ICMP : Internet Control Message Protocol
Download
Report
Transcript ICMP : Internet Control Message Protocol
ICMP : Internet Control Message Protocol
Computer Network System
Sirak Kaewjamnong
1
Basic Ideas
• ICMP is provided within IP which generates error
messages to help IP layers(best effort delivery)
• Function of ICMP
– a node recognizing a transmission problem (TTL exceed,
destination unreachable, etc.) generates ICMP messages
– ICMP provides some useful diagnostics about network
operation (ping, traceroute)
2
Basic Ideas
• ICMP error messages never generates due to:
–
–
–
–
ICMP error message selves
Broadcast, multicast
Others fragments, except first fragment
This to prevent broadcast storm
• What are broadcast storm
– a large number of broadcast datalink frames transmitted nearly
simultaneous from several hosts
– LAN may have been brought to standstill
3
ICMP Encapsulation
Indicate error problems
Type
Contain protocol
indicate ICMP
IP header
Frame header
e.g. Ethernet
Code
…….
IP Data
Frame Data
4
ICMP Header
0
15 16
Type: 8
Code : 8
31
Checksum : 16
Content specific
• Type : relevant ICMP message
• Code : more details information
• Checksum : covers ICMP header/data (not IP header)
5
ICMP Types
Type
0
3
3
3
4
5
8
9/10
11
12
13/14
17/18
Code
0
0
1
3
0
0
0
0
0
0
0
0
Meaning
echo reply
network unreachable
host is unreachable
port is unreachable
source quench
redirect
echo request
router discovery/advertisement
time exceed
parameter problem
time stamp request
network request/reply
6
ICMP type 0/8 echo request/reply
• PING sends icmp type 8 echo request to a node and expects
an icmp type 0 echo reply
• identifier and sequence number are used to identify datagrams
Type = 0 or 8
identifier
code
checksum
Sequence number
Optional data
7
ICMP type 3 Destination Unreachable
• Router is unable to deliver datagram, it can return the
ICMP type 3 with failure code
• Internet header plus 64 bits of original datagram are used to
identify the datagram caused the problem
Type = 3
code
checksum
unused
IP header + 64 bits of original data
8
ICMP type 4 Source Quench
• Router detected hosts were overload would send this
message to hosts that were the major cause
• the host would then reduce the rate at which subsequence
message are sent
• RFC recommends that router must not generate source
quench, host must still accept the message but need take no
action
Type = 4
code
checksum
Unused (must be 0)
IP header + 64 bits of original data
9
ICMP type 5 Route Change Request
• Used only by router to suggest a more suitable route to the
originator (also called ICMP redirect)
Type = 5
code
checksum
IP address of a more suitable router
IP header + 64 bits of original data
10
PING : ICMP Echo Request/Reply
• PING sends and ICMP echo request to a remote host, which
then return an ICMP echo reply to the sender
• All TCP/IP node is supposed to implement ICMP and
respond to ICMP echo
PING
Reply
11
PING Command
• Send a single echo request message and wait for a reply
• Another request is sent if the reply is not received within
one second
• Continue until at least one reply is received or stop after
time out
> ping maliwan
maliwan.psu.ac.th is alive
If maliwan down
>ping maliwan
no answer from maliwan.psu.ac.th
12
PING Command
• Send an echo request message every seconds and records
the time it takes for each reply
• every echo request contains a unique sequence number to
match reply and request
• also record round-trip timing
• also do packet lost statistics
13
PING Example
C:\>ping maliwan.psu.ac.th
Pinging maliwan.psu.ac.th [192.168.100.4] with 32 bytes of data:
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=4ms TTL=32
Ping statistics for 192.168.100.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
C:\>_
14
What we get from PING?
• Timing information
• Connection reliability
• Destination Unreachable (routable)
15
PING Results
• no respond
no end node, no connection
• lost packet (significant when > 2-3 %)
transmission error on LAN/WAN, overloading bridge or router
• time acknowledge vary
host/network overloading > 100 ms make telnet less acceptable
• no lost and echo time is reasonably constant
16
Traceroute Command
• Command to determine the active route to a destination
address
• How?
– Send a UDP message to an unused port on the target host with
ttl = 1
– router decrease ttl to 0, it has to return an ICMP time exceed
massage
– traceroute set ttl = 2 and retransmits, this time go one more hop
– ttl++ until UDP reach the destination
– the target returns an ICMP service unreachable because there is
no UDP port service
17
Traceroute Example
C:\>tracert www.psu.ac.th
Tracing route to s1.psu.ac.th [192.168.100.61]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms cs-gw.cs.psu.ac.th [172.28.80.1]
2 2 ms 2 ms 1 ms esw-cc.psu.ac.th [192.168.99.39]
3 2 ms 3 ms 5 ms cc-atm.psu.ac.th [192.168.0.249]
4 4 ms 2 ms 3 ms tooky.psu.ac.th [192.168.98.11]
5 3 ms 3 ms 3 ms s1.psu.ac.th [192.168.100.61]
Trace complete.
C:\>
• usually probes each hop 3 times
• a lost message or a router that doesn’t respond with denote
with an “ * “
18