当前位置：首页 → 问答吧 → 求解UDP协议在返回ICMP报文问题

求解UDP协议在返回ICMP报文问题

时间：2006-10-07

来源：互联网

看帖子的各位老师、师兄好：

         请教一个TCP/IP协议簇中的问题！

   UDP协议接收一个UDP包，会查询相关的端口号队列为这个包进行向上转发。
   当没有这个端口号的时候，会调用ICMP协议发送一个“目标端口不可达的信息”。

这里我想请教一下：
      UDP协议为ICMP提供什么信息，来作为ICMP协议发送“错误报文”的参考？
      也就是说传输层协议要调用ICMP协议发送错误报告类信息时，要提供什么信息？
      还有传输层的Socket address，在接收端是怎样处理的？

                  ———— 在此先谢谢！！！

作者: 7年发布时间: 2006-10-07

做个实验抓个包分析一下
实验环境：windows xp
工具：nslookup（xp自带）+Wireshark
  原理是这样，向网络上一台主机的udp端口发送数据，而这台主机并没有相应进程打开我们那个udp端口。这时就会返回“目标端口不可达”，用wireshark观察整个过程
163.com的一个ip地址是220.181.29.154，这个主机应该没有开dns服务，用nslookup向这个主机查询当然会返回“目标端口不可达”
C:\Documents and Settings\olo>nslookup
Default Server:  dns3.xj.cninfo.net
Address:  61.128.99.133

> server 220.181.29.154
Default Server:  [220.181.29.154]
Address:  220.181.29.154
>
现在再查询域名，nslookup就会向220.181.29.154查询
打开wireshark，开始抓包，查询163.com的域名
发现就抓到两个包一个是dns查询请求（udp），一个是icmp包，目标端口不可达

No.    Time       Source             Destination          Protocol Info
   1 0.000000 192.168.1.66       220.181.29.154       DNS    Standard query A 163.com

Frame 1 (67 bytes on wire, 67 bytes captured)
Arrival Time: Oct  7, 2006 15:43:04.120151000
[Time delta from previous packet: 0.000000000 seconds]
[Time since reference or first frame: 0.000000000 seconds]
Frame Number: 1
Packet Length: 67 bytes
Capture Length: 67 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:udp]
[Coloring Rule Name: UDP]
[Coloring Rule String: udp]
Ethernet II, Src: Adra_56:a0:19 (00:00:71:56:a0:19), Dst: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

Destination: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

Address: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Adra_56:a0:19 (00:00:71:56:a0:19)
      Address: Adra_56:a0:19 (00:00:71:56:a0:19)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 192.168.1.66 (192.168.1.66), Dst: 220.181.29.154 (220.181.29.154)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 53
Identification: 0xa9d0 (43472)
Flags: 0x00
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xd4ad [correct]
Source: 192.168.1.66 (192.168.1.66)
Destination: 220.181.29.154 (220.181.29.154)
User Datagram Protocol, Src Port: 2275 (2275), Dst Port: domain (53)
Source port: 2275 (2275)
Destination port: domain (53)
Length: 33
Checksum: 0x8b1e [correct]
Domain Name System (query)

No.    Time       Source             Destination          Protocol Info
   2 0.100118 220.181.29.154       192.168.1.66       ICMP    Destination unreachable (Port unreachable)

Frame 2 (95 bytes on wire, 95 bytes captured)
Arrival Time: Oct  7, 2006 15:43:04.220269000
[Time delta from previous packet: 0.100118000 seconds]
[Time since reference or first frame: 0.100118000 seconds]
Frame Number: 2
Packet Length: 95 bytes
Capture Length: 95 bytes
[Frame is marked: False]
[Protocols in frame: eth:ip:icmp:ip:udp]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 11 || icmp.type eq 5]
Ethernet II, Src: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

, Dst: Adra_56:a0:19 (00:00:71:56:a0:19)
Destination: Adra_56:a0:19 (00:00:71:56:a0:19)
      Address: Adra_56:a0:19 (00:00:71:56:a0:19)
      .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
      .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Source: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

Address: Hangzhou_09:3d:28 (00:0f:e2:09:3d:2

.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: IP (0x0800)
Internet Protocol, Src: 220.181.29.154 (220.181.29.154), Dst: 192.168.1.66 (192.168.1.66)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0xc0 (DSCP 0x30: Class Selector 6; ECN: 0x00)
Total Length: 81
Identification: 0xaf8a (4493

Flags: 0x00
Fragment offset: 0
Time to live: 52
Protocol: ICMP (0x01)
Header checksum: 0x1a28 [correct]
Source: 220.181.29.154 (220.181.29.154)
Destination: 192.168.1.66 (192.168.1.66)
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0xb969 [correct]
Internet Protocol, Src: 192.168.1.66 (192.168.1.66), Dst: 220.181.29.154 (220.181.29.154)
      Version: 4
      Header length: 20 bytes
      Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
      Total Length: 53
      Identification: 0xa9d0 (43472)
      Flags: 0x00
      Fragment offset: 0
      Time to live: 117
      Protocol: UDP (0x11)
      Header checksum: 0xdfad [correct]
      Source: 192.168.1.66 (192.168.1.66)
      Destination: 220.181.29.154 (220.181.29.154)
User Datagram Protocol, Src Port: 2275 (2275), Dst Port: domain (53)
      Source port: 2275 (2275)
      Destination port: domain (53)
      Length: 33
      Checksum: 0x8b1e [correct]
Domain Name System (query)

这部分应该是udp提供给icmp的
User Datagram Protocol, Src Port: 2275 (2275), Dst Port: domain (53)
      Source port: 2275 (2275)
      Destination port: domain (53)
      Length: 33
      Checksum: 0x8b1e [correct]
Domain Name System (query)

接收端怎么处理应该是应用层来实现的，不知道理解的正不正确

作者: olo 发布时间: 2006-10-07

我的理解是，在目标端口不可达的情况下，数据包还没到传输层（UDP／TCP）就挂了。网络层看到没有进程在监听指定的协议端口，就会送回一个“目标端口不可达”的ICMP报文。该错误报文中会包括前8个字节的原数据包内容，这就是你在ICMP中看到的UDP部分。

作者: dzho002 发布时间: 2006-10-07