CSIT 220 (Blum) 1

ICMP

Based on Chapter 23 in Computer Networks and Internets, Comer

CSIT 220 (Blum) 2

ICMPInternet Control Message Protocol is an extension to the Internet Protocol (defined by RFC 792). ICMP packets convey information about errors that occurred, or control information (indicating that a source should transmit less or reroute, etc.) and general information about the IP delivery system. ping and tracert use ICMP to provide information about Internet connections.“Messages for routers”

CSIT 220 (Blum) 3

RFC 792

CSIT 220 (Blum) 4

Quote from RFC 792

CSIT 220 (Blum) 5

ICMP categories

ICMP packets fall into two categories Error messages: ICMP packets that are sent

when a non-ICMP packet encounters some difficulty.

Reply/request: ICMP packets requesting information and ICMP packets replying to those requests.

ICMP packets are handled like any ordinary packet except that an ICMP packet that encounters difficulty does not result in further ICMP packets

CSIT 220 (Blum) 6

No ICMPs about ICMPs

CSIT 220 (Blum) 7

Nested encapsulations

An ICMP message is placed in an IP packet which is placed in a Layer 2 frame, such as Ethernet. But ICMP is considered a Layer 3 service.

ICMP is a Layer-3 message encapsulated in another Layer-3 packet.

CSIT 220 (Blum) 8

Types of ICMP messages

CSIT 220 (Blum) 9

Source Quench

If a router’s buffer is full, it is forced to drop a packet.When routers drop a packet, they (may) send a message to the source.The source reduces the rate at which it is transmitting messages. This is part of “flow control.” Analog of xon-xoff.

CSIT 220 (Blum) 10

Source Quench

Source Quench Message sends back header and some data from packet being dropped.

CSIT 220 (Blum) 11

Destination UnreachableIndicates that a packet cannot be delivered because the destination cannot be reached. There could be various reasons the host is unreachable or unknown the network is unreachable or unknown the network or host is unreachable for this

type of service the protocol or port is unknown or unusable fragmentation is required but not allowed

(DF-flag is set)

CSIT 220 (Blum) 12

Destination Unreachable Message

CSIT 220 (Blum) 13

Ports (physical)

There are “physical” ports and “logical” ports. A physical port is a specific place for physically connecting to another device, usually with a socket and plug of some kind. Serial ports: data is sent through port and

corresponding connection bit-by-bit. Parallel ports: data is sent through port and

corresponding connection several bits at a time on parallel wires.

CSIT 220 (Blum) 14

Ports (logical)

A logical port is the software place (address) for connecting.In the client/server model, a computer acting as a server typically has many services available, so the client must specify not only which computer but which port. Port numbers are from 0 to 65536. Ports 0 to 1024 are reserved for use by certain privileged services.

CSIT 220 (Blum) 15

Well-known portsCertain services, like Hypertext Transfer Protocol, have pre-assigned ports. These are called "well-known ports" and have been assigned by the Internet Assigned Numbers Authority (IANA). HTTP uses port 80 as a default, it does not have

to be specified in the URL. Other applications are given port numbers dynamically. When a service starts, it is said to “bind” to its designated port. Clients wanting to use the service, must request to bind to the designated port number.

CSIT 220 (Blum) 16

Echo Request/Reply

Used to determine whether hosts are reachable on the network. A source sends an Echo (request) message to a destination. The destination host responds with an Echo Reply. The request can contain some data, the reply

contains the same data. When one pings, one issues a series (typically four) ICMP echo requests. If there is a successful echo from the destination, then the network connection is fine.

CSIT 220 (Blum) 17

Echo

Read echo, think of request for echo

CSIT 220 (Blum) 18

Ping uses echo request/reply

CSIT 220 (Blum) 19

Time Exceeded A packet has a TTL (time to live) field. It is decremented by each router it passes through. If the TTL field reaches zero, a TTL exceeded message is sent to the source. (“Time” means hops here.) This stops mislabeled packets from continuously

using bandwidth as they are passed around the network.

Another time exceeded message occurs when a destination receives a fragmented packet. It starts a timer and sends a message to the source if all fragments are not received within a certain amount of time. (“Time” means time (seconds) here.)

