ICMP.ppt

Introduction to ICMP
Internet Control Message Protocol

Overview
2
• Knowledge of ICMP control messages is an essential
part of network troubleshooting and is a key to a full
understanding of IP networks.
• This module will:
– Describe ICMP
– Describe the ICMP message format
– Identify ICMP error message types
– Identify potential causes of specific ICMP error
messages
– Describe ICMP control messages
– Identify a variety of ICMP control messages used in
networks today
– Determine the causes for ICMP control messages

3
(ICMP)
• Short messages used to send error & other control
information
• Examples
– Echo request / response
• Can use to check whether remote host reachable
– Destination unreachable
• Indicates how far packet got & why couldn’t go further
– Flow control (source quench)
• Slow down packet delivery rate
– Timeout
• Packet exceeded maximum hop limit
– Router solicitation / advertisement
• Helps newly connected host discover local router
– Redirect
• Suggest alternate routing path for future messages

4
IP is a best effort delivery system.
• Data may fail to reach its destination for a
variety of reasons, such as hardware failure,
improper configuration or incorrect routing
information.
• IP does not have a built-in mechanism for
sending error and control messages.
• IP also lack a mechanism for host and
management queries.
Internet Control Message Protocol (ICMP) was
designed to handle these issues.
Why ICMP ?

5
The IP provides unreliable and connectionless datagram delivery.
It was designed to make efficient use of network resources.
IP has no error-reporting or error correcting mechanism.
IP has no mechanism for host and management queries.
ICMP has been designed to compensate for the above deficiencies.
Position of ICMP in network layer

Error Reporting
• Examples of errors a router may see
– Router doesn’t know where to forward a packet
– Packet’s time-to-live field expires
• Router doesn’t really need to respond
– Best effort means never having to say you’re sorry
– So, IP could conceivably just silently drop packets
• But, silent failures are really hard to diagnose
– IP includes basic feedback about network problems
– Internet Control Message Protocol (ICMP)
6

• ICMP runs on top of IP
– In parallel to TCP and UDP
– Though still viewed as an integral part of IP
• Diagnostics
– Triggered when an IP packet encounters a problem
• E.g., time exceeded or destination unreachable
– ICMP packet sent back to the source IP address
• Includes the error information (e.g., type and code)
• … and an excerpt of the original data packet for
identification
– Source host receives the ICMP packet
• And inspects the excerpt of the packet (e.g., protocol
and ports)
• … to identify which socket should receive the error
7

ICMP
• IP is an unreliable method for delivery of network
data.
• Nothing in its basic design allows IP to notify the
sender that a data transmission has failed.
• Internet Control Message Protocol (ICMP) is the
component of the TCP/IP protocol stack that
addresses this basic limitation of IP.
• ICMP does not overcome the unreliability issues in IP.
• Reliability must be provided by upper layer protocols
(TCP or the application) if it is needed. .
8

ICMP message delivery
9
• ICMP messages are encapsulated into datagrams in the same way any
other data is delivered using IP.
• Subject to the same delivery failures as any IP packet.
• This creates a scenario where error reports could generate more error
reports, causing increased congestion on an already ailing network.
• For this reason, errors created by ICMP messages do not generate their
own ICMP messages.
• It is thus possible to have a datagram delivery error that is never
reported back to the sender of the data.

10
ICMP packet structure overview

11
General Format of ICMP
Messages
• Type : relevant ICMP message
• Code : more details information
• Checksum : covers ICMP header/data

12
Type Name
---- -------------------------
0 Echo Reply
1 Unassigned
2 Unassigned
3 Destination Unreachable
4 Source Quench
5 Redirect
6 Alternate Host Address
7 Unassigned
8 Echo
9 Router Advertisement
10 Router Solicitation
11 Time Exceeded
12 Parameter Problem
13 Timestamp
14 Timestamp Reply
15 Information Request
16 Information Reply
Type Name
---- -------------------------
17 Address Mask Request
18 Address Mask Reply
19 Reserved (for Security)
20-29 Reserved (for Robustness Experiment)
30 Traceroute
31 Datagram Conversion Error
32 Mobile Host Redirect
33 IPv6 Where-Are-You
34 IPv6 I-Am-Here
35 Mobile Registration Request
36 Mobile Registration Reply
37 Domain Name Request
38 Domain Name Reply
39 SKIP
40 Photuris
41-255 Reserved
Type Field
ICMP Type Field

