.11 (172.25.0.11)
User Datagram Protocol, Src Port: telindus (1728), Dst Port: ntp (123)
Source port: telindus (1728)
Destination port: ntp (123)
Length: 16
Checksum: 0xa7a1 [unchecked, not all data available]
[Good Checksum: False]
[Bad Checksum: False]