Data Network Resource
       Earn on the Web

ICMP (Internet Control Message Protocol)


Introduction


ICMP is used for error and control messages within the IP world and is very much integrated with IP. IP is not designed to be totally reliable although many common network errors are dealt with. ICMP messages give information when things do not go according to plan, however even these can get lost so for this reason no ICMP messages are sent as a result of previous ICMP messages going missing.

ICMP Structure


The ICMP header sits just after the IP header in the data part of the datagram. Each ICMP message has its own format and is a separate protocol. This is important to understand, particularly in firewalling. Just because you block ICMP Ping Request does not mean that you block the ICMP Ping Response, it is not part of the same connection. The ICMP message structure changes depending on Type. The general format is shown below:

ICMP structure

The Type field is used to identify the type of message and each type uses the Code field differently. The Variable field may contain an Identification and a Sequence number plus information such as subnet masks, IP addresses etc. again depending on the type of message.

Message Types


All the ICMP messages are listed below (notice the gaps, this does not mean that some are missing!) along with any additions within the Variable field:
  • Type 0 - Echo Reply - this is the Echo reply from the end station which is sent as a result of the Type 8 Echo. The Variable field is made up of a 2 octet Identifier and a 2 octet Sequence Number. The Identifier matches the Echo with the Echo Reply and the sequence number normally increments by one for each Echo sent. These two numbers are sent back to the Echo issuer in the Echo Reply.
  • Type 3 - Destination Unreachable - the source is told that a problem has occurred when delivering a packet. There are 5 codes and these are as follows:
    • Code 0 - Net Unreachable - sent by a router to a host if the router does not know a route to a requested network.
    • Code 1 - Host Unreachable - sent by a router to a host if the router can see the requested network but not the destination node.
    • Code 2 - Protocol Unreachable - this would only occur if the destination host was reached but was not running UDP or TCP.
    • Code 3 - Port Unreachable - this can happen if the destination host was up and the TCP/IP was running but a particular service such as a web server that uses a specific port was not running.
    • Code 4 - Cannot Fragment - sent by a router if the router needed to fragment a packet but the Do not fragment (DF) bit was set in the IP header.
    • Code 5 - Source Route Failed - IP Source Routing is one of the IP Options.
  • Type 4 - Source Quench - the source is sending data too fast for the receiver (Code 0), the buffer has filled up, slow down!
  • Type 5 - Redirect - the source is told that there is another router with a better route for a particular packet i.e. this gateway checks its routing table and sees that another router exists on the same network with a more direct route. The Codes are assigned as follows:
    • Code 0 - Redirect datagrams for the network
    • Code 1 - Redirect datagrams for the host
    • Code 2 - Redirect datagrams for the Type of Service and the network
    • Code 3 - Redirect datagrams for the Type of Service and the host
    All 4 octets of the Variable Field are used for the gateway IP address where this better router resides and packets should therefore be sent.
  • Type 8 - Echo Request - this is sent by Ping (Packet Internet Groper) to a destination in order to check connectivity. The Variable field is made up of a 2 octet Identifier and a 2 octet Sequence Number. The Identifier matches the Echo with the Echo Reply and the sequence number normally increments by one for each Echo sent. These two numbers are sent back to the Echo issuer in the Echo Reply.
  • Type 11 - Time Exceeded - the packet has been discarded as it has taken too long to be delivered. This examines the TTL field in the IP header and the TTL exceeded code is one of the two codes used for this type. Trace under UDP, uses the TTL field to good effect. A Code value of 0 means that the Time to Live was exceeded whilst the datagram was in transit. A value of 1 means that the Fragment Reassembly Time was exceeded.
  • Type 12 - Parameter Problem - identifies an incorrect parameter on the datagram (Code 0). There is then a 1 octet Pointer field created in the Variable part of the ICMP packet. This pointer indicates the octet within the IP header where an error occurred. The numbering starts at 1 for the TOS field.
  • Type 13 - Timestamp request - this gives the round trip time to a particular destination. The Variable Field is made up of two 16-bit fields and three 32-bit fields:
    • Identifier - as with the Echo/Echo Reply
    • Sequence Number - as with the Echo/Echo Reply
    • Originate Timestamp - Time in milliseconds since midnight within the request as it was sent out.
    • Receive Timestamp - Time in milliseconds since midnight as the receiver receives the message.
    • Transmit Timestamp - Time in milliseconds since midnight within the reply as it was sent out.
    The Identifier and Sequence Number field are used to match timestamp requests with replies.
  • Type 14 - Timestamp reply - this gives the round trip time to a particular destination.
  • Type 15 - Information Request - this allows a host to learn the network part of an IP address on its subnet by sending a message with the source address in the IP header filled and all zeros in the destination address field. Uses the two 16-bit Identifier and Sequence Number fields.
  • Type 16 - Information Reply - this is the reply containing the network portion. These two are an alternative to RARP. Uses the two 16-bit Identifier and Sequence Number fields.
  • Type 17 - Address mask request - request for the correct subnet mask to be used.
  • Type 18 - Address mask response - reply with the correct subnet mask to be used.
You can ping an IP broadcast address e.g. for the 10.1.1.0/24 subnet the broadcast address would be 10.1.1.255. You will then receive replies from any stations that are live on that subnet.

RFC 792 describes ICMP in detail.

ICMP Router Disovery Protocol (IRDP)


A host can use IRDP to locate routers. The host sends router discovery packets and an IRDP-enabled router receives these. The server/client implementation of IRDP does not store full routing tables it just keeps track of which routers are sending the routing information. IRDP can also listen in on RIP updates or other routing protocols to find routers. If IRDP finds a routers via different methods then each discovery is given a priority.

RFC 1256 describes IRDP.

Home

Valid HTML 4.01 Transitional

Disclaimer



Earn on the Web    


All rights reserved. All trademarks, logos, and copyrights are property of their respective owners.