ICMP

(Internet Control Message Protocol)

Computer Networks

By: Saeedeh Zahmatkesh

90-91 spring

ICMP 2

ICMP is used to send debugging information and error reports between hosts, routers and other network devices

ICMP provides communication between the Internet Protocol software on one machine and the Internet Protocol software on another

ICMP

ICMP 3

ICMP Error Message Data

Historically, ICMP errors returned the offending IP header and the 1st 8 data bytes

No longer adequate with more complicated headers like IP in IP

New rules say that it should contain as much as original datagram as possible, without the length of ICMP datagram being > 576 bytes (standard Internet min size)

ICMP 4

ICMP Message Delivery

In all other respects, an ICMP message travels as would any other datagram

No additional reliability or priority The only difference between a normal datagram

and a datagram containing an ICMP message occurs in the event that the datagram containing the ICMP causes an error

No error messages are sent for ICMP error message failures

ICMP 5

ICMP messages can be lost or discarded Errors in ICMP messages should not generate additional ICMP

messages

ICMP messages are not allowed to be sent in response to (RFC1812): an ICMP error message (ok for queries) datagrams failing header validation tests broadcast or multicast IP datagrams link-layer broadcast or multicast frames invalid source address any fragment other than the first

ICMP

ICMP 6

ICMP is an integral part of IP But it is actually encapsulated within IP (Protocol=1)

IP header ICMP message

20 bytes

IP datagram

ICMP

ICMP 7

ICMP Message Types

Type Field ICMP Message Type0 Echo Reply

3 Destination Unreachable

4 Source Quench

5 Redirect

8 Echo Request

9 Router Advertisement

10 Router Solicitation

11 Time Exceeded

ICMP 8

Type Field ICMP Message Type

12 Parameter Problem

13 Timestamp Request

14 Timestamp Reply

15 Info Request (obsolete)

16 Info Reply (obsolete)

17 Address Mask Request

18 Address Mask Reply

ICMP Message Types

ICMP 9

The ping program

The ping program is a useful diagnostic tool It uses ICMP echo request/reply packets to test

whether a device is reachable

ICMP 10

The identifier allows ping to identify multiple instances of ping running at the same time on the same host

The sequence number allows us to see if packets disappeared

The round-trip time is also calculated

The ping program

ICMP 11

ICMP Destination Unreachable Message

When a router cannot forward or deliver an IP datagram, it sends a type 3 ICMP message (destination unreachable)

ICMP 12

Destination Unreachable Codes0 Network unreachable

generated by a router if a forwarding path (route) to the destination network is not available

1 Host unreachable

generated by a router if a forwarding path (route) to the destination host on a directly connected network is not available (does not respond to ARP);

2 Protocol unreachable

generated if the transport protocol designated in a datagram is not supported in the transport layer of the final destination

3 Port unreachable

generated if the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram in the transport layer of the final

destination but has no protocol mechanism to inform the sender

ICMP 13

4 Frag needed and DF set

generated if a router needs to fragment a datagram but cannot since the DF flag is set

5 Source route failed

generated if a router cannot forward a packet to the next hop in a source route option

6 Destination network unkown

This code SHOULD NOT be generated since it would imply on the part of the router that the destination network does not exist (net unreachable code 0 SHOULD be used in place of code 6);

7 Destination host unkown

generated only when a router can determine (from link layer advice) that the destination host does not exist

…

Destination Unreachable Codes

ICMP 14

Congestion and Datagram Flow Control

Two common situations may cause a router to become congested with packets

A high-speed sender transmits packets faster than an intermediate network (router) can handle them

Many senders transmit packets through the same router

ICMP 15

Congestion and Datagram Flow Control

In order to signal senders that it can’t handle the load, a router sends an ICMP source quench message

Ideally, such a message should be sent before a router is forced to drop packets

Senders reduce transmission rate upon receipt of a source quench message

ICMP 16

ICMP Source Quench Message

Type (8-bit): 4 Code (8-bit): 0 Checksum (16-bit) Unused (Zero Field, 32-bit)

ICMP 17

Route Change Requests

Routers (not hosts) are responsible for keeping routing information up-to-date

Routers are assumed to know correct routes

Hosts begin with minimal routing information and learn new routes from routers

A host may boot up knowing the address of only one router – but that may not be the best route for a given datagram

ICMP 18

When a router detects a host using a non-optimal route it: Sends an ICMP redirect message to the host Forwards the message

A host is expected to then update its routing table

Route Change Requests

ICMP 19

Not applicable to intermediate routers

Route Change Requests

ICMP 20

ICMP Redirect Message

Redirect Codes0 Redirect for the network (obsolete)1 Redirect for the Host2 Redirect for the type-of-service and network (obsolete)3 Redirect for the type-of-service and Host

ICMP 21

Circular or Excessively Long Routes

To avoid cycles datagrams contain a TTL field (also called the hop

count) which is decremented until it reaches zero

When fragmented datagrams are received a reassembly timer is started if all the fragments are not received before the timer

expires we say a timeout has occurred

ICMP 22

ICMP Time Exceeded Message

If either the TTL field reaches zero or a fragmentation reassembly timeout occurs, an ICMP time exceeded message is sent

ICMP 23

ICMP 24

Links

http://www.wiziq.com/tutorial/116986-Chapter-4-Internet-Control-Message-Protocol

http://fab.cba.mit.edu/classes/MIT/961.04/people/neil/ip.pdf

http://www.sans.org/security-resources/idfaq/icmp_misuse.php