Chap 09 icmp

CChhaapptteerr 99
IInntteerrnneett CCoonnttrrooll MMeessssaaggee
PPrroottooccooll
Objectives
Upon completion you will be able to:
• Be familiar with the ICMP message format
• Know the types of error reporting messages
• Know the types of query messages
• Be able to calculate the ICMP checksum
• Know how to use the ping and traceroute commands
• Understand the modules and interactions of an ICMP package
TCP/IP Protocol Suite 1

Figure 9.1 Position of ICMP in the network layer

Figure 9.2 ICMP encapsulation

9.1 TYPES OF MESSAGES
ICMP messages are divided into error-reporting mmeessssaaggeess aanndd qquueerryy
mmeessssaaggeess.. TThhee eerrrroorr--rreeppoorrttiinngg mmeessssaaggeess rreeppoorrtt pprroobblleemmss tthhaatt aa rroouutteerr oorr
aa hhoosstt ((ddeessttiinnaattiioonn)) mmaayy eennccoouunntteerr.. TThhee qquueerryy mmeessssaaggeess ggeett ssppeecciiffiicc
iinnffoorrmmaattiioonn ffrroomm aa rroouutteerr oorr aannootthheerr hhoosstt..

Figure 9.3 ICMP messages

TTaabbllee 99..11 IICCMMPP mmeessssaaggeess

9.2 MESSAGE FORMAT
An ICMP message has an 8-byte header and a variable-ssiizzee ddaattaa sseeccttiioonn..
AAlltthhoouugghh tthhee ggeenneerraall ffoorrmmaatt ooff tthhee hheeaaddeerr iiss ddiiffffeerreenntt ffoorr eeaacchh
mmeessssaaggee ttyyppee,, tthhee ffiirrsstt 44 bbyytteess aarree ccoommmmoonn ttoo aallll..

Figure 9.4 General format of ICMP messages

9.3 ERROR REPORTING
IP, as an unreliable protocol, is not concerned with eerrrroorr cchheecckkiinngg aanndd
eerrrroorr ccoonnttrrooll.. IICCMMPP wwaass ddeessiiggnneedd,, iinn ppaarrtt,, ttoo ccoommppeennssaattee ffoorr tthhiiss
sshhoorrttccoommiinngg.. IICCMMPP ddooeess nnoott ccoorrrreecctt eerrrroorrss,, iitt ssiimmppllyy rreeppoorrttss tthheemm..
TThhee ttooppiiccss ddiissccuusssseedd iinn tthhiiss sseeccttiioonn iinncclluuddee::
DDeessttiinnaattiioonn UUnnrreeaacchhaabbllee
SSoouurrccee QQuueenncchh
TTiimmee EExxcceeeeddeedd
PPaarraammeetteerr PPrroobblleemm
RReeddiirreeccttiioonn

NNoottee::
ICMP always reports error messages
to the original source.

Figure 9.5 Error-reporting messages

NNoottee::
The following are important points about ICMP
error messages:
❏ No ICMP error message will be generated in response
to a datagram carrying an ICMP error message.
❏ No ICMP error message will be generated for a
fragmented datagram that is not the first fragment.
datagram having a multicast address.
datagram having a special address such as 127.0.0.0 or
0.0.0.0.

Figure 9.6 Contents of data field for the error messages

Figure 9.7 Destination-unreachable format

NNoottee::
Destination-unreachable messages
with codes 2 or 3 can be created only
by the destination host.
Other destination-unreachable
messages can be created only by
routers.

NNoottee::
A router cannot detect all problems
that prevent the delivery of a packet.

NNoottee::
There is no flow-control mechanism in
the IP protocol.

Figure 9.8 Source-quench format

NNoottee::
A source-quench message informs the
source that a datagram has been
discarded due to congestion in a router
or the destination host.
The source must slow down the
sending of datagrams until the
congestion is relieved.

NNoottee::
One source-quench message is sent for
each datagram that is discarded due to
congestion.

NNoottee::
Whenever a router decrements a
datagram with a time-to-live value to
zero, it discards the datagram and
sends a time-exceeded message to the
original source.

NNoottee::
When the final destination does not
receive all of the fragments in a set
time, it discards the received fragments
and sends a time-exceeded message to
the original source.