13
Type 3: Destination Unreachable
Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is Administratively Prohibited
10 Communication with Destination Host is Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service
13 Communication Administratively Prohibited
14 Host Precedence Violation
15 Precedence cutoff in effect
Many of these ICMP types have a "code"
field.
Here are the assigned code fields for Type 3
Destination Unreachable.
Codes 2 and 3 are created only by the
Destination Host, all others are created only
by routers.
ICMP Code Field
Code Field

Error Reporting
15
ICMP does not correct errors, it reports them to the
original source.
The error correction is then leaved to the upper layer
protocols.
Error reporting messages:

Contents of data field for error messages

Important points about ICMP error
messages:
1. No ICMP error message for a datagram carrying an
ICMP error message.
2. No ICMP error message for a fragmented datagram
that is not the first fragment.
3. No ICMP error message for a datagram having a
multicast address.
4. No ICMP error message for a datagram with a special
address such as 127.0.0.0 or 0.0.0.0
• ICMP error messages never generates due to:
– ICMP error message selves
– Broadcast, multicast
– Others fragments, except first fragment
– This to prevent broadcast storm 17

19
Destination-unreachable
• If datagrams cannot always be forwarded to their destinations,
ICMP delivers back to the sender a destination unreachable
message indicating to the sender that the datagram could not be
properly forwarded.
• A destination unreachable message may also be sent when packet
fragmentation is required in order to forward a packet.
– If the datagram does not allow fragmentation, the packet
cannot be forwarded, so a destination unreachable message will
be sent.
– More a little later on fragmentation and MTU Path Discovery!
• Destination unreachable messages may also be generated if IP
related services such as FTP or Web services are unavailable.
ICMP Destination Unreachable
Type = 3

20
Destination-unreachable codes
Codes 2 and 3 can be generated only by destination
host, others only by routers

21
Source-quench
IP doesn’t have flow control – luck of flow control can create congestion in
routers and destination host. The source-quench is added to add a kind of
flow control.
A source-quench message informs the source that a datagram has been
discarded due to congestion in a router or in the destination host. The
source must slow down (quench) the sending of datagrams until the
congestion is relieved.
One source-quench message should be sent for each datagram that is
discarded due to congestion.

Time-exceeded message
22
Whenever a router receives a datagram with a time-to-live value of
zero (TTL), it discards the datagram and sends a time-exceeded
message to the original source (used only by routers)
When the final destination does not receive all of the fragments in a
set time (time out field in reassembly table), it discards the
received fragments and sends a time-exceeded message to the
original source (used only by destination host)
Code 0: Time to live; Code 1: Fragmentation

23
Time-exceeded message
IP Header
0 15 16 31
4-bit
Version
4-bit
Header
Length
8-bit Type Of
Service
(TOS)
16-bit Total Length (in bytes)
16-bit Identification
3-bit
Flags 13-bit Fragment Offset
8 bit Time To Live
TTL
8-bit Protocol 16-bit Header Checksum
32-bit Source IP Address
32-bit Destination IP Address
Options (if any)
Data
• A TTL value is defined in each datagram (IP packet).
• As each router processes the datagram, it decreases the TTL value
by one.
• When the TTL of the datagram value reaches zero, the packet is
discarded.
• ICMP uses a time exceeded message to notify the source device
that the TTL of the datagram has been exceeded.
Type = 11
ICMP Time Exceeded

24
Code 0: Main header problem (error or ambiguity in one of the header fields);
Code 1: Problem in the option field (part of option missing)
Pointer points to the troubled field
Parameter problem message

