Internet Control Message Protocol ICMP RFC792

1
Internet Control Message Protocol (ICMP RFC792)
2
Internet Control Message Protocol (ICMP)

• ICMP is used to send debugging information and
  error reports between hosts, routers and other
  network devices
• ICMP provides communication between the Internet
  Protocol software on one machine and the Internet
  Protocol software on another
• ICMP messages can be lost or discarded
• Errors in ICMP messages should not generate
  additional ICMP messages
• ICMP is an integral part of IP
• But it is actually encapsulated within IP
  (Protocol1)

3
ICMP Restrictions

• ICMP is restricted to communication with the
  original source
• ICMP messages are not allowed to be sent in
  response to (RFC1812)
• an ICMP error message (ok for queries)
• datagrams failing header validation tests
• broadcast or multicast IP datagrams
• link-layer broadcast or multicast frames
• invalid source address
• any fragment other than the first

4
IP Header Validation Tests

• To be a valid IP header
• link-layer must indicate frame is long enough to
  hold the minimum legal IP datagram (20 bytes)
• IP checksum must be correct
• IP version number must be 4
• IP IHL field must be at least 5
• IP total length must be at least (IHL4)

5
ICMP Error Message Data

• Historically, ICMP errors returned the offending
  IP header and the 1st 8 data bytes
• No longer adequate with more complicated headers
  like IP in IP
• New rules say that it should contain as much as
  original datagram as possible, without the length
  of ICMP datagram being gt 576 bytes (standard
  Internet min size)

6
ICMP Message Delivery

• In all other respects, an ICMP message travels as
  would any other datagram
• No additional reliability or priority
• The only difference between a normal datagram and
  a datagram containing an ICMP message occurs in
  the event that the datagram containing the ICMP
  causes an error
• No error messages are sent for ICMP error message
  failures

7
ICMP Message Format
insert figure here p.72

• Although each ICMP message has its own format,
  each ICMP message begins with the same three
  fields
• Type (8-bit)
• Code (8-bit)
• Checksum (16-bit)

8
ICMP Message Types

• Type Field ICMP Message Type
• 0 Echo Reply
• 3 Destination Unreachable
• 4 Source Quench
• 5 Redirect
• 8 Echo Request
• 9 Router Advertisement
• 10 Router Solicitation
• 11 Time Exceeded

9
ICMP Message Types (continued)

• Type Field ICMP Message Type
• 12 Parameter Problem
• 13 Timestamp Request
• 14 Timestamp Reply
• 15 Info Request (obsolete)
• 16 Info Reply (obsolete)
• 17 Address Mask Request
• 18 Address Mask Reply

10
Testing Destination Reachability and Status

• Echo messages type 8 (echo request) and type 0
  (echo reply) are used to test reachability
• Ping

Fig. 7.1 p.86
11
ICMP Echo Request/Reply Messages
Fig. 7.1 p.86

• Type (8-bit) 0 or 8 (8request, 0reply)
• Code (8-bit) 0
• Checksum (16-bit)
• Identifier (16-bit) used to match reply/request
• Sequence Number (16-bit) used to match also
• Optional Data Reply echoes data of request

12
The ping program

• The ping program is a useful diagnostic tool
• It uses ICMP echo request/reply packets to test
  whether a device is reachable
• The identifier allows ping to identify multiple
  instances of ping running at the same time on the
  same host
• The sequence number allows us to see if packets
  disappeared
• The round-trip time is also calculated.

