Austin's SWE Notes šŸ˜­

    ICMP (Internet Control Message Protocol)

    Used by network device to diagnose network communication issue. It's mainly use to determine if data can reach the destination in a timely maners.

    Normally it's used for routers. It's good for error report and testing, but it's also can be used for DDoS attack.

    An example for ICMP is ping

    Packet Header

    Pasted image 20240919193946.png

    ICMP can be use for router advertisement (Type 9 and Type 10). This is IRDP (ICMP Router Discovery Protocol)

    Redirect ICMP (Type 5) it to tell a host to instead talk to a different router.

    • For example, Host A -> Router A ..... Router B <- Host B.
    • Now Host A wants to send to Host B.
    • Router A knows that to reach Host B needs to go to Router B.
      • It sends the packet to Router B.
      • It sends a redirect ICMP to Host A saying that in the future, Host A should directly talk to Router B if wants to talk to Host B

    Ipv4 Code

    Pasted image 20240919194318.png

    Ipv6 Code

    Pasted image 20240923232137.png

    Debug

    To debug we can use debug ip icmp

    Pip#debugĀ ipĀ icmp  
ICMPĀ packetĀ debuggingĀ isĀ on  
ICMP:Ā redirectĀ sentĀ toĀ 10.158.43.25Ā forĀ destĀ 10.158.40.1,Ā useĀ gwĀ 10.158.43.10

    How to bypass redirect ICMP

    To bypass redirect ICMP, you set the default gateway to its own IP address. Why?

    By default, if there is a default gateway, host will send ARP (Address Resolution Protocol) request which asks for the default gateway mac address:

    "Who has the <default_gateway_ip> send me your mac address"

    And the network traffic starts from here, as the router (normally is default gateway) will reply:

    "I'm <default_gateway_ip> has mac address <default_gateway_mac>"

    doing this however might trigger the ICMP redirect.

    "I'm <default_gateway_ip> has mac address <default_gateway_mac>"
"To talk to <target_ip> you can talk to <another_gateway> directly"

    When we set the default gateway to be itself, instead it will ask for the target ip instead

    "Who has the <target_ip>, send me your MAC address".

    Now if Proxy ARP is on, the Router will reply:

    "I'm <target_ip> and my MAC address is <router_mac_address>"

    But now the router cannot redirect you to another router because it acts as a proxy for your <target_ip> already

    To debug, use

    debug ip icmp
    ā† ARP (Address Resolution Protocol)
    IP (Internet Protocol) ā†’