25
Parameter problem message
• Devices that process datagrams may not be able to forward a
datagram due to some type of error in the header.
• This error does not relate to the state of the destination host
or network but still prevents the datagram from being processed
and delivered.
• An ICMP type 12 parameter problem message is sent to the source
of the datagram.
Type = 12
ICMP Parameter Problem

26
This host has chosen a
poor next-hop address
Better choice for A
The packet is not discarded
The default router isn’t
necessarily the best choice
It will correct this by sending
redirection message
Redirection concept

27
Code 0: Network specific
Code 1: Host specific
Code 2: Network specific (specified service)
Code 3: Host specific (specified service)
Redirect message

28
Redirect message
• ICMP Redirect messages can only be sent by routers
• Host H sends a packet to Host 10.1.1.1 on network 10.0.0.0/8.
• Since Host H is not directly connected to the same network, it
forwards the packet to its default gateway, Router R1 at
172.16.1.100.
• Router R1 finds the correct route to network 10.0.0.0/8 by looking
in its route table.
• It determines that the path to the network is back out the same
interface the request to forward the packet came from to Router
R2 at 172.16.1.200.
• R1 forwards the packet to R2 and sends an ICMP
redirect/change request to Host H telling it to use Router R2 at
172.16.1.100 as the gateway to forward all future requests to
network 10.0.0.0/8.
Type = 5 Code = 0 to 3
ICMP Redirect

29
• Default gateways only send ICMP redirect/change request
messages if the following conditions are met:
– The interface on which the packet comes into the router is the
same interface on which the packet gets routed out.
– The subnet/network of the source IP address is the same
subnet/network of the next-hop IP address of the routed
packet.
– The datagram is not source-routed.
– The route for the redirect is not another ICMP redirect or a
default route.
– The router is configured to send redirects. (By default, Cisco
routers send ICMP redirects. The interface subcommand no ip
redirects will disable ICMP redirects.)
Type = 5 Code = 0 to 3
ICMP Redirect
Redirect message

30
Query messages are used to diagnose the network problems, to
analyze the network behavior and to discover routers on the
local network.
Router discovery
Query messages

31
• Unlike error messages, control messages are
not the results of lost packets or error
conditions which occur during packet
transmission.
• Instead, they are used to inform hosts of
conditions such as:
– Whether they can reach a particular
destination host/router.
– Existence of a better gateway to a remote
network
Introduction to ICMP Control Messages

32
Echo-request and echo-reply message
Echo-request and echo-reply messages can test the reachability of a
host. This is usually done by invoking the ping command. MS also
offers tracert command to trace all routers on the path between
the source and the destination.
An echo-request message can be sent by a host or router.
An echo-reply message is sent by the host or router which receives an
echo-request message.

33
Echo-request and echo-reply message
Ethernet Header
(Layer 2)
IP Header
(Layer 3)
ICMP Message
(Layer 3)
Ether.
Tr.
Ethernet
Destination
Address
(MAC)
Ethernet
Source
Address
(MAC)
Frame
Type
Source IP Add.
Dest. IP Add.
Protocol field
Type
0 or 8
Code
0
Check-
sum
ID Seq.
Num.
Data FCS
Echo = Type 8
Echo Reply = Type 0
• IP Protocol Field = 1
• The echo request message is typically initiated using the ping
command .

34
Timestamp request and reply
Time stamp of
the requester
Time stamp of the replier
(request receive time)
Time stamp of the replier
(reply transmit time)
Can be used between two machines to find the round-trip time between them.
Can also be used to synchronize the clocks of the two machines.
All timestamps in Universal Time (UT)

35
Clock synchronization and transit
time estimation
• The TCP/IP protocol suite allows systems to connect to one
another over vast distances through multiple networks.
• Each of these individual networks provides clock synchronization in
its own way.
• As a result, hosts on different networks who are trying to
communicate using software that requires time synchronization
can sometimes encounter problems.
• The ICMP timestamp message type is designed to help alleviate
this problem.
• The ICMP timestamp request message allows a host to ask for
the current time according to the remote host.
• The remote host uses an ICMP timestamp reply message to
respond to the request.
Type = 13 or 14
ICMP Timestamp Request
Replaced by

