Module

Outlines
2
(Sockets/Part 3_ Computer Networks Protocols(UDP_TCP_ICMP))

1. Various topics: (UDP broadcast, Using TCP Streams Like Files)

2. Handlling errors: (Socket Exceptions, Missed Errors, Errors with File-like Objects)
3. ICMP protocol (Definition, Packet, Header, Messages types)
4. ICMP in Python and raw sockets
1. Ping
2. Broadcast Ping
3. Multi-Ping
4. Traceroute
5. Verbose Ping
6. Verbose traceroute

2
Module
2 UDP Broadcast

 UDP broadcast is a technique that allows sending UDP

datagram from a single source to all computers in a LAN/
entire subnet. (sent to a special address called the Broadcast
address).
 IPv6 doesn't even have a concept of broadcast (multicast is
used, instead).

3
Module
2 Network Masks

A network mask, or ``netmask'', is used to divide an IP address into a network address and a host address. When you
set up a network, the network mask must be common to all network interfaces on that network. The default network
masks are 255.0.0.0 for class A, 255.255.0.0 for class B, and 255.255.255.0 for class C networks.

4
Module
2 How to Find the Broadcast Address?

 A broadcast IP address is only assigned once in each network. It is always the last IP address
of the subnet.
 The network address and the broadcast address are not used as computer IP addresses.
 In a network, the first address field is reserved for the network and the last for the broadcast
address.
5
Module
2 UDP Broadcast Application

def client(network, port):

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
text = 'Broadcast datagram!'
sock.sendto(text.encode('ascii'), (network, port))

6
Module
2 Using TCP Streams Like Files

 File objects can read() and write(), sockets can send() and recv(), and no kind of object can do
both.
 Sometimes you will want to treat a socket like a normal Python file object—often because you
want to pass it into code like that of the many Python modules such as pickle, json, and zlib that
can read and write data directly from a file. For this purpose, Python provides a makefile() method
on every socket that returns a Python file object that is really calling recv() and send() behind the
scenes.

7
Module
Using TCP Streams Like Files
2
conn, addr = sock.accept()
print('socket accepted, got connection object')
sockFile = conn.makefile()
(Server side)
message = sockFile.readline()
print('received and read by socket: ' + str(message))
conn.close()
sock.connect((HOST, PORT))
print('socket connected')

sockFile = sock.makefile(mode='w')
(Client side)
message = 'Hi this is my msg Number = ' + str(myCounter) + ' ***' + '\r\n'
print('*** ' + message)

sockFile.write(message)

8
Module
2 Handling Errors

 In Python, the socket code raises exceptions when network errors occur.
 Virtually every function call that touches the network in any way can and does raise exceptions for various
reasons, for example: servers being down, connections dropped, and so on.
1. Socket Exceptions
1. socket. error for general I/O and communication problems
2. socket.gaierror for errors looking up address information
3. socket. herror for other addressing errors (This exception is thrown when there is a problem with gethostbyname ()
and gethostbyaddr())
4. socket. timeout for handling timeouts that occur after settimeout () has been called on a socket (Python
2.3 and higher)

9
Module
2 Handling Errors

2. Missed Errors
 There are certain situations in which communication problems could occur but no exception would
be raised because no error was passed back from the operating system.
 One such problem could occur if the remote server drops the connection between the time the
client connects and the time it writes out its request. In this case, the later call to recv() will receive
no data (since the server closed its connection) and the program will terminate successfully.

3. Errors with File-like Objects

 It's possible to use the makefile () function to get a file-like object from a socket.
 This file-like object actually makes calls to the real socket, so the exceptions raised by the file-like
object are the same as the ones raised by the socket's own send () and recv () functions.

10
Module
2 Handling Errors with File-like Objects

fd = s.makefile('rw', 2048)
print('sleeping :') while 1:
time.sleep(5) try:
print('Continuing ...') buf = fd.read(2048)
except socket.error as e:
try: print('Error receiving data:', e)
fd.write("GET %s HTTP/1.1" % filename) sys.exit(1)
print('fd has this info: ', fd) if not len(buf):
except socket.error as e: break
print('Error sending data:', e) sys.stdout.write(buf)
sys.exit(1)

11
Module
2 ICMP Protocol

1. Definition of ICMP protocolICMPv4

2. Redirect message
3. ICMP (Packet/ Header)
4. ICMP messages types
5. ICMP Protocol in Python
6. Raw Sockets
7. ICMP Functions (Ping, Traceroute, …)

12
Module
Definition: ICMP Protocol
2
 The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol
suite.
 It is used by network devices, including routers, to send error messages and operational information
indicating success or failure when communicating with another IP address, for example:
An error is indicated when a requested service is not available or that a host or router could not be reached.
 ICMP is not typically used to exchange data between systems, nor is it regularly employed by end-
user network applications (with the exception of some diagnostic tools like ping and traceroute).
 ICMP for IPv4 is defined in RFC 792.
 ICMPv6, defined by RFC 4443, is used with IPv6.

