11

Internet Control Message Internet Control Message ProtocolProtocol

22

About the Internet About the Internet Control Message ProtocolControl Message Protocol

The Internet Control Message Protocol (ICMP) The Internet Control Message Protocol (ICMP) protocol is classic example of a client server protocol is classic example of a client server applicationapplication. .

The The Internet Control Message Protocol Internet Control Message Protocol (ICMP)(ICMP) is part of the Internet protocol suite. is part of the Internet protocol suite.

The ICMP server executes on all IP end system The ICMP server executes on all IP end system computers and all IP intermediate systems (i.e computers and all IP intermediate systems (i.e routers).routers).

33

Internet Control Message ProtocolInternet Control Message Protocol

The protocol is used to report problems with The protocol is used to report problems with delivery of IP datagrams within an IP network. delivery of IP datagrams within an IP network. when a particular End system is not when a particular End system is not

responding,responding, when an IP network is not reachable, when an IP network is not reachable, when a node is overloaded, when a node is overloaded, when error occurs in IP header information, when error occurs in IP header information,

etc. etc.

The protocol is also frequently used by The protocol is also frequently used by Internet managers to Internet managers to verify correct operations of End Systems verify correct operations of End Systems

and and to check that routers are correctly routing to check that routers are correctly routing

packets to the specified destinations. packets to the specified destinations.

44

ICMP, uses the basic support of IP as ICMP, uses the basic support of IP as if it were a higher level protocol, if it were a higher level protocol, however, ICMP is actually an integral however, ICMP is actually an integral part of IP, and must be implemented by part of IP, and must be implemented by every IP module. every IP module.

Internet Control Message Internet Control Message ProtocolProtocol

55

Purpose of ICMP

The Internet Control Message Protocol is a protocol

• for the exchange of error messages and other vital information between Internet entities such as hosts and routers.

66

ICMP in the TCP/IP protocol suiteICMP is a network layer protocol, often it is placed next to the IP protocol.

ICMP Header ICMP Data Area

IP Header IP Data Area

Frame Header Frame Area

77

ICMP in the TCP/IP protocol suite ICMP lies just above IP, as ICMP messages are carried inside IP Packets. ICMP messages are carried as IP payload, just as TCP/UDP segments are carried as IP payload When a host receives an IP packet with ICMP specified as the upper layer protocol, it de- multiplexes the packet to ICMP, just as it would demultiplex a packet to TCP/UDP.

88

ICMP functions Announce network errors:Announce network errors: such as a host or such as a host or entire portion of the network being unreachable, entire portion of the network being unreachable, due to some type of failure. due to some type of failure.

Announce network congestion:Announce network congestion: When a When a router begins buffering too many packets, due to router begins buffering too many packets, due to an inability to transmit them as fast as they are an inability to transmit them as fast as they are being received, it will generate ICMP being received, it will generate ICMP Source Source QuenchQuench messages. Directed at the sender, these messages. Directed at the sender, these messages should cause the rate of packet messages should cause the rate of packet transmission to be slowed. transmission to be slowed.

99

ICMP functions Assist Troubleshooting:Assist Troubleshooting: ICMP supports an ICMP supports an EchoEcho function, which just sends a packet on a function, which just sends a packet on a round--trip between two hosts. Ping, a common round--trip between two hosts. Ping, a common network management tool, is based on this network management tool, is based on this feature. Ping will transmit a series of packets, feature. Ping will transmit a series of packets, measuring average round--trip times and measuring average round--trip times and computing loss percentages.computing loss percentages.

Announce Timeouts:Announce Timeouts: If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

1010

ICMP Applications

There are two simple and widely used There are two simple and widely used applications which are based on ICMP:applications which are based on ICMP:

Ping Ping TracerouteTraceroute. .

1111

ICMP Applications PING: The ping utility checks whether a host is The ping utility checks whether a host is alive & reachable or not. This is done by sending alive & reachable or not. This is done by sending an ICMP Echo Request packet to the host, and an ICMP Echo Request packet to the host, and waiting for an ICMP Echo Reply from the hostwaiting for an ICMP Echo Reply from the host. TRACE ROUTE: Trace route is a utility that Trace route is a utility that records the route through the Internet between records the route through the Internet between your computer and a specified destination your computer and a specified destination computer. It also calculates and displays the computer. It also calculates and displays the amount of time each hop took. amount of time each hop took.

1212

ICMP Operation

1313

                                                                                                                                                                                       

ICMP datagram structureThe ICMP datagram, being an IP datagram, contains the usual IP header. This is followed by an ICMP header which varies slightly between the different types of ICMP message. The general format is shown below:

1414

ICMP Message Types

TypTypee

Message TypeMessage Type DescriptionDescription

33 Destination Destination UnreachableUnreachable

Packet could not be deliveredPacket could not be delivered

1111 Time ExceededTime Exceeded Time to live field hit 0Time to live field hit 01212 Parameter ProblemParameter Problem Invalid header fieldInvalid header field44 Source QuenchSource Quench Choke PacketChoke Packet55 RedirectRedirect Teach a router about geographyTeach a router about geography88 EchoEcho Ask a machine if it is aliveAsk a machine if it is alive00 Echo ReplyEcho Reply Yes, I am aliveYes, I am alive1313 Timestamp RequestTimestamp Request Same as Echo request, but with Same as Echo request, but with

timestamptimestamp1414 Timestamp ReplyTimestamp Reply Same as Echo reply, but with Same as Echo reply, but with

timestamptimestamp

1515

The DESTINATION UNREACHABLE message is used when the subnet or a router cannot locate the destination.

