1. © Jörg Liebeherr (modified by M. Veeraraghavan) 1 ICMP: A helper protocol to IP The Internet Control Message Protocol (ICMP) is the protocol used for error and control messages in the Internet. ICMP provides an error reporting mechanism of routers to the sources. All ICMP packets are encapsulated as IP datagrams. The packet format is simple:

2. © Jörg Liebeherr (modified by M. Veeraraghavan) 2 Types of ICMP Packets Many ICMP packet types exist, each with its own format. A selection (see RFC 1256): Type Field:Message Type: 0Echo Reply 3Destination Unreachable 4Source Quench 5Redirect (Change Route) 8Echo Request 11Time Exceeded 12Parameter Problem in Datagram 13Timestamp Request 17Address Mask Request

3. © Jörg Liebeherr (modified by M. Veeraraghavan) 3 ICMP Message Types ICMP messages are either query messages or error messages. ICMP query messages: Echo request / Echo reply Router advertisement / Router solicitation Timestamp request / Timestamp reply Address mask request / Address mask reply ICMP error messages: Host unreachable Source quench Time exceeded Parameter problem

4. © Jörg Liebeherr (modified by M. Veeraraghavan) 4 Each ICMP error message contains the header and at least the first 8 bytes of the IP datagram payload that triggered the error message. Problem: How to prevent that too many ICMP messages are sent ? (e.g., an ICMP packet could trigger an ICMP packet, which triggers …). ICMP Error Messages ICMP error messages are not sent......for multiple fragments of the same IP datagrams … in response to an error message … in response to a broadcast packet … etc.

5. © Jörg Liebeherr (modified by M. Veeraraghavan) 5 Example of a Query: ICMP Timestamp A system (host or router) asks another system for the current time. Time is measured in milliseconds after midnight UTC (Coordinated Universal Time). Sender sends a request, receiver responds with reply. Sender Receiver Timestamp Request Timestamp Reply

6. © Jörg Liebeherr (modified by M. Veeraraghavan) 6 Example of an Error Message: Port Unreachable There are 16 different ICMP error messages (‘codes’) of type “Destination Unreachable”(Type = 3) Code: Message Type: 0Network unreachable 1Host unreachable 2 Protocol unreachable 3 Port unreachable 4 Fragmentation needed but bit not set 5 Source route failed 6Destination network unknown 7 Destination node unknown 8Source host isolated Code: Message Type: 9Destination network administratively prohibited 10 Destination host administratively prohibited 11Network unreachable for TOS 12Host unreachable for TOS 13 Communication administra- tively prohibited by filtering 14 host precedence violation 15 precedence cutoff in effect

7. © Jörg Liebeherr (modified by M. Veeraraghavan) 7 ICMP Port Unreachable RFC 792: If, in the destination host, the IP module cannot deliver the datagram because the indicated protocol module or process port is not active, the destination host may send a port unreachable message to the source host. Scenario: Client Request a service at a port No. 1234 Server No process is waiting at Port 1234 Port Unreachable

8. © Jörg Liebeherr (modified by M. Veeraraghavan) 8 ICMP Port Unreachable Format of the Port Unreachable Message Code = 3 for Port Unreachable

9. © Jörg Liebeherr (modified by M. Veeraraghavan) 9 ICMP Router advertisement TypeCodeChecksum Num addrsEntry sizeLifetime Router address 1 Preference level 1 Router address n Preference level n...

10. © Jörg Liebeherr (modified by M. Veeraraghavan) 10 Fields in the router advertisement Router discovery is used to automate the process by which a host determines a router address Periodically each router issues a router advertisement msg. Num addrs: Number of router addresses advertised in this message Addr. entry size: The number of 32-bit words per router address – this value must be 2 Lifetime: maximum number of seconds that the router advertisement may be considered valid (default: 1800)

11. © Jörg Liebeherr (modified by M. Veeraraghavan) 11 Fields contd. Router address i: The sending router’s address on the interface from which the message was sent – a router can have multiple interfaces to the same network or multiple addresses even for a single interface (note this is not multiple router addresses of different networks that the router is connected to). Preference level i: set by an administrator Host A Router IRouter II LAN Internet Router II will have higher preference if most of the traffic is to the LAN, making it default for host A

12. © Jörg Liebeherr (modified by M. Veeraraghavan) 12 The PING program PING (=Packet InterNet Gopher) is a program that utilizes the ICMP echo request and echo reply messages. PING is used to verify if a certain host is up and running. It is used extensively for fault isolation in IP networks. PING can be used with a wide variety of options, e.g, : -R Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. -s packetsize Specifies the number of data bytes to be sent (Default is 56) (In newer implementations, -s is used to continuously generate queries)

13. © Jörg Liebeherr (modified by M. Veeraraghavan) 13 Echo Request and Reply PING’s are handled directly by the kernel. Each Ping is translated into an ICMP Echo Request. The Ping’ed host responds with an ICMP Echo Reply. AIDA ICMP ECHO REQUEST MNG ICMP ECHO REPLY

14. © Jörg Liebeherr (modified by M. Veeraraghavan) 14 Format of Echo Request and Reply Identifier is set to process Id of querying process. Sequence number is incremented for each new echo request.

15. © Jörg Liebeherr (modified by M. Veeraraghavan) 15 Running Ping aida: ping mng.poly.edu PING mng.poly.edu (128.238.42.105): 56 data bytes 64 bytes from 128.238.42.105: icmp_seq=0 ttl=128 time=0.718 ms 64 bytes from 128.238.42.105: icmp_seq=1 ttl=128 time=3.408 ms 64 bytes from 128.238.42.105: icmp_seq=2 ttl=128 time=3.171 ms 64 bytes from 128.238.42.105: icmp_seq=3 ttl=128 time=0.701 ms 64 bytes from 128.238.42.105: icmp_seq=4 ttl=128 time=0.693 ms 64 bytes from 128.238.42.105: icmp_seq=5 ttl=128 time=1.528 ms 64 bytes from 128.238.42.105: icmp_seq=6 ttl=128 time=0.689 ms 64 bytes from 128.238.42.105: icmp_seq=7 ttl=128 time=3.077 ms ^C --- mng.poly.edu ping statistics --- 8 packets transmitted, 8 packets received, 0% packet loss round-trip min/avg/max = 0.689/1.748/3.408 ms

16. © Jörg Liebeherr (modified by M. Veeraraghavan) 16 Running Ping to a different machine Aida: ping www.cologne.de PING fileserv1.cologne.de (194.94.233.1): 56 data bytes 64 bytes from 194.94.233.