1 Internet Control Message Protocol (ICMP) Used to send error and control messages. It is a necessary part of the TCP/IP suite. It is above the IP module in the protocol stack. ICMP messages are carried (encapsulated) within IP datagrams. ICMP does nor report on errors with ICMP messages. The ICMP message contains the first 64 bits of the original datagram as their data and are always sent to origin. ICMP messages sent by gateways report routing problems.
2 Functions of the ICMP: Error reporting: why a datagram that was not discarded due to errors was not delivered to the destination Reachability testing: sometimes certain destinations don’t respond, an echo message is sent to which the host must respond if it is up. Congestion control: when datagrams are dropped because of buffer overflow, a source quench message is sent. Route-change information: when a router realizes that a host should be using a different router to reach a destination it sends a message with the updated routing information. Performance measuring: a network manager can check the time it takes to send datagrams to particular locations. Subnet addressing: a host can request the subnet mask of its local network from the router.
3 ICMP Message Format Type (8 bits): To identify the message. Error Code (8 bits): To provide further information about the message type. Checksum(16 bits): Covers only the ICMP message. Parameters (variable size). Information (Variable size). When reporting error messages, its data field contains the IP header (incl. Options) and the 8 bytes that follow the IP header (indicating TCP, or UDP, port numbers, etc.) of the message in error.
4 ICMP Message Format 2 TypeError Code Checksum Parameters, if any Information
5 ICMP Message Types Echo Reply Destination Unreachable Source Quench Redirect (change a route) Echo Request Time Exceeded Parameter Problem Timestamp Request Timestamp Reply Information Request Information Reply Address Mask Request Address Mask Reply
6 ICMP Messages EchoRequest (8)/EchoReply (0): Most frequently used tool for debugging (Ping). On receipt of an EchoRequest, the host or gateway replies with an EchoReply containing the same data as the original echo. Destination Unreachable (3): When a router finds that a destination network or host cannot be reached will send a code 0 or code 1 type message. Code 2, if the module is not active and code 3 if the port is not active (higher level). Source Quench (4): Please slow down, you are sending me packets too fast, I have just dropped one of your datagrams. Used to report congestion to the source to reduce the rate of datagram transmission.
7 ICMP Messages (cont) Redirect (5): If on receiving a datagram a router finds that there is a better route from the datagram sender closer to the destination than itself. Time Exceeded (11): Datagrams contain a TTL field which is decremented by gateways when they forward the datagram. If the TTL reaches 0 then ICMP type 11 messages are returned to the sender. Also when the maximum hop count (RIP) is reached these messages are sent. Parameter Problems (12): Reports problems in header parameters that prevent the gateway from processing the datagram (e.g. datagram was longer than the MTU and no fragment it was set).
8 ICMP Messages (cont) TimestampRequest(13)/TimestampReply(14): On receiving a type 13 message a type 14 is sent. The message contains the original timestamp and a new timestamp from the receiving machine used to synchronise clocks or to calculate cost where this is part of the routing algorithm. InformationRequest(15)/InformationReply(16): Obsolete. Replaced by RARP and BOOTP. AddressMaskRequest(17)/AddressMaskReply(18): Hosts need to know their subnet masks to participate in subnet addressing. The request is sent to the router directly or by broadcasting if it does not know the router’s address. E.g ==> ???.???
9 Packet Internet Groper (Ping) To check reachability of hosts and routers. Uses ICMP echo request and expect an ICMP echo reply. Sample output: Tues, 22 Mar :55:20 Pinging amon.cpc.wmin.ac.uk [ ] with 64 data bytes Reply from : 64 bytes in 47 msec. TTL: 253 Reply from 161, : 64 bytes in 44 msec. TTL: 253 Reply from : 64 bytes in 42 msec. TTL: 253 Reply from 161, : 64 bytes in 43 msec. TTL: 253 Ping statistics for amon.cpc.wmin.ac.uk 4 packets transmitted, 4 packets received, 0% packet loss round-trip (ms) min/avg/max = 42/44/47
10 Traceroute Used for diagnostic purposed to report on paths that datagrams take through the network for specified: source – destination pair(s), source(s) or destination(s).
11 Traceroute Mechanism Source sends a packet with TTL of 1 (no. of hops). The first router discards the packet and sends an ICMP TTL exceeded message (type 11) back. Source sends the packet with TTL of 2. The second router discards te packet and sends an ICMP TTL exceeded message back. The above procedure is repeated until the response is received from the destination
12 Traceroute (Sample Output) Tues, 22 Mar :58:39 Sending 40 bytes to amon.cpc.wmin.ac.uk [ ] 1. Received echo from jaguar.wmin.ac.uk [ ] in 11 ms 2. Received echo from cheops.wmin.ac.uk [ ] in 34 ms 3. Received 40 bytes from amon.cpc.wmin.ac.uk [ ] in 48 ms Traceroute statistics for amon.cpc.wmin.ac.uk 3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms) min/avg/max = 48/49/55 ms
13 ICMP in routing Used for error and control Feasible solution indicated by ICMP redirect message If packet arrives at gateway, but it is not the default gateway for forwarding that packet then packet gets forwarded and ICMP message sent back to source with the appropriate gateway Original routing table updated
14 ICMP in routing 2 Not feasible (ie. Not available) indicated by unreachable message ICMP discovery messages used to solicit information about locally connected routers. ICMP can be used to request subnet mask from router