1.1.d (i) ICMP Unreachable, Redirect

In this post we will discuss ICMP Type 3 and Type 5 messages as they relate to section 1.1.d (i) Unreachable, Redirect. I have chosen to only go into detail and create flash cards for the important messages. I think they will suffice.

The Internet control message protocol (ICMP) has many types of messages and codes (sub types).

The two discussed below are Type 3 – Destination Unreachable, and Type 5 – Redirect as it relates to 1.1.d (i) ICMP unreachable, redirect.

Type 3 – Destination Unreachable:

This type of message is sent back to the source of the packet when their destination or service is not available. Depending on the code, this type is sent from both Routers and destination Hosts.

Type 3 Code 0 – Net Unreachable
A router generates an ICMP unreachable to inform the source host that the destination address is unreachable, meaning there’s no route.

Type 3 Code 1 – Host Unreachable
The router is directly connected to the destination host but the destination host is not responding to ARP requests.

Type 3 Code 2 – Protocol Unreachable
Hosts send these to sources. A rare type of code to see, more likely you will see code 3. Here, protocol unreachable means the host is up but it does not support the transport protocol (like tcp, udp, sctp, layer 4 protocol).

Type 3 Code 3 – Port Unreachable
Hosts send these to sources. A more common ICMP unreachable to see. As long as the firewall permits the traffic, the host will receive the original packet. Then the host transfers the packet up the stack but the host is not actually listening on that port with any service. Thus the host sends a type 3, code 3 , port unreachable.

Type 3 Code 4 – Fragmentation needed and Don’t fragment was set
A router also generates an ICMP unreachable when a packet needs to be fragmented, but the don’t fragment bit is set in the IP header.

Type 3 Code 5 – Source route failed
In this case the router was probably blocking the use of source routing a packet (good to block this because it’s a security flaw)

Type 3 Code 6 – Destination Network Unknown

Type 3 Code 7 – Destination Host Unknown

Type 3 Code 8 – Source host isolated (obsolete)

Type 3 Code 9 – Destination network is administratively prohibited.

Type 3 Code 10 – Destination host is administratively prohibited.

Type 3 Code 11 – Network is unreachable for ToS.

Type 3 Code 12 – Host is unreachable for ToS.

Type 3 Code 13 – Communication administratively prohibited.

Type 3 Code 14 – Host precedence violation.

Type 3 Code 15 – Precedence cutoff in effect.

Type 5 – Redirect:

This type of message is sent back to the host ONLY from Routers. This message informs sources that there is a different path to reach their destination. The message plus 8 bytes of the original message are returned to the source so that they can track the original message down and understand for what host it is for. The messags happen when a host sends a packet to its default gateway to be routed, but the Router notices that the next hop for the network, or the actual host is reachable via the same subnet that the source host is at.

There are four (0 – 3) of these sub-types (codes) available for type 5, however only one of them is often used.

Type 5 Code 0 – Redirect for Network
Only used for classful networks, disregard, instead Type 5 Code 1 is used

Type 5 Code 1 – Redirect for Host
This is the most common. This is generally a sign of bad design, or a hacked together network. It wastes bandwidth because at least one packet (in some interval) is sent to the router and then the router sends a type 5 code 1 to the host, which then forces the host to update his local route cache so that subsequent packets to that destination are sent out the closer way. This also wastes router CPU cycles because creating ICMP messages is part of the router’s CPU job.

Type 5 Code 2 – Redirect for ToS and Net
This message is the same as Code 0, however similarly to Code 3, the router can be configured for replying with different redirects based on IP header ToS (if configured). Never used.

Type 5 Code 3 – Redirect for ToS and Host
This message is the same as Code 1, but now the router takes the ToS in the IP header into consideration (when utilizing QoS). (A certain host might get a different redirect (load balance) based on packet ToS). This one is never used either.

Sources:
1. http://www.networksorcery.com/enp/protocol/icmp/msg3.htm
2. http://www.networksorcery.com/enp/protocol/icmp/msg5.htm
3. https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

Leave a comment