Network layer events

Capsa can diagnoses network layer events as below.

Event

Description

Severity

Possible causes

Solutions

IP Invalid Checksum

The destination host calculates IP checksum of received packet, which is not identical to the value of IP checksum field in the received packet.

Fault
  1. The packet is damaged during transmission.
  2. Calculating IP checksum may be disabled if IP checksum of all packets is wrong.
  3. The source stack does not calculate IP checksum.
  1. Check if there are electromagnetic interference devices on the transmission line or if there is faulty transmission device.
  2. Check if it is necessary to enable calculating checksum.
  3. Disable IP Checksum Offload.

IP Too Low TTL

The IP Time-To-Live (TTL) is equal to or less than the threshold indicating that the packet can only traverse that many routers before it is discarded.

Fault
  1. Network loop.
  2. The originating IP host transmitted the packet with a low TTL.
  1. Check for routing table information.
  2. There is something wrong on the source host.

IP Address Conflict

A host detects that another device is trying to use its IP address and notifies the device by ARP information.

Security

A device tries to use an IP address which has been used.

Assign an IP address to the device.

ICMP Destination Unreachable

A router is reporting to the source host unreachable messages, except network unreachable, host unreachable and port unreachable messages.

Fault
  1. The transport protocol used by source host is unavailable on the destination host or on the router.
  2. Segmenting is disabled on the router.
  3. The routing is failed.
  4. The router cannon forward the packets with specified Type of Service (ToS).
  5. Limited by the communication management rules on the router.
  1. Change the transport protocol on the source host or add transport protocols supported by the router and the destination host.
  2. Check and update the configurations of the router.

ICMP Network Unreachable

A router is reporting to the source host that a network is unavailable or the path for destination network is unavailable.

Fault
  1. The router is not configured with a default route.
  2. The destination network does not exist.
  3. The router cannot find the path to the destination network.
  4. The number of hops to destination network exceeds the maximum hop limit specified by the routing protocol on the router.
  1. Add a default route for the router.
  2. Add a route for the destination network to the router, or add a default route.
  3. Add a default route to the router.
  4. Change the routing protocol on the router.

ICMP Host Unreachable

A router is reporting to the source host that the destination host is unavailable.

Fault
  1. The destination host does not exist.
  2. The destination host is not powered on.
  1. Check the existence of the destination host.
  2. Check if the destination host is powered on.

ICMP Port Unreachable

The destination host or a router is reporting to the source host that the requested port is inactive.

Fault
  1. The service for the requested port is not enabled.
  2. The service for the requested port is in error.
  3. A firewall blocks the access to the port.
  1. Enable the service for the requested port.
  2. Check the configurations for the service.
  3. Enable the access control policy on the firewall or the router for the port.

ICMP Host Redirect

A router is reporting to the source host that it should use an alternate route for the destination host.

Performance
  1. A host in LAN uses an external domain to access internal server after port mapping configuration.
  2. There is an ICMP attack.
  1. Access the server using an internal IP address.
  2. Look for the attack source address according to the packet.

ICMP Network Redirect

A router is reporting to the source host that it should use an alternate route for the destination network.

Performance
  1. A host in LAN uses an external domain to access internal server after port mapping configuration.
  2. There is an ICMP attack.
  1. Access the server using an internal IP address.
  2. Look for the attack source address according to the packet.

ICMP Source Quench

A router or the destination host sends an ICMP source quench packet to the source host.

Fault
  1. Network congestion.
  2. The destination host has inadequate space or the service is not available.
  3. The router has inadequate cache space.
  4. There is DOS or DDOS attack.
  1. Check the application services running on the network.
  2. Check the destination host and close unnecessary services.
  3. Enlarge the size of route cache.
  4. Check if there are malicious attacks from the source host.
Back