CSIT 220 (Blum) 20

Time Exceeded Message

Two kinds

CSIT 220 (Blum) 21

Recall the TTL field of an IP packet

CSIT 220 (Blum) 22

traceroute/tracert

TTL (time to live) plays an important role in the traceroute command.Traceroute sends out a series of ICMP packets, the first has a TTL of 1. So that packet makes one hop, its TTL is decremented to zero and a Time Exceeded packet is sent back to the source.The source address of the Time Exceeded packet is the first node of the packet’s route.

CSIT 220 (Blum) 23

traceroute (Cont.)

The source then issues successive ICMP packets each with the TTL one higher than the previous packet. Each packet gets one hop further before a Time Exceeded packet is sent to the source. In this way the source collects information on the nodes comprising the packet’s route.

CSIT 220 (Blum) 24

Tracert

CSIT 220 (Blum) 25

tracert versus traceroute

Recall that traceroute is a Unix command and that tracert is a Windows/DOS command. They differ not only in which operating system the command is issued from but also in how the process is terminated. The tracert (Windows/DOS) packets have an echo request. So when the packet finally reaches the destination, it does not issue a Time Exceeded message but rather an echo reply.

CSIT 220 (Blum) 26

Unix traceroute termination

A traceroute (Unix) packet requests a port number that is outside the normal range. When the packet reaches its destination computer, the destination sends a Port Unreachable message. Destination Unreachable message with code

3, port unreachable.

If you see an asterisk (*), this indicates a hop that exceeded some time limit (real time, not TTL time).

CSIT 220 (Blum) 27

tracert www.whatis.com

CSIT 220 (Blum) 28

Redirect

Used by a host or router to let the sending host know that packets should be forwarded to another address. A network may have more than one router connected. One router will serve as the “default gateway” or “default router.” This is where the computer sends messages if it does not know where to send them.

CSIT 220 (Blum) 29

Default gateway

CSIT 220 (Blum) 30

Redirect

If the default router determines that the host should have sent the message to another router instead, it forwards the message to that router but it also sends an ICMP redirect message to the source so that it will update its table and send any future message with that destination to the correct router.

CSIT 220 (Blum) 31

Redirect Message

Router address that should be used in the future.

CSIT 220 (Blum) 32

Address Mask Request/Reply

We discussed diskless workstation which do not know their IP address when they boot and use RARP to determine it. There is an ICMP packet used if a host does not know its subnet mask. The host broadcasts an address mask

request when it boots, and routers that receive the request send the network’s subnet mask.

CSIT 220 (Blum) 33

Timestamp/Timestamp Reply

Like Echo messages, but have a field for the time to be entered (with millisecond precision). This provides one with a measure of how long remote systems

spend buffering and processing packets

a way for hosts to synchronize their clocks.

CSIT 220 (Blum) 34

Timestamp

CSIT 220 (Blum) 35

Determining path MTU

Recall that a path MTU is the smallest MTU (maximum transmission unit, i.e. maximum packet size) along a route from source to destination. One can use some ping options to determine a path MTU.Recall one obtains the ping options by typing ping /?

CSIT 220 (Blum) 36

Ping options

CSIT 220 (Blum) 37

Ping options

The two relevant ping options for determining path MTU are – l (ell) and –f. The –l option is followed by a number which is the size of the IP packet being sent.The –f options sets a flag in the IP packet that disallows fragmentation. The packet will be dropped rather than broken up.A destination unreachable ICMP message is sent to the source.

CSIT 220 (Blum) 38

Path MTU

CSIT 220 (Blum) 39

Determining path MTU

One can set the IP packet size to something large and in addition set the flag to block fragmentation. Then do a (binary) search on the packet sizes, to determine the largest packet that gets through. This is the path MTU.

CSIT 220 (Blum) 40

Set packet size/block fragmentation

CSIT 220 (Blum) 41

Set packet size/block fragmentation

CSIT 220 (Blum) 42

Determining path MTU with ping

CSIT 220 (Blum) 43

Determining path MTU with ping

CSIT 220 (Blum) 44

TCP

Based on Chapter 24 in Computer Networks and Internets, Comer

CSIT 220 (Blum) 45

TCP

UDP (User Datagram Protocol) and TCP (Transmission Control Protocol) sit on top of IP (Internet Protocol) in the Transport layer of the TCP/IP model.While IP is responsible for delivering the packets, TCP is in charge of ensuring that messages were received (reliability) and delivered to the correct application (de-multiplexes).