NNoottee::
In a time-exceeded message, code 0 is
used only by routers to show that the
value of the time-to-live field is zero.
Code 1 is used only by the destination
host to show that not all of the
fragments have arrived within a set
time.

Figure 9.9 Time-exceeded message format

NNoottee::
A parameter-problem message can be
created by a router or the destination
host.

Figure 9.10 Parameter-problem message format

Figure 9.11 Redirection concept

NNoottee::
A host usually starts with a small
routing table that is gradually
augmented and updated. One of the
tools to accomplish this is the
redirection message.

Figure 9.12 Redirection message format

NNoottee::
A redirection message is sent from a
router to a host on the same local
network.

9.4 QUERY
ICMP can also diagnose some network problems tthhrroouugghh tthhee qquueerryy
mmeessssaaggeess,, aa ggrroouupp ooff ffoouurr ddiiffffeerreenntt ppaaiirrss ooff mmeessssaaggeess.. IInn tthhiiss ttyyppee ooff
IICCMMPP mmeessssaaggee,, aa nnooddee sseennddss aa mmeessssaaggee tthhaatt iiss aannsswweerreedd iinn aa ssppeecciiffiicc
ffoorrmmaatt bbyy tthhee ddeessttiinnaattiioonn nnooddee..
EEcchhoo RReeqquueesstt aanndd RReeppllyy
TTiimmeessttaammpp RReeqquueesstt aanndd RReeppllyy
AAddddrreessss--MMaasskk RReeqquueesstt aanndd RReeppllyy
RRoouutteerr SSoolliicciittaattiioonn aanndd AAddvveerrttiisseemmeenntt

Figure 9.13 Query messages

NNoottee::
An echo-request message can be sent
by a host or router. An echo-reply
message is sent by the host or router
which receives an echo-request
message.

NNoottee::
Echo-request and echo-reply messages
can be used by network managers to
check the operation of the IP protocol.

NNoottee::
Echo-request and echo-reply messages
can test the reachability of a host. This
is usually done by invoking the ping
command.

Figure 9.14 Echo-request and echo-reply messages

Figure 9.15 Timestamp-request and timestamp-reply message format

NNoottee::
Timestamp-request and timestamp-reply
messages can be used to
calculate the round-trip time between
a source and a destination machine
even if their clocks are not
synchronized.

NNoottee::
The timestamp-request and timestamp-reply
messages can be used to
synchronize two clocks in two
machines if the exact one-way time
duration is known.

Figure 9.16 Mask-request and mask-reply message format

Figure 9.17 Router-solicitation message format

Figure 9.18 Router-advertisement message format

9.5 CHECKSUM
In ICMP the checksum is calculated over the eennttiirree mmeessssaaggee ((hheeaaddeerr
aanndd ddaattaa))..
CChheecckkssuumm CCaallccuullaattiioonn
CChheecckkssuumm TTeessttiinngg

ExamplE 1
Figure 9.19 shows an example of checksum calculation for a
simple echo-request message (see Figure 9.14). We randomly
chose the identifier to be 1 and the sequence number to be 9.
The message is divided into 16-bit (2-byte) words. The words
are added together and the sum is complemented. Now the
sender can put this value in the checksum field.
See Next Slide

Figure 9.19 Example of checksum calculation

9.6 DEBUGGING TOOLS
We introduce two tools that use IICCMMPP ffoorr ddeebbuuggggiinngg:: ppiinngg aanndd
ttrraacceerroouuttee..
PPiinngg
TTrraacceerroouuttee

ExamplE 2
We use the ping program to test the server fhda.edu. The result
is shown below:
$ ping fhda.edu
PING fhda.edu (153.18.8.1) 56 (84) bytes of data.
64 bytes from tiptoe.fhda.edu (153.18.8.1): icmp_seq=0 ttl=62 time=1.91 ms
See Next Slide

ExamplE 2 (ContinuEd)
--- fhda.edu ping statistics ---
11 packets transmitted, 11 received, 0% packet loss, time 10103ms
rtt min/avg/max = 1.899/1.955/2.041 ms