36
Information requests and reply message
formats
• The ICMP information requests and
reply messages were originally
intended to allow a host to determine
its network number.
• This particular ICMP message type is
considered obsolete.
• Other protocols such as BOOTP and
Dynamic Host Configuration Protocol
(DHCP) are now used to allow hosts to
obtain their network numbers.
Type = 15 or 16
ICMP Information Request/Reply

37
If a host wants to know its subnet mask it can ask the router on
the same LAN. (This request can be broadcast)
Mask-request and mask-reply messages
• This new subnet mask is crucial in identifying network, subnet,
and host bits in an IP address.
• If a host does not know the subnet mask, it may send an
address mask request to the local router.
• If the address of the router is known, this request may be sent
directly to the router.
• Otherwise, the request will be broadcast.
• When the router receives the request, it will respond with an
address mask reply.

38
Router solicitation message
A host can broadcast a router solicitation message to
check if there is any router Around and alive.
The routers that receive this message will broadcast
the router advertisement message.

39
Router advertisement message
All routers on the local network will respond to the router solicitation
message by broadcasting the router advertisement message.
Routers can also broadcast periodically an unsolicited advertisement
message.
Number of
address/preference pairs
Number of seconds
the address/preference
pairs are valid
Preferability of the router
Address as a default router
Address relative to other
routers on the same subnet
Router announces not only its own presence but also the
presence of all routers on the network of which it is aware

40
• When a host on the network boots, and the host has not
been manually configured with a default gateway, it can
learn of available routers through the process of router
discovery.
• This process begins with the host sending a router
solicitation message to all routers, using the multicast
address 224.0.0.2 as the destination address. (May also be
broadcast).
• When a router that supports the discovery process
receives the router discovery message, a router
advertisement is sent in return.
• Routers may also periodically advertise router
advertisement messages.
Router Solicitation and Advertisement
Type = 10
ICMP Router Solicitation
ICMP Router Advertisement
Type = 9

41
• MTU: The maximum transmission unit is a link layer restriction on
the maximum number of bytes of data in a single transmission (ie.
frame, cell, packet, depending on the terminology).
• Path MTU : The smallest MTU of any link on the current path
between two hosts.
– This may change over time since the route between two hosts,
especially on the Internet, may change over time.
– It is not necessarily symmetric and can even vary for different
types of traffic from the same host.
Path MTU Discovery - Terms

42
Fragmentation and Reassembly
• Demonstrates many Internet concepts
– Decentralized
• Every network can choose MTU
– Connectionless
• Each fragment contains full routing information
• Fragments can proceed independently and along different routes
– Complex endpoints and simple routers
• Reassembly at endpoints
• Uses resources poorly
– Forwarding, replication, encapsulations costs
– Worst case: packet just bigger than MTU
– Poor end-to-end performance
• Loss of a fragment
• How to avoid fragmentation?
– Path MTU discovery protocol  determines minimum MTU along
route
– Uses ICMP error messages

43
Terms
Fragmentation: When a packet is too large to be sent across a link as a single
unit, a router can fragment the packet.
– This means that it splits it into multiple parts which contain enough
information for the receiver to glue them together again.
– Note that this is not done on a hop-by-hop basis, but once fragmented a
packet will not be put back together until it reaches its destination.
– Fragmentation is undesirable for numerous reasons, including:
• If any one fragment from a packet is dropped, the entire packet needs
to be retransmitted. This is a very significant problem.
• It imposes extra processing load on the routers that have to split the
packets.
• In some configuration, simpler firewalls will block all fragments
because they don't contain the header information for a
higher layer protocol (eg. TCP) needed for filtering.

