© jörg liebeherr (modified by m. veeraraghavan) 1 icmp: a helper protocol to ip the internet...

© Jörg Liebeherr (modified by M. Veeraraghavan) 1

ICMP: A helper protocol to IP

• The Internet Control Message Protocol (ICMP) is the protocol used for error and control messages in the Internet.

• ICMP provides an error reporting mechanism of routers to the sources.

• All ICMP packets are encapsulated as IP datagrams.

• The packet format is simple:

Type(8 bits)

Code(8 bits)

Checksum(16 bits)

(additional information dependent on Type and Code)

32-bit word0 31


Types of ICMP Packets

• Many ICMP packet types exist, each with its own format.

• A selection (see RFC 1256):

Type Field: Message Type:0 Echo Reply3 Destination Unreachable4 Source Quench5 Redirect (Change Route)8 Echo Request11 Time Exceeded12 Parameter Problem in Datagram13 Timestamp Request17 Address Mask Request


ICMP Message Types

• ICMP messages are either query messages or error messages.

• ICMP query messages:• Echo request / Echo reply• Router advertisement / Router solicitation• Timestamp request / Timestamp reply• Address mask request / Address mask reply

• ICMP error messages:• Host unreachable• Source quench• Time exceeded • Parameter problem


• Each ICMP error message contains the header and at least the first 8 bytes of the IP datagram payload that triggered the error message.

• Problem: How to prevent that too many ICMP messages are sent ?

(e.g., an ICMP packet could trigger an ICMP packet, which triggers …).

ICMP Error Messages

• ICMP error messages are not sent ...

...for multiple fragments of the same IP datagrams

… in response to an error message

… in response to a broadcast packet

… etc.


Example of a Query: ICMP Timestamp • A system (host or router) asks

another system for the current time.

• Time is measured in milliseconds after midnight UTC (Coordinated Universal Time).

• Sender sends a request, receiver responds with reply.

Type(= 13 or 14)

Code(=0)

Checksum

32-bit sender timestamp

identifier sequence number

32-bit receive timestamp

32-bit transmit timestamp

Sender Sender

ReceiverReceiver

TimestampRequest

TimestampReply


Example of an Error Message: Port Unreachable

• There are 16 different ICMP error messages (‘codes’) of type “Destination Unreachable”(Type = 3)

Code: Message Type:0 Network unreachable1 Host unreachable2 Protocol unreachable3 Port unreachable4 Fragmentation needed but

bit not set5 Source route failed6 Destination network

unknown7 Destination node unknown8 Source host isolated

Code: Message Type:9 Destination network

administratively prohibited10 Destination host

administratively prohibited11 Network unreachable for TOS12 Host unreachable for TOS13 Communication administra-

tively prohibited by filtering14 host precedence violation15 precedence cutoff in effect


ICMP Port Unreachable

• RFC 792: If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a port unreachable message to the source host.

• Scenario:

Client Client

Request a serviceat a port No. 1234

Server Server

No process is waiting at Port 1234

Port

Unreacha

ble



• Format of the Port Unreachable Message

EthernetHeader

IP headerICMP

headerIP header of datagram

from clientat least 8 bytes from IP

payload of client

Type(= 3)

Code(=0-15)

Checksum

Unused (Set to 00...0)

ICMP Message

Note: Both UDP and TCP

store the Port Number in the

first 8 bytes !Code = 3 for Port Unreachable


ICMP Router advertisement

Type Code ChecksumNum addrs Entry size Lifetime

Router address 1Preference level 1

Router address nPreference level n

...


Fields in the router advertisement

• Router discovery is used to automate the process by which a host determines a router address

• Periodically each router issues a router advertisement msg.

• Num addrs: Number of router addresses advertised in this message

• Addr. entry size: The number of 32-bit words per router address – this value must be 2

• Lifetime: maximum number of seconds that the router advertisement may be considered valid (default: 1800)


Fields contd.

• Router address i: The sending router’s address on the interface from which the message was sent – a router can have multiple interfaces to the same network or multiple addresses even for a single interface (note this is not multiple router addresses of different networks that the router is connected to).