13
The ping program (continued)

• Older ping would send 1 packet per second
• Some newer ping programs only do one ping and
  require -s to do what the old ping does

14
The ping program (continued)

• Example
• cs22(user)ping -s 140.119.209.2
• PING 140.119.209.2 56 data bytes
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq0. time3. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq1. time12. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq2. time16. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq3. time21. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq4. time30. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq5. time6. ms
• 64 bytes from www2.nccu.edu.tw (140.119.209.2)
  icmp_seq6. time3. ms

15
ICMP Destination Unreachable Message

• When a router cannot forward or deliver an IP
  datagram, it sends a type 3 ICMP message
  (destination unreachable)

Fig. 6.10 p.79
16
Destination Unreachable Codes

• 0 Network unreachable
• 1 Host unreachable
• 2 Protocol unreachable
• 3 Port unreachable
• 4 Frag needed and DF set
• 5 Source route failed
• 6 Destination network unkown
• 7 Destination host unkown
• 8 Source host isolated (Obsolete)

17
Destination Unreachable Codes (continued)

• 9 Communication with destination network
  administratively prohibited
• 10 Communication with destination host
• administratively prohibited
• 11 Network unreachable for TOS
• 12 Host unreachable for TOS
• 13 Communication administratively prohibited
  by filtering
• 14 host precedence violation
• 15 precedence cutoff in effect

18
Congestion and Datagram Flow Control

• Two common situations may cause a router to
  become congested with packets
• A high-speed sender transmits packets faster than
  an intermediate network (router) can handle them
• Many senders transmit packets through the same
  router

19
Congestion and Datagram Flow Control (continued)

• In order to signal senders that it cant handle
  the load, a router sends an ICMP source quench
  message
• Ideally, such a message should be sent before a
  router is forced to drop packets
• Senders reduce transmission rate upon receipt of
  a source quench message

20
ICMP Source Quench Message
Fig. 11.18 p.161

• Type (8-bit) 4
• Code (8-bit) 0
• Checksum (16-bit)
• Unused (Zero Field, 32-bit)

21
Route Change Requests

• Routers (not hosts) are responsible for keeping
  routing information up-to-date
• Routers are assumed to know correct routes
• Hosts begin with minimal routing information and
  learn new routes from routers
• A host may boot up knowing the address of only
  one router but that may not be the best route
  for a given datagram

22
Route Change Requests (continued)

• When a router detects a host using a non-optimal
  route it
• Sends an ICMP redirect message to the host
• Forwards the message
• A host is expected to then update its routing
  table

Fig. 9.3 p. 120
23
Route Change Requests (continued)

• Not applicable to intermediate routers

24
ICMP Redirect Message
Fig. 9.4 p.122

• Redirect Codes
• 0 Redirect for the network (obsolete)
• 1 Redirect for the Host
• 2 Redirect for the type-of-service and network
  (obsolete)
• 3 Redirect for the type-of-service and Host

25
ICMP Redirect Message (continued)

• A router generates a code 3 Redirect
• when the Redirect applies only to IP packets
  which request a particular type-of-service value
• A router generates a code 1 Redirect instead
• when the optimal next hop on the path to the
  destination would be the same for any
  type-of-service value

26
ICMP Redirect Message (continued)

• The host treats code 0 (redirect datagrams for
  the network) Redirects as if they were code 1
  (redirect datagrams for the host) Redirects
• The host treats code 2 (redirect datagrams for
  the network and type of service) Redirects as if
  they were code 3 (redirect datagrams for the host
  and type of service) Redirects

27
Circular or Excessively Long Routes

• To avoid cycles
• datagrams contain a TTL field (also called the
  hop count) which is decremented until it reaches
  zero
• When fragmented datagrams are received a
  reassembly timer is started
• if all the fragments are not received before the
  timer expires we say a timeout has occurred

28
ICMP Time Exceeded Message

• If either the TTL field reaches zero or a
  fragmentation reassembly timeout occurs, an ICMP
  time exceeded message is sent
• If fragment zero is not available then no ICMP
  time exceeded message is needed to be sent at all

Fig. 8.2 p.100
29
ICMP Time Exceeded Message (continued)

• Time Exceeded Codes
• 0 Time-to-Live exceeded
• 1 Fragment reassembly time exceeded
• Code 0 may be received from a gateway and Code 1
  from a host.