44
Terms
• DF (Don't Fragment) bit: This is a bit in the IP header that can be set to
indicate that the packet should not be fragmented by routers.
– If the packet needs to be fragmented, an ICMP "can't fragment"
error is returned sent to the sender and the packet is dropped.
• ICMP Can't Fragment Error:
– This error is a type 3 (destination unreachable), code 4 (fragmentation
needed but don't-fragment bit set)
– Returned by a router when it receives a packet that is too large for it
to forward and the DF bit is set.
– The packet is dropped and the ICMP error is sent back to the origin
host.
– Normally, this tells the origin host that it needs to reduce the size of
its packets if it wants to get through.
– Recent systems also include the MTU of the next hop in the ICMP
message so the source knows how big its packets can be.
– Note that this error is only sent if the DF bit is set; otherwise,
packets are just fragmented and passed through.
4
3
ICMP Destination Unreachable
Fragmentation needed, but DF Set

45
IP MTU Discovery with ICMP
• Operation
– Send max-sized packet with “do not fragment” flag set in IP header
– If encounters problem, ICMP message will be returned
• “Destination unreachable: Fragmentation needed”
• Usually indicates MTU encountered
• Typically send series of packets from one host to another
– Amortize discovery cost
• Typically, all will follow same route
– Routes remain stable for minutes at a time
– Makes sense to do MTU discovery
host
host
router
router
MTU = 4000
MTU = 1500
MTU =
2000

46
MTU = 4000
host
host
router
MTU = 1500
MTU =
2000
IP
Packet
Length = 4000, Don’t Fragment
router
ICMP
Frag. Needed
MTU = 2000

47
MTU = 4000
host
host
MTU = 1500
MTU =
2000
IP
Packet
router
ICMP
Frag. Needed
MTU = 1500
router

48
MTU = 4000
• When successful, no reply at IP level
– “No news is good news”
• Higher level protocol might have some form of
acknowledgement
host
host
MTU = 1500
MTU =
2000
IP
Packet
router
router

49
Problem:
• How path MTU discovery (PMTU-D) combined with filtering ICMP
messages can result in connectivity problems.
• Path MTU discovery allows a node to dynamically discover and
adjust to differences in the MTU size of every link along a given
data path.
• In IPv4, the minimum link MTU size is 68 octets and the
recommended minimum is 576 octets, which is the minimum
reassembly buffer size.
• So, any IPv4 packet must be at least 68 octets in length.
• (In IPv6, the minimum link MTU is 1280 octets, but the recommended MTU value for
IPv6 links is 1500 octets. The maximum packet size supported by the basic IPv6
header is 64,000 octets. Larger packets called jumbograms could be handled using a
hop-by-hop extension header option.)
Path MTU Discovery

50
PING : ICMP Echo Request/Reply
• PING sends an ICMP echo request to a remote host,
which then return an ICMP echo reply to the sender
• Every TCP/IP node is supposed to implement ICMP and
respond to ICMP echo
PING
Reply

51
- Is the remote host alive? => Host reachability
- Is the network speed good? => Network congestion
- Is the remote host far? => Travel length (No. of hops)
Ping gives us three major information:
The ping command first sends an echo request
packet to an address, then waits for a reply. The
ping is successful only if:
the echo request gets to the destination, and
the destination is able to get an echo reply back
to the source within a predetermined time called
a timeout. The default value of this timeout is
two seconds.
PING : ICMP Echo Request/Reply

52
Host reachability
C:>ping rediff.com
Pinging rediff.com [132.147.115.24] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 132.147.115.24:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
This doesn’t mean that recipient is not alive.
The result simply means that the host just doesn’t answer to
ICMP request.
What could be the reason for this "no-answer" ?