13
Module
Definition: ICMP Protocol
2

 ICMP is a network-layer protocol. There is no TCP or UDP port number associated with ICMP
packets as these numbers are associated with the transport layer above (It does not have source
and destination port numbers because it was designed to communicate network-layer information
between hosts and routers, not between application layer processes).

 ICMP messages are typically used for diagnostic or control purposes or generated in response to
errors in IP operations (as specified in RFC 1122). ICMP errors are directed to the source IP address
of the originating packet.

14
Module
Definition: ICMP Protocol
2

 ICMP uses the basic support of IP as if it were a higher-level protocol, however, ICMP is actually an
integral part of IP. Although ICMP messages are contained within standard IP packets, ICMP
messages are usually processed as a special case, distinguished from normal IP processing.

 In many cases, it is necessary to inspect the contents of the ICMP message and deliver the
appropriate error message to the application responsible for transmitting the IP packet that
prompted the ICMP message to be sent.

15
Module An example of how an ICMPv4
2 redirect message works

16
 Module
ICMP & T T L
2
 For example, every device (such as an intermediate router) forwarding
an IP datagram first decrements the time to live (TTL) field in the IP
header by one. If the resulting TTL is 0, the packet is discarded and an
ICMP time exceeded in transit message is sent to the datagram's source
address.

 Many commonly used network utilities are based on ICMP messages.

The traceroute command can be implemented by transmitting IP
datagrams with specially set IP TTL header fields, and looking for ICMP
time exceeded in transit and Destination unreachable messages
generated in response. The related ping utility is implemented using the
ICMP echo request and echo reply messages.

17
Module
ICMP in Network
2

18
 Module
ICMP in Network
2

 ICMP messages:
Are encapsulated in IP packets
so most people would say that
it’s a layer 4 protocol like UDP
or TCP.

 However, since ICMP is a vital

part of the IP protocol it is
typically considered a layer 3
protocol.

19
Module
ICMP Header
2

20
Module
ICMP Packet at Network Layer
2

IP header ICMP header ICMP payload size MTU (1500)

1472 20 + 8 + 1472 =
20 bytes 8 bytes
bytes (maximum) 1500

 According to MTU the size of the ICMP packet cannot be greater than 1500 bytes.
 ICMP is actually a user of the IP protocol--in other words, ICMP messages must be encapsulated
within IP packets. However, ICMP is implemented as part of the IP layer. So ICMP processing can
be viewed as occurring parallel to, or as part of, IP processing.

21
Module
ICMP (Checksum)
2

22
Module
ICMP Messages
2

 ICMP uses unicast routing for error detection and notification messages.
 What is the difference between ICMP and ping?
Ping is a tool commonly used to find the status of a device on a network. Ping is based on
the ICMP protocol. When a Ping process request is sent out as an ICMP echo to the target
device, it replies with an ICMP echo reply if the device is available.

23
Module
ICMP Messages
2
Error-reporting messages
The error-reporting message means that the router encounters a
problem when it processes an IP packet then it reports a
message.
Query messages
The query messages are those messages that help the host to get
the specific information of another host. For example, suppose
there are a client and a server, and the client wants to know
whether the server is live or not, then it sends the ICMP message
to the server.

24
Module
ICMP Messages
2
Type Query/Error (Error Type) Code Description
0 Query 0 Echo reply
3 Error: Destination unreachable 0 Network unreachable
1 Host unreachable
2 Protocol unreachable
3 Port unreachable
4 Fragmentation needed, but the Don't Fragment bit has been set

5 Source route failed

3 Error: Destination unreachable
6 Destination network unknown
7 Destination host unknown
8 Source host isolated (obsolete)
9 Destination network administratively prohibited
10 Destination host administratively prohibited
11 Network unreachable for TOS
12 Host unreachable for TOS
13 Communication administratively prohibited by filtering

14 Host precedence violation

15 Precedence cutoff in effect
4 Error 0 Source quench
5 Error: Redirect 0 Redirect for network
1 Redirect for host
2 Redirect for TOS and network
3 Redirect for TOS and host
8 Query 0 Echo request
9 Query 0 Router advertisement
10 Query 0 Router solicitation
11 Error: Time exceeded 0 TTL equals 0 during transit
1 TTL equals 0 during reassembly
12 Error: Parameter problem 0 IP header bad
1 Required option missing

25
Module
ICMP Message Format
2

26
Module
Error Message : Type 3
2

 Type: the number 3 specifies that the destination is unreachable.