• Preference level i: set by an administrator

Host A

Router I Router II LANInternet

Router II will have higher preference if most of the traffic is to the LAN, making it default for host A


The PING program

• PING (=Packet InterNet Gopher) is a program that utilizes the ICMP echo request and echo reply messages.

• PING is used to verify if a certain host is up and running. It is used extensively for fault isolation in IP networks.

• PING can be used with a wide variety of options, e.g, :

-R Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on

returned packets. -s packetsize Specifies the number of data bytes to be sent (Default is

56)(In newer implementations, -s is used to continuously generate

queries)


Echo Request and Reply

• PING’s are handled directly by the kernel.

• Each Ping is translated into an ICMP Echo Request.

• The Ping’ed host responds with an ICMP Echo Reply.

AIDA AIDA

ICMP ECHO REQUEST

MNG MNG

ICMP ECH

O REPLY


Format of Echo Request and Reply

Type(=0 or 8)

Code(=0)

Checksum

optional

identifier sequence number

•Identifier is set to process Id of querying process.•Sequence number is incremented for each new echo request.


Running Ping

aida: ping mng.poly.eduPING mng.poly.edu (128.238.42.105): 56 data bytes64 bytes from 128.238.42.105: icmp_seq=0 ttl=128 time=0.718 ms64 bytes from 128.238.42.105: icmp_seq=1 ttl=128 time=3.408 ms64 bytes from 128.238.42.105: icmp_seq=2 ttl=128 time=3.171 ms64 bytes from 128.238.42.105: icmp_seq=3 ttl=128 time=0.701 ms64 bytes from 128.238.42.105: icmp_seq=4 ttl=128 time=0.693 ms64 bytes from 128.238.42.105: icmp_seq=5 ttl=128 time=1.528 ms64 bytes from 128.238.42.105: icmp_seq=6 ttl=128 time=0.689 ms64 bytes from 128.238.42.105: icmp_seq=7 ttl=128 time=3.077 ms^C--- mng.poly.edu ping statistics ---8 packets transmitted, 8 packets received, 0% packet lossround-trip min/avg/max = 0.689/1.748/3.408 ms


Running Ping to a different machine

Aida: ping www.cologne.dePING fileserv1.cologne.de (194.94.233.1): 56 data bytes64 bytes from 194.94.233.1: icmp_seq=0 ttl=240 time=447.080 ms64 bytes from 194.94.233.1: icmp_seq=1 ttl=240 time=368.383 ms64 bytes from 194.94.233.1: icmp_seq=2 ttl=240 time=353.992 ms64 bytes from 194.94.233.1: icmp_seq=3 ttl=240 time=323.380 ms64 bytes from 194.94.233.1: icmp_seq=4 ttl=240 time=353.782 ms64 bytes from 194.94.233.1: icmp_seq=5 ttl=240 time=326.356 ms^C--- fileserv1.cologne.de ping statistics ---7 packets transmitted, 6 packets received, 14% packet lossround-trip min/avg/max = 323.380/362.162/447.080


Running Ping on a different machine

duke% ping mngmng.poly.edu is alive


Traceroute program

• Uses ICMP and TTL rather than the IP Record Route option

• Why not use RR option?– RR option not always implemented in routers– RR is a one-way option - need to get a return message– Room allocated in options field not sufficient


Traceroute operation

Router Router

IP datagram (TTL=1;dest.=D)

ICMP Time Exceeded

IP datagram (TTL=2;dest.=D)

UDP datagram (large portnumber > 30,000)


HostD

HostS

ICMP Time Exceeded


LAN Output

Svr4% traceroute slip

traceroute to slip (140.252.3.65), 30 hops max, 40 byte packets

1 bsdi (140.252.13.35) 20ms 10ms 10ms

2 slip (140.252.13.65) 120ms 120ms 120ms

• At each TTL value, three datagrams are sent– Times correspond to the round-trip times for each

datagram

© jörg liebeherr (modified by m. veeraraghavan) 1 icmp: a helper protocol to ip the internet...

Documents