53
Host reachability
Routing Issue
Interface Down
Firewall filters / ACLs
Delay – Timeout is 2 sec
Correct Source Address

54
If a device called Geneva can ping another called Dallas, does it
mean that the opposite, in other words Dallas can ping Geneva, is
always true?
The response is no.
Host reachability

55
No. of Hops (Time-To-Live)
The TTL or Time-To-Live gives you an indication of the number
of routers between the source and destination.
The TTL is used to prevent an IP packet from looping inside an IP
network and causing a network meltdown.
The initial TTL packet value for an IP packet is 255 and then it is
decremented by 1 each time it encounters a router. When this
value reaches 0, the packet is discarded by a router. The TTL
value is contained in each IP packet including ICMP packets. The
TTL value given by the ping command is in fact the TTL value of
an echo_response packet.
By default, Windows will decrease the TTL by 128 and Ubuntu
Linux by 192.

56
Time-To-Live Case 1
When A pings B, it receives a TTL of 251 because the packets crossed
4 routers (-4).
TTL=255-4=251.
Pinging B [1.1.1.1] with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=18 ms TTL=251
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 33ms, Average = 23ms

57
Time-To-Live Case 2
When A pings B, it receives a TTL of 124 because the packets
crossed 3 routers (-3) and a Windows machine (-128).
TTL=255-3-128=124.

58
Time-To-Live Case 3
When A pings B, it receives a TTL of 62 because the packets
crossed 3 routers (-3) and an Ubuntu machine (-192).
TTL=255-3-192=60.

59
C:UsersAdmin>ping /?
Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name
Options:
-t Ping the specified host until stopped.
To see statistics and continue - type Control-Break;
To stop - type Control-C.
-a Resolve addresses to hostnames.
-n count Number of echo requests to send.
-l size Send buffer size.
-f Set Don't Fragment flag in packet (IPv4-only).
-i TTL Time To Live.
-v TOS Type Of Service (IPv4-only. This setting has been deprecated
and has no effect on the type of service field in the IP Head er).
-r count Record route for count hops (IPv4-only).
-s count Timestamp for count hops (IPv4-only).
-j host-list Loose source route along host-list (IPv4-only).
-k host-list Strict source route along host-list (IPv4-only).
-w timeout Timeout in milliseconds to wait for each reply.
-R Use routing header to test reverse route also (IPv6-only).
-S srcaddr Source address to use.
-4 Force using IPv4.
-6 Force using IPv6.
Ping

60
Traceroute
• Time-To-Live field in IP packet header
– Source sends a packet with a TTL of n
– Each router along the path decrements the TTL
– “TTL exceeded” sent when TTL reaches 0
• Traceroute tool exploits this TTL behavior
source
destination
TTL=1
Time
exceeded
TTL=2
Send packets with TTL=1, 2, 3, … and record source of “time exceeded” message
TTL=3

61
Traceroute is to determine the active route to
a destination address
How?
 Send a UDP message to an unused port on
the target host with ttl = 1
 router decrease ttl to 0, it has to return
an ICMP time exceed message
 traceroute set ttl = 2 and retransmits,
this time go one more hop
 ttl++ until UDP reach the destination
 the target returns an ICMP service
unreachable because there is no UDP port
service
Traceroute

62
Implementation of Traceroute

63
Traceroute example
C:>tracert www.psu.ac.th
Tracing route to s1.psu.ac.th [192.168.100.61]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms cs-gw.cs.psu.ac.th [172.28.80.1]
2 2 ms 2 ms 1 ms esw-cc.psu.ac.th [192.168.99.39]
3 2 ms 3 ms 5 ms cc-atm.psu.ac.th [192.168.0.249]
4 4 ms 2 ms 3 ms tooky.psu.ac.th [192.168.98.11]
5 3 ms 3 ms 3 ms s1.psu.ac.th [192.168.100.61]
Trace complete.
C:>
usually probes each hop 3 times
a lost message or a router that doesn’t respond with denote with an “ * “
This message indicates that the router security settings keep it from
revealing its identity or the router and connection are slow.

ICMP.ppt

Recommended

Recommended

More Related Content

Similar to ICMP.ppt

Similar to ICMP.ppt (20)

Recently uploaded

Recently uploaded (20)

ICMP.ppt