The TIME EXCEEDED message is sent when a packet is dropped because its counter has reached zero. This event is symptom that packets are looping, that there is enormous congestion, or that the timer values are being set too low.

The PARAMETER PROBLEM message indicates that an illegal value has been detected in a header field. This problem indicates a bug in the sending host’s IP software or possibly in the software of a router transited.

The SOURCE QUENCH message was formerly used to throttle hosts that were sending too many packets. When a host received this message, it was expected to slow down.

More about Message Types

1616

The REDIRECT MESSAGE is used when a router notices that a packet seems to be routed wrong. It is used by the router to tell the sending host about the probable error.

The ECHO and ECHO REPLY messages are used to see if a given destination is reachable and alive. Upon receiving the ECHO message, the destination is expected to send an ECHO REPLY message back.

The TIMESTAMP REQUEST and TIMESTAMP REPLY messages are similar, except that the arrival time of the message and the departure time of the reply are recorded in the reply. This facility is used to measure network performance.

More about Message Types

1717

Code:The exact meaning of the value contained within this field depends on the message Type. For example, with an ICMP Type 3 message ("Destination unreachable"), a Code value of 0 means "Network unreachable", which implies a router failure. A Code of 1 means "Host unreachable".

Checksum:The checksum field provides error detection for the ICMP header only and is calculated in the same way as the IP header checksum.

Parameters:The usage of this field depends on the type of message. For example, Type 3 messages do not use this field, while Type 0 and 8 messages use the field to store an identifier and sequence number.

Data:Typically, the data is the IP header and first 64 bits of the original datagram. Including the first 64 bits of the original datagram allows the ICMP message to be matched to the datagram that caused it.

1818

CodeCode DefinitionDefinition00 Net UnreachableNet Unreachable11 Host UnreachableHost Unreachable22 Protocol UnreachableProtocol Unreachable33 Port UnreachablePort Unreachable44 Fragmentation needed & Don’t Fragment was setFragmentation needed & Don’t Fragment was set55 Source Route failedSource Route failed66 Destination Network UnknownDestination Network Unknown77 Destination Host UnknownDestination Host Unknown88 Source Host IsolatedSource Host Isolated99 Communication Destination Network is Administratively Communication Destination Network is Administratively

ProhibitedProhibited1010 Communication Destination Host is Administratively Communication Destination Host is Administratively

ProhibitedProhibited1111 Destination Network Unreachable for Type of ServiceDestination Network Unreachable for Type of Service1212 Destination Host Unreachable for Type of ServiceDestination Host Unreachable for Type of Service1313 Communication Administratively ProhibitedCommunication Administratively Prohibited1414 Host Precedence ViolationHost Precedence Violation1515 Precedence Cutoff ViolationPrecedence Cutoff Violation

Destination Unreachable Codes

1919

CodeCode DefinitionDefinition00 Redirect Datagram for the Network (or subnet)Redirect Datagram for the Network (or subnet)11 Redirect Datagram for the HostRedirect Datagram for the Host22 Redirect Datagram for the Type of Service & NetworkRedirect Datagram for the Type of Service & Network33 Redirect Datagram for the Type of Service & HostRedirect Datagram for the Type of Service & Host

Redirect Codes

CodeCode DefinitionDefinition00 Time to Live Exceeded in TransitTime to Live Exceeded in Transit11 Fragment Reassembly Time Fragment Reassembly Time

ExceededExceeded

Time Exceeded Codes Parameter Problem Codes

CodeCode DefinitionDefinition00 Pointer Indicates the Pointer Indicates the

ErrorError11 Missing a Required Missing a Required

OptionOption22 Bad LengthBad Length

2020

Problem issuesProblem issues

2121

ICMP redirect messages can be used to trick routers and hosts acting as routers into using ``false'' routes; these false routes would aid in directing traffic to an attacker's system instead of a legitimate trusted system. Older versions of UNIX could drop all connections between two hosts even if only one connection was experiencing network problems.

Problems

2222

SummarySummary

2323

SummarySummary

ICMP provides ICMP provides vital feedbackvital feedback about IP routing about IP routing and delivery problemsand delivery problems

ICMP is really ICMP is really part and parcelpart and parcel of IP itself. of IP itself.

Two vital TCP/IP diagnostic utilities, known as Two vital TCP/IP diagnostic utilities, known as PING and TRACEROUTEPING and TRACEROUTE, use ICMP to , use ICMP to measure round-trip times between a sending measure round-trip times between a sending and receiving host, and to perform path and receiving host, and to perform path discovery between sender and receiverdiscovery between sender and receiver

2424

SummarySummary

ICMP also supports ICMP also supports route optimizationroute optimization through its ICMP Redirect message type, but through its ICMP Redirect message type, but this capability is normally restricted only to this capability is normally restricted only to trusted sources of informationtrusted sources of information

2525

Questions

1.Why Source Quench message is rarely used?Sol: When Congestion occurs, sending these packets increases the congestion.

2.When are ICMP Messages generated?Sol: ICMP messages are typically generated in response to errors in IP Datagrams or for diagnostic or routing purposes.

3.What is the drawback of using the ping command?

Sol: The ping command will send an ECHO_REQUEST datagram to a host or network interface. On reception, the packet is returned with an ECHO_RESPONSE datagram. While this test does not verify that your server is operating correctly, it does verify that the networking portion of it is reachable.