ExamplE 3
For the this example, we want to know if the adelphia.net mail
server is alive and running. The result is shown below:
$ ping mail.adelphia.net
PING mail.adelphia.net (68.168.78.100) 56(84) bytes of data.
64 bytes from mail.adelphia.net (68.168.78.100): icmp_seq=0 ttl=48 time=85.4 ms
See Next Slide

--- mail.adelphia.net ping statistics ---
14 packets transmitted, 13 received, 7% packet loss, time 13129ms
rtt min/avg/max/mdev = 84.207/84.694/85.469

Figure 9.20 The traceroute program operation

ExamplE 4
We use the traceroute program to find the route from the
computer voyager.deanza.edu to the server fhda.edu. The
following shows the result:
$ traceroute fhda.edu
traceroute to fhda.edu (153.18.8.1), 30 hops max, 38 byte packets
1 Dcore.fhda.edu (153.18.31.254) 0.995 ms 0.899 ms 0.878 ms
2 Dbackup.fhda.edu (153.18.251.4) 1.039 ms 1.064 ms 1.083 ms
3 tiptoe.fhda.edu (153.18.8.1) 1.797 ms 1.642 ms 1.757 ms
See Next Slide

The un-numbered line after the command shows that the destination is
153.18.8.1. The TTL value is 30 hops. The packet contains 38 bytes: 20
bytes of IP header, 8 bytes of UDP header, and 10 bytes of application data.
The application data is used by traceroute to keep track of the packets.
The first line shows the first router visited. The router is named
Dcore.fhda.edu with IP address 153.18.31.254. The first round trip time
was 0.995 milliseconds, the second was 0.899 milliseconds, and the third
was 0.878 milliseconds.
The second line shows the second router visited. The router is named
Dbackup.fhda.edu with IP address 153.18.251.4. The three round trip times
are also shown.
The third line shows the destination host. We know that this is the
destination host because there are no more lines. The destination host is the
server fhda.edu, but it is named tiptoe. fhda.edu with the IP address
153.18.8.1. The three round trip times are also shown.

ExamplE 5
In this example, we trace a longer route, the route to
xerox.com
$ traceroute xerox.com
traceroute to xerox.com (13.1.64.93), 30 hops max, 38 byte packets
2 Ddmz.fhda.edu (153.18.251.40) 2.132 ms 2.266 ms 2.094 ms
...
18 alpha.Xerox.COM (13.1.64.93) 11.172 ms 11.048 ms 10.922 ms
Here there are 17 hops between source and destination. Note that some
round trip times look unusual. It could be that a router is too busy to
process the packet immediately.

ExamplE 6
An interesting point is that a host can send a traceroute packet
to itself. This can be done by specifying the host as the
destination. The packet goes to the loopback address as we
expect.
$ traceroute voyager.deanza.edu
traceroute to voyager.deanza.edu (127.0.0.1), 30 hops max, 38 byte packets
1 voyager (127.0.0.1) 0.178 ms 0.086 ms 0.055 ms

ExamplE 7
Finally, we use the traceroute program to find the route
between fhda.edu and mhhe.com (McGraw-Hill server). We
notice that we cannot find the whole route. When traceroute
does not receive a response within 5 seconds, it prints an
asterisk to signify a problem, and then tries the next hop..
$ traceroute mhhe.com
traceroute to mhhe.com (198.45.24.104), 30 hops max, 38 byte packets
2 Ddmz.fhda.edu (153.18.251.40) 2.141 ms 2.159 ms 2.103 ms
3 Cinic.fhda.edu (153.18.253.126) 2.159 ms 2.050 ms 1.992 ms
...
16 * * *
17 * * *
...............

9.7 ICMP PACKAGE
To give an idea of how ICMP can handle the sending aanndd rreecceeiivviinngg ooff
IICCMMPP mmeessssaaggeess,, wwee pprreesseenntt oouurr vveerrssiioonn ooff aann IICCMMPP ppaacckkaaggee mmaaddee ooff
ttwwoo mmoodduulleess:: aann iinnppuutt mmoodduullee aanndd aann oouuttppuutt mmoodduullee..
IInnppuutt MMoodduullee
OOuuttppuutt MMoodduullee

Figure 9.21 ICMP package

Chap 09 icmp

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Chap 09 icmp (20)

More from Noctorous Jamal (19)

Recently uploaded (20)

Chap 09 icmp