CSIT 220 (Blum) 46

RFC 793

CSIT 220 (Blum) 47

RFC 793 Introduction

CSIT 220 (Blum) 48

Somewhat Connection-Oriented

TCP provides some of the features (especially reliability) of a connection-oriented scheme to the underlying connectionless IP delivery system. Recall the TCP/IP Model’s transport layer is “thicker” than OSI Model’s transport layer, this is because TCP takes on some of the responsibilities of the OSI Model’s Session Layer (which establishes and terminates a communication session – agreements to communicate).

CSIT 220 (Blum) 49

TCP Example

When an HTML file is sent to you (the client) from a Web server, the server’s TCP layer breaks the file into packets, numbers the packets, and then passes them one-by-one to its IP layer. The packets may follow different routes. Your (the client’s) TCP layer collects and reassembles the individual packets and hands a single file to your HTTP program in the Application Layer.

CSIT 220 (Blum) 50

TCP

TCP compensates for loss and/or delay of packets in an internet. It hides the loss or delay of packets from the

higher layers.

TCP provides reliability without sacrificing efficiency.TCP allows applications on different computers to interact without regard for the details of the connection between them.

CSIT 220 (Blum) 51

Segments and streams and ports, oh my

In TCP, the message unit is known as a segment (instead of a packet).TCP is logically connection-oriented, and all of the segments belonging to a session make up what is called a stream. Applications treat a stream essentially the same

whether it comes from the Internet, a file or the keyboard.

The “address” the message is delivered to within a computer is known as a port.

CSIT 220 (Blum) 52

Ports

Since port numbers are the TCP address scheme, a TCP segment has a field for both the source and destination port.

CSIT 220 (Blum) 53

Some Well Known PortsService Port Protocol

FTP data 20 TCP

FTP control 21 TCP

telnet 23 TCP

SMTP 25 TCP

DNS 53 UDP, TCP

TFTP 69 UDP

HTTP 80 TCP

CSIT 220 (Blum) 54

Initiating a session

A client (a.k.a. an active client) initiates a session (connection) by sending a server (a.k.a. passive client) a SYN segment with an arbitrary sequence number (e.g. 123) A segment is identified as a SYN segment by

the value of its SYN bit which is in with the code bits on the TCP segment header.

The sequence number should uniquely identify the session.

This is the first step in what is called a “three-way handshake.”

CSIT 220 (Blum) 55

TCP segment

In TCP they are called segments instead of packets. Among the code bits is the SYN bit used in initiating a session.

CSIT 220 (Blum) 56

CSIT 220 (Blum) 57

Initiating a session: Parts II & III

The passive client (server) responds with a SYN segment It adds one to the active client’s sequence

number (124=123+1) and places it in the segment as the acknowledgment number.

It generates its own “arbitrary” sequence number K

The active client responds to that by sending an ACK(nowledge) segment with an acknowledgment number K+1

CSIT 220 (Blum) 58

Acknowledgement

In the second stage of a three-way handshake, the destination lets the source know it is accepting communication by using the acknowledgement field.

CSIT 220 (Blum) 59

Three-way handshake

SYN J=123

SYN K + ACK J+1 =124

ACK K+1

Client Server

CSIT 220 (Blum) 60

Three-way handshake analogy

Dial number, phone rings

Phone picked up, “Hello”

Original party, hears “Hello” and replies with “Hello”

Client Server

CSIT 220 (Blum) 61

TCP ProvidesReliability: Data will be delivered exactly as sent.

Full Duplex Communication: The conversation is two way without either side having to wait its turn.

Stream Interface: until the session ends, all of the data is treated the same; it belongs to one stream.

Reliable Connection Startup: sessions are not confused with simultaneous or previous sessions.

Graceful Connection Shutdown: both participants are aware of the ending of a session.

CSIT 220 (Blum) 62

Other References

http://www.webopedia.com http://www.whatis.com http://www.scit.wlv.ac.uk/~jphb/comms/tcp.html Computer Dictionary, Shnier http://www.wildpackets.com/compendium/IP/ICM-Redr.html