Monday, September 6, 2010

Introduction To Internet Control Message Protocol (ICMP)

If I say 'ICMP' most people on networking domain would recognise in case you didn't know that, now you do :).

The Internet Control Message Protocol, or ICMP is a very popular protocol and actually part of an Internet Protocol (IP) implementation. ICMP came into the scene to provide feedback on problems which existed in the network.

ICMP is one of the most useful protocol to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more. Personally, I use ICMP a lot, but you need to keep its limits in mind beause you might end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) when a webserver is configured NOT to reply or a Firewall is configured to block 'ping' for security reasons looking at its position in the OSI model we can see that it's sitting over the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above.

The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.

I am going to break down the different message descriptions as they have been defined by the RFC792.

List of control messages

TypeCodeDescription
0 - Echo Reply0Echo reply (used to ping)
1 and 2Reserved
3 - Destination Unreachable0Destination network unreachable
1Destination host unreachable
2Destination protocol unreachable
3Destination port unreachable
4Fragmentation required, and DF flag set
5Source route failed
6Destination network unknown
7Destination host unknown
8Source host isolated
9Network administratively prohibited
10Host administratively prohibited
11Network unreachable for TOS
12Host unreachable for TOS
13Communication administratively prohibited
4 - Source Quench0Source quench (congestion control)
5 - Redirect Message0Redirect Datagram for the Network
1Redirect Datagram for the Host
2Redirect Datagram for the TOS & network
3Redirect Datagram for the TOS & host
6Alternate Host Address
7Reserved
8 - Echo Request0Echo request
9 - Router Advertisement0Router Advertisement
10 - Router Solicitation0Router discovery/selection/solicitation
11 - Time Exceeded0TTL expired in transit
1Fragment reassembly time exceeded
12 - Parameter Problem: Bad IP header0Pointer indicates the error
1Missing a required option
2Bad length
13 - Timestamp0Timestamp
14 - Timestamp Reply0Timestamp reply
15 - Information Request0Information Request
16 - Information Reply0Information Reply
17 - Address Mask Request0Address Mask Request
18 - Address Mask Reply0Address Mask Reply
19Reserved for security
20 through 29Reserved for robustness experiment
30 - Traceroute0Information Request
31Datagram Conversion Error
32Mobile Host Redirect
33Where-Are-You (originally meant for IPv6)
34Here-I-Am (originally meant for IPv6)
35Mobile Registration Request
36Mobile Registration Reply
37Domain Name Request
38Domain Name Reply
39SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol
40Photuris, Security failures
41ICMP for experimental mobility protocols such as Seamoby [RFC4065]
42 through 255Reserved

The ICMP header starts after the IPv4 header.

Bits0-78-1516-2324-31
0TypeCodeChecksum
32IDSequence

  • Type - ICMP type as specified below.
  • Code - further specification of the ICMP type; e.g. : an ICMP Destination Unreachable might have this field set to 1 through 15 each bearing different meaning.
  • Checksum - This field contains error checking data calculated from the ICMP header+data, with value 0 for this field. The algorithm is the same as the header checksum for IPv4.
  • ID - This field contains an ID value, should be returned in case of ECHO REPLY.
  • Sequence - This field contains a sequence value, should be returned in case of ECHO REPLY.

Padding data

Padding data follows the ICMP header (in octets):
  • The Linux "ping" utility pads ICMP to a total size of 56 bytes in addition to the 8 octet header.
  • Windows "ping" pads to a total size of 32 bytes in addition to the 8 octet header.

ICMP - Echo / Echo Reply (Ping) Message

Echo is simply what most people call a 'ping'. The Echo Reply is the 'ping reply'. ICMP Echos are used mostly for troubleshooting. When there are 2 hosts which have communication problems, a few ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems in network for packets in order to get to the other side.

Let's have a look at what an ICMP-Echo or Echo Reply packet looks like:


Okay, now looking at the screen shot above, you can see I 'pinged' www.banana.net.in the first thing my workstation did was to resolve that URL to an IP address. This was done using DNS. Once the DNS server returned the IP address of www.banana.net.in, the workstation generated an ICMP packet with the Type field set to 8.

ICMP - Destination Unreachable Message

The Destination Unreachable message is an ICMP message which is generated by gateway to inform the client that the destination is unreachable for some reason.

The error will not be generated if the original datagram has a multicast destination address. Reasons for this message may include: the physical connection to the host does not exist (distance is infinite); the indicated protocol or port is not active; the data must be fragmented but the 'don't fragment' flag is on..

0001020304050607080910111213141516171819202122232425262728293031
Type = 3CodeHeader Checksum
EmptyNext-Hop MTU
IP Header + First 8 Bytes of Original Datagram's Data

The type field (bits 0-7) must be set to 3. The code field (bits 8-15) is used to specify the type of error, and can be any as listed on the "List of control messages table" Kindly refer above.

ICMP Source Quench

The Source Quench is an Internet Control Message Protocol message which requests the sender to decrease the traffic rate of messages to a router or host. This message may be generated if the router or host does not have sufficient buffer space to process the request, or may occur if the router or host's buffer is approaching its limit.