 Code (0 to 15): It is a 4-bit number which identifies whether the message comes from some intermediate router or
the destination itself.
 Sometimes the destination does not want to process the request, so it sends the destination unreachable
message to the source. A router does not detect all the problems that prevent the delivery of a packet.

27
Module
ICMP Query Messages
2

28
Module ICMP Query Messages
2 (Timestamp) Type 13/14

29
Module ICMP Query Messages
2 (Timestamp) Type 13/14

30
Module
2 ICMP Messages (Notes)

1. ICMP always reports error messages to the original source.

2. No ICMP error message will be generated in response to a datagram carrying an ICMP error
message.
3. No ICMP error message will be generated for a fragmented datagram that is not the first fragment.
4. No ICMP error message will be generated for a datagram having a multicast address.
5. No ICMP error message will be generated for a datagram having a special address such:
a) 127.0.0.0
b) 0.0.0.0

31
Module
ICMP & Raw sockets
2

 Raw IP packet manipulation

32
Module
ICMP & Raw sockets
2

33
Module
ICMP & Raw sockets
2

 The biggest problem with RAW-sockets (also the PACKET-sockets) is that there is no
uniform API for using RAW-sockets under different operating systems.
34
Module
ICMP & Raw sockets
2
 Raw socket is a type of network socket which provides an express tunnel between an application and an
external source. Neither the operating system nor any other program on the computer has the ability to
interfere with a raw connection. (Need root privilege/ Administrator ).

 The primary advantage to using raw socket network handling is that it cuts out the middle man. Since the
operating system doesn't handle the data specifically:
1. Reduce overhead on the network.
2. Save central processing unit (CPU) cycles.
3. Decrease stress on the system hardware.

35
Module
ICMP & Raw sockets
2

 Raw socket network interfaces do have a downside:

Hackers commonly use raw socket connections to stage transmission control protocol (TCP) attacks on a
network. During a TCP attack, a hacker sends a forged bit of data onto the network through a raw socket
connection. This forged data contains a reset signal for the TCP connection, which in turn interrupts and
crashes the current network connections on the computer.
 For this reason, some operating systems have withdrawn support for raw sockets.
 Software companies can restrict users' ability to use raw sockets.
 With modern processors coming in dual-, quad-, and even six-core varieties, the chances of regular
network socket connections lagging the computer are negligible. For this reason, unless there is a specific
justification for using a raw socket connection over a standard network socket, the risk posed by hackers
and TCP attacks on the network outweighs any advantages.

36
Module
ICMP Protocol in Python
2

 icmplib 3.0.3
 The power to form ICMP packets and do ping and traceroute. https://pypi.org/project/icmplib/
 icmplib is a brand new and modern implementation of the ICMP protocol in Python.
 Latest version : Released: Feb 6, 2022

 Since icmplib 3, Python 3.7 or later is required to use the library.

 If you are using Python 3.6 and you cannot update it, you can still install icmplib 2.

37
Module
2 icmplib 3.0.3

 Import basic functions

from icmplib import ping, multiping, traceroute, resolve
 Import asynchronous functions
from icmplib import async_ping, async_multiping, async_resolve
 Import sockets (advanced)
from icmplib import ICMPv4Socket, ICMPv6Socket, AsyncSocket, ICMPRequest, ICMPReply
 Import exceptions
from icmplib import ICMPLibError, NameLookupError, ICMPSocketError
from icmplib import SocketAddressError, SocketPermissionError
from icmplib import SocketUnavailableError, SocketBroadcastError, TimeoutExceeded
from icmplib import ICMPError, DestinationUnreachable, TimeExceeded

38
Module
2 ICMP Structure

39
Module
2 ICMP Functions in Python

1. Ping
2. Broadcast Ping
3. Multi-Ping
4. Traceroute
5. Verbose Ping
6. Verbose traceroute

https://github.com/ValentinBELYN/icmplib

40