Logout Open In App
Open In App
Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Chapter 5: Problem 1

If a UDP datagram is sent from host \(\mathrm{A}\), port \(\mathrm{P}\) to host \(\mathrm{B}\), port \(\mathrm{Q}\), but at host \(\mathrm{B}\) there is no process listening to port \(Q\), then \(B\) is to send back an ICMP Port Unreachable message to A. Like all ICMP messages, this is addressed to A as a whole, not to port \(\mathrm{P}\) on \(\mathrm{A}\). (a) Give an example of when an application might want to receive such ICMP messages. (b) Find out what an application has to do, on the operating system of your choice, to receive such messages. (c) Why might it not be a good idea to send such messages directly back to the originating port \(\mathrm{P}\) on \(\mathrm{A}\) ?

Short Answer

Expert verified
A network discovery tool might use ICMP messages. Applications use raw sockets to capture them. Sending messages to the originating port can cause confusion and security risks.

Step by step solution

01

Understanding ICMP Port Unreachable Message

An ICMP Port Unreachable message is sent when a datagram is received on a host but no application is listening on the specified port. This message informs the sender that the intended port cannot be accessed.
02

Example Usage of ICMP Messages

An application might want to receive ICMP Port Unreachable messages for network diagnostics. For example, a network discovery tool might use these messages to identify which ports are open or closed on a remote host.
03

Receiving ICMP Messages on a Specific Operating System

To receive ICMP messages, an application typically needs to access raw sockets and capture the ICMP packets. On a Unix-based system, this can be done using sockets of the type 'SOCK_RAW' and setting the appropriate protocol, usually IPPROTO_ICMP. Administrative privileges are usually required to create and manage raw sockets.
04

Reason for Not Sending Messages to the Originating Port

Sending ICMP Port Unreachable messages directly back to the originating port might not be a good idea because the originating port may not be configured to handle ICMP messages. This can cause confusion for the application and potential security risks as it could reveal the internal network structure.

Key Concepts

These are the key concepts you need to understand to accurately answer the question.

network diagnostics
Network diagnostics is essential for maintaining the health and performance of a network. Tools and techniques used for diagnostics help identify, analyze, and resolve network issues.
ICMP messages, such as Port Unreachable, are particularly useful in network diagnostics. They help in pinpointing the exact nature of a problem. For instance, an application may send a UDP datagram to a specific port on a remote host. If no process is listening on that port, the host will return an ICMP Port Unreachable message. This informs the sender that the port is closed, helping diagnose connectivity issues.
Network discovery tools, like Nmap, commonly use ICMP to map out active and inactive hosts and determine which ports are open or closed. By analyzing these messages, network administrators can take corrective actions to ensure network stability and performance.
raw sockets
Raw sockets allow direct sending and receiving of IP packets without any transport layer protocol (such as TCP or UDP) handling the data. They provide a way to customize packet headers and payloads.
On Unix-based systems, creating a raw socket involves using the socket system call with the SOCK_RAW type and specifying the protocol as IPPROTO_ICMP. This is often necessary for applications to receive ICMP messages. Admin privileges are usually a requirement to create raw sockets because they bypass standard network protocols, potentially affecting the entire network.
Using raw sockets, applications can intercept and process ICMP messages directly, enabling functions like network monitoring, security auditing, and custom protocol testing. However, care must be exercised due to the potential for misuse or security vulnerabilities.
Unix-based system
Unix-based systems, such as Linux and macOS, are known for their robustness and flexibility, especially in networking. They offer extensive tools and libraries for handling network operations.
To receive ICMP messages on Unix-based systems, developers often leverage raw sockets and need to operate with elevated permissions. The typical process involves creating a socket with `socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)` and setting it up to listen for incoming ICMP packets.
Unix-based systems also come with built-in utilities like `ping` and `traceroute` that utilize ICMP messages to diagnose network issues. Advanced commands like `tcpdump` or `wireshark` can capture and analyze network traffic, including ICMP messages, providing insights into the network state and facilitating troubleshooting.
network security
Network security is crucial in protecting data integrity and preventing unauthorized access. Understanding and managing ICMP messages can have significant security implications.
For example, ICMP Port Unreachable messages can help diagnose issues but can also be exploited by attackers to map network structure and identify vulnerable points. To mitigate risks, security measures such as firewalls are configured to carefully control ICMP traffic.
Additionally, sending ICMP messages directly to the originating port may expose sensitive details about the internal network configuration or lead to inadvertent Denial of Service (DoS). Hence, security policies often recommend limiting ICMP responses and scrutinizing the conditions under which they are sent.
Thus, while ICMP messages are indispensable for network diagnostics and management, they must be handled with security considerations to prevent exploitation.

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Most popular questions from this chapter

Propose an extension to TCP by which one end of a connection can hand off its end to a third host; that is, if \(\mathrm{A}\) were connected to \(\mathrm{B}\), and \(\mathrm{A}\) handed off its connection to \(\mathrm{C}\), then afterwards \(\mathrm{C}\) would be connected to \(\mathrm{B}\) and \(\mathrm{A}\) would not. Specify the new states and transitions needed in the TCP state transition diagram, and any new packet types involved. You may assume all parties will understand this new option. What state should A go into immediately after the handoff?

Consult Request for Comments 793 to find out how TCP is supposed to respond if a FIN or an RST arrives with a sequence number other than NextByteExpected. Consider both when the sequence number is within the receive window and when it is not.

Suppose a client \(C\) repeatedly connects via TCP to a given port on a server \(S\), and that each time it is \(\mathrm{C}\) that initiates the close. (a) How many TCP connections a second can C make here before it ties up all its available ports in TIME_WAIT state? Assume client ephemeral ports are in the range 1024-5119, and that TIME_WAIT lasts 60 seconds. (b) Berkeley-derived TCP implementations typically allow a socket in TIME WAIT state to be reopened before TIME_WAIT expires, if the highest sequence number used by the old incarnation of the connection is less than the ISN used by the new incarnation. This solves the problem of old data accepted as new; however, TIME_WAIT also serves the purpose of handling late final FINs. What would such an implementation have to do to address this and still achieve strict compliance with the TCP requirement that a FIN sent anytime before or during a connection's TIME_WAIT receive the same response?

Suppose, in TCP's adaptive retransmission mechanism, that EstimatedRTT is \(4.0\) at some point and subsequent measured RTTs all are \(1.0\). How long does it take before the TimeOut value, as calculated by the Jacobson/Karels algorithm, falls below \(4.0\) ? Assume a plausible initial value of Deviation; how sensitive is your answer to this choice? Use \(\delta=1 / 8\).

When TCP sends a \(\langle\) SYN, SequenceNum \(=x\rangle\) or \(\langle\) FIN, SequenceNum \(=x\rangle\), the consequent ACK has Acknowledgment \(=x+1\); that is, SYNs and FINs each take up one unit in sequence number space. Is this necessary? If so, give an example of an ambiguity that would arise if the corresponding Acknowledgment were \(x\) instead of \(x+1 ;\) if not, explain why.
See all solutions

Recommended explanations on Computer Science Textbooks

Data Structures

Read Explanation

Computer Network

Read Explanation

Cybersecurity in Computer Science

Read Explanation

Functional Programming

Read Explanation

Blockchain Technology

Read Explanation

Data Representation in Computer Science

Read Explanation
View all explanations

What do you think about this solution?

We value your feedback to improve our textbook solutions.

Study anywhere. Anytime. Across all devices.

Sign-up for free