ICMP Redirect Message

The ICMP Redirect type is sent in a single case. Consider this, you have a network (192.168.0.0/24) with several clients and hosts on it, and two gateways (192.168.1.1) & (192.168.1.2). One gateway (192.168.1.1) is to route the traffic for 10.0.0.0/24 network, and the other default gateway (192.168.1.2) to the rest of the Internet. Now consider if one of the hosts on the 192.168.0.0/24 network has no route set to 10.0.0.0/24, but it has the default gateway set. It sends a packet to the default gateway, which of course knows about the 10.0.0.0/24 network. The default gateway can deduce that it is faster to send the packet directly to the 10.0.0.0/24 gateway since the packet will enter and leave the gateway on the same interface. The default gateway will hence send out a single ICMP Redirect packet to the host, telling it about the real gateway, and then sending the packet on to the 10.0.0.0/24 gateway. The host will now know about the closest 10.0.0.0/24 gateway, and hopefully use it in the future.

Type must be set to 5. The code, which specifies the reason for the redirection, include the following:

CodeDescription
0Redirect for Network Error.
1Redirect for Host Error.
2Redirect for Type of Service and Network Error.
3Redirect for Type of Service and Host Error.

The IP address is the 32-bit address of the gateway to which the redirection should be sent. The additional data is included to allow the host to match the reply with the request that caused the redirection reply.

ICMP Router Discovery Protocol

ICMP Internet Router Discovery Protocol (IRDP) uses Internet Control Message Protocol (ICMP) router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet.

It basically consists of 2 Message-Types (Router Advertisement & Router Solicitation) used for discovering local routers. The message type 9 is sent periodically or on request (using a message of type 10) to the local subnet from the local router(s) to propagate themselves. On boot, the client may send a ICMP-Message of type 10 to ask for local routers. When a client receives a message type 9, they are adding the router to their local routing-table.

ICMP Time Exceeded

The Time Exceeded Message is an ICMP message which is generated to inform the source of a discarded datagram due to the time to live field reaching zero If the TTL field reaches 0 during transit through the packet must be discarded. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit.

Now lets take a look @ the example. The below mentioned screenshot show the traceroute to banana.net.in reaches in 17 hop.


The below mentioned screenshot TTL value is set to 50 & 51 by the system when pinging banana.net.in


In the above traceroute we saw banana.net.in was reached in 17 hops. Now lets set the TTL value to 10 and you can see the "TTL expired in transit" message.


Parameter Problem: Bad IP header

The ICMP Parameter problem message is generated as a response for any error not specifically covered by another ICMP message.

The IP header plus the first 8 bytes of the original datagram's data is returned to the sender. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

ICMP Timestamp Request / Reply

The Timestamp is an ICMP message which is used for time synchronization. It consists of the originating timestamp.

The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp.

Information Request / Reply 



This message may be sent with the source network in the IP header source and destination address fields zero (which means "this" network). The replying IP module should send the reply with the addresses fully specified. This message is a way for a host to find out the number of the network it is on.

The identifier and sequence number may be used by the echo sender to aid in matching the replies with the requests. For example, the identifier might be used like a port in TCP or UDP to identify a session, and the sequence number might be incremented on each request sent. The destination returns these same values in the reply.

The Information Request/Reply pair was intended to support self-configuring systems such as diskless workstations, to allow them to discover their IP network prefixes at boot time. However, these messages are now obsolete. The RARP and BOOTP protocols provide better mechanisms for a host to discover its own IP address.

ICMP Address Mask Request / Reply

Address Mask Request is an ICMP query message, normally sent by a host to a router in order to obtain an appropriate subnet mask & Address Mask Reply is an ICMP message, used to reply to an Address Mask Request message with an appropriate subnet mask


Traceroute

Traceroute is a computer network tool used to show the route taken by packets across an IP network. An IPv6 variant, traceroute6, is also widely available.

The working principle of any traceroute program is based on the usage of ICMP. Traceroute uses the TTL field in the header of ICMP packets to discover the Layer 3 Network devices on the path to reach the destination.

The main goal of the TTL field is to avoid infinite loop of packets in meshed networks. By increasing the TTL by one each time the source system sends a packet to the destination the path are successively discovered and the time needed for a round trip is deducted.



Leave your comment below

7 comments:

  1. Nice Article , The way it is expalined is so simple and easy to understand .

    Thanks Much for the Article.

    Komaraiah

    ReplyDelete
  2. Beneficial info and excellent design you got here! I want to thank you for sharing your ideas and putting the time into the stuff you publish! Great work!

    generic nolvadex

    ReplyDelete
  3. we are living in a leap forward in pushing the nuts and bolts of web pushing our substance to more gadgets then ever known before is that truly what might break streak? Java

    ReplyDelete
  4. One way of meeting the internet needs is to have a dial up connection running over analog phone lines or an Integrated Service Digital Network (ISDN) that uses digital telephone lines to send data. visit homepage

    ReplyDelete
  5. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post!
    Shortener

    ReplyDelete
  6. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.
    먹튀사이트

    ReplyDelete