30
The traceroute program

• The traceroute program allows us to determine the
  route from one host to another
• The traceroute program sends UDP datagrams to the
  destination host,
• but it chooses the destination UDP port number to
  be an unlikely value (larger than 30,000),
• making it improbable that an application at the
  destination is using that port
• This cause the destination hosts UDP module to
  generate an ICMP port unreachable error when the
  datagram arrives

31
The traceroute program (continued)

• Send the packet with time-to-live 1 (hop)
• The first router discards the packet and sends an
  ICMP time-to-live exceeded message
• Send the packet with time-to-live 2 (hops)
• The second router discards the packet and sends
  an ICMP time-to-live exceeded message
• This is repeated until an ICMP port unreachable
  error is received from the destination

32
The traceroute program (continued)

• Example
• cs20(user)traceroute 140.119.209.2
• traceroute Warning Multiple interfaces found
  using 140.114.77.70 _at_ le0
• traceroute to 140.119.209.2 (140.119.209.2), 30
  hops max, 40 byte packets
• 1 route87.cs.nthu.edu.tw (140.114.87.254)
  8.049 ms 0.888 ms 0.884 ms
• 2 140.114.87.253 (140.114.87.253) 1.882 ms
  1.154 ms 1.201 ms
• 3 core2-edge1.nthu.edu.tw (140.114.1.21) 2.262
  ms 1.518 ms 2.630 ms
• 4 jm160-core2.nthu.edu.tw (140.114.1.137)
  2.267 ms 1.565 ms 2.323 ms
• 5 c6509-g-jm160.nthu.edu.tw (140.114.1.70)
  1.995 ms 1.764 ms 1.478 ms
• 6 192.83.175.119 (192.83.175.119) 3.106 ms
  2.732 ms 2.984 ms
• 7 140.119.243.6 (140.119.243.6) 10.415 ms
  3.766 ms 3.965 ms
• 8 www2.nccu.edu.tw (140.119.209.2) 10.144 ms
  3.138 ms

33
The traceroute program (continued)

• For each TTL value, three datagrams are sent
• For each returned ICMP message, the round-trip
  time is calculated and printed
• If no response is received within 5 seconds, an
  asterisk is printed
• The first packet has longer round-trip time
  because of an ARP exchange

34
Reporting Other Problems

• When a router or host finds problems with the
  header parameters not covered by previous error
  messages it sends a parameter problem ICMP
  message
• The message is only sent when the problem
  requires the datagram to be dropped

35
ICMP Parameter Problem Message
Code 0 -- Pointer identifies octet in
datagram that caused problem 1 -- Required
option is missing -- Pointer field not used
36
Clock Synchronization and Transit Time Estimation

• Distributed applications often need to
  synchronize operations due to different host
  processor speeds
• The communication delay lag must also be taken
  into account

37
ICMP Timestamp Request/Reply Messages

• Essentially, the request asks the destination
  host to return the time according to its clock
• The reply also includes the times at which the
  request was received and the reply was sent
• To help determine how much of delay is due to
  network how much due to replying host

38
ICMP Timestamp Request/Reply Messages (continued)
Fig. 6.6 p.74

• The requestor fills in the originate timestamp
  and sends the request.
• The replying system fills in the received
  timestamp when it receives the request, and the
  transmit timestamp when it sends the reply.
• Most implementations set
• received timestamp transmit timestamp

39
ICMP Timestamp Request/Reply Messages (continued)
Fig. 6.7 p.75

• difference received timestamp originated
  timestamp
• Assume one half of the RTT is for the request,
  and the other half for the reply.
• If the clocks of the sender and the receiver are
  synchronized, one half of the RTT difference
• If the clocks of the sender and the receiver are
  not synchronized (difference one half of the
  RTT) is the difference between the two clocks

40
ICMP Information Request/Reply Messages

• Information request (type 15) and reply (type 16)
  messages are obsolete
• Originally, they were used to allow hosts to
  discover their internet addresses at boot up
• Replaced by RARP and BOOTP

41
ICMP Address Mask Request/Reply Messages(rfc950)
Fig. 6.4 p.72

• Type 17 (request) and 18 (reply)
• Typically, a host broadcasts an address mask
  request to which a router responds with an
  address mask reply
• The request is made when the host needs to know
  the subnet mask for the local network