Logout Open In App
Open In App
Warning: foreach() argument must be of type array|object, bool given in /var/www/html/web/app/themes/studypress-core-theme/template-parts/header/mobile-offcanvas.php on line 20

Chapter 5: Problem 1

If a UDP datagram is sent from host \(\mathrm{A}\), port \(\mathrm{P}\) to host \(\mathrm{B}\), port \(\mathrm{Q}\), but at host \(\mathrm{B}\) there is no process listening to port \(Q\), then \(B\) is to send back an ICMP Port Unreachable message to A. Like all ICMP messages, this is addressed to A as a whole, not to port \(\mathrm{P}\) on \(\mathrm{A}\). (a) Give an example of when an application might want to receive such ICMP messages. (b) Find out what an application has to do, on the operating system of your choice, to receive such messages. (c) Why might it not be a good idea to send such messages directly back to the originating port \(\mathrm{P}\) on \(\mathrm{A}\) ?

Short Answer

Expert verified
A network discovery tool might use ICMP messages. Applications use raw sockets to capture them. Sending messages to the originating port can cause confusion and security risks.

Step by step solution

01

Understanding ICMP Port Unreachable Message

An ICMP Port Unreachable message is sent when a datagram is received on a host but no application is listening on the specified port. This message informs the sender that the intended port cannot be accessed.
02

Example Usage of ICMP Messages

An application might want to receive ICMP Port Unreachable messages for network diagnostics. For example, a network discovery tool might use these messages to identify which ports are open or closed on a remote host.
03

Receiving ICMP Messages on a Specific Operating System

To receive ICMP messages, an application typically needs to access raw sockets and capture the ICMP packets. On a Unix-based system, this can be done using sockets of the type 'SOCK_RAW' and setting the appropriate protocol, usually IPPROTO_ICMP. Administrative privileges are usually required to create and manage raw sockets.
04

Reason for Not Sending Messages to the Originating Port

Sending ICMP Port Unreachable messages directly back to the originating port might not be a good idea because the originating port may not be configured to handle ICMP messages. This can cause confusion for the application and potential security risks as it could reveal the internal network structure.

Unlock Step-by-Step Solutions & Ace Your Exams!

  • Full Textbook Solutions

    Get detailed explanations and key concepts

  • Unlimited Al creation

    Al flashcards, explanations, exams and more...

  • Ads-free access

    To over 500 millions flashcards

  • Money-back guarantee

    We refund you if you fail your exam.

Start your free trial

Over 30 million students worldwide already upgrade their learning with Vaia!

Key Concepts

These are the key concepts you need to understand to accurately answer the question.

network diagnostics
Network diagnostics is essential for maintaining the health and performance of a network. Tools and techniques used for diagnostics help identify, analyze, and resolve network issues.
ICMP messages, such as Port Unreachable, are particularly useful in network diagnostics. They help in pinpointing the exact nature of a problem. For instance, an application may send a UDP datagram to a specific port on a remote host. If no process is listening on that port, the host will return an ICMP Port Unreachable message. This informs the sender that the port is closed, helping diagnose connectivity issues.
Network discovery tools, like Nmap, commonly use ICMP to map out active and inactive hosts and determine which ports are open or closed. By analyzing these messages, network administrators can take corrective actions to ensure network stability and performance.
raw sockets
Raw sockets allow direct sending and receiving of IP packets without any transport layer protocol (such as TCP or UDP) handling the data. They provide a way to customize packet headers and payloads.
On Unix-based systems, creating a raw socket involves using the socket system call with the SOCK_RAW type and specifying the protocol as IPPROTO_ICMP. This is often necessary for applications to receive ICMP messages. Admin privileges are usually a requirement to create raw sockets because they bypass standard network protocols, potentially affecting the entire network.
Using raw sockets, applications can intercept and process ICMP messages directly, enabling functions like network monitoring, security auditing, and custom protocol testing. However, care must be exercised due to the potential for misuse or security vulnerabilities.
Unix-based system
Unix-based systems, such as Linux and macOS, are known for their robustness and flexibility, especially in networking. They offer extensive tools and libraries for handling network operations.
To receive ICMP messages on Unix-based systems, developers often leverage raw sockets and need to operate with elevated permissions. The typical process involves creating a socket with `socket(AF_INET, SOCK_RAW, IPPROTO_ICMP)` and setting it up to listen for incoming ICMP packets.
Unix-based systems also come with built-in utilities like `ping` and `traceroute` that utilize ICMP messages to diagnose network issues. Advanced commands like `tcpdump` or `wireshark` can capture and analyze network traffic, including ICMP messages, providing insights into the network state and facilitating troubleshooting.
network security
Network security is crucial in protecting data integrity and preventing unauthorized access. Understanding and managing ICMP messages can have significant security implications.
For example, ICMP Port Unreachable messages can help diagnose issues but can also be exploited by attackers to map network structure and identify vulnerable points. To mitigate risks, security measures such as firewalls are configured to carefully control ICMP traffic.
Additionally, sending ICMP messages directly to the originating port may expose sensitive details about the internal network configuration or lead to inadvertent Denial of Service (DoS). Hence, security policies often recommend limiting ICMP responses and scrutinizing the conditions under which they are sent.
Thus, while ICMP messages are indispensable for network diagnostics and management, they must be handled with security considerations to prevent exploitation.

One App. One Place for Learning.

All the tools & learning materials you need for study success - in one app.

Get started for free

Most popular questions from this chapter

TCP's simultaneous open feature is seldom used. (a) Propose a change to TCP in which this is disallowed. Indicate what changes would be made in the state diagram (and if necessary in the undiagrammed event responses). (b) Could TCP reasonably disallow simultaneous close? (c) Propose a change to TCP in which simultaneous SYNs exchanged by two hosts lead to two separate connections. Indicate what state diagram changes this entails, and also what header changes become necessary. Note that this now means that more than one connection can exist over a given pair of \langlehost, port)s. (You might also look up the first "Discussion" item on page 87 of Request for Comments \(1122 .\) )

Consult Request for Comments 793 to find out how TCP is supposed to respond if a FIN or an RST arrives with a sequence number other than NextByteExpected. Consider both when the sequence number is within the receive window and when it is not.

Diagnostic programs are commonly available that record the first 100 bytes, say, of every TCP connection to a certain (host, port). Outline what must be done with each received TCP packet, P, in order to determine if it contains data that belongs to the first 100 bytes of a connection to host HOST, port PORT. Assume the IP header is P.IPHEAD, the TCP header is P.TCPHEAD, and header fields are as named in Figures \(4.3\) and 5.4. Hint: To get initial sequence numbers (ISNs) you will have to examine every packet with the SYN bit set. Ignore the fact that sequence numbers will eventually be reused.

One of the purposes of TIME_WAIT is to handle the case of a data packet from a first incarnation of a connection arriving very late and being accepted as data for the second incarnation. (a) Explain why, for this to happen (in the absence of TIME_WAIT), the hosts involved would have to exchange several packets in sequence after the delayed packet was sent but before it was delivered. (b) Propose a network scenario that might account for such a late delivery.

Request for Comments 1122 states (of TCP): A host MAY implement a "half-duplex" TCP close sequence, so that an application that has called CLOSE cannot continue to read data from the connection. If such a host issues a CLOSE call while received data is still pending in TCP, or if new data is received after CLOSE is called, its TCP SHOULD send an RST to show that data was lost. Sketch a scenario involving the above in which data sent by (not to!) the closing host is lost. You may assume that the remote host, upon receiving an RST, discards all received data still unread in buffers.
See all solutions

Recommended explanations on Computer Science Textbooks

Game Design in Computer Science

Read Explanation

Computer Systems

Read Explanation

Computer Network

Read Explanation

Computer Organisation and Architecture

Read Explanation

Blockchain Technology

Read Explanation

Problem Solving Techniques

Read Explanation
View all explanations

What do you think about this solution?

We value your feedback to improve our textbook solutions.

Study anywhere. Anytime. Across all devices.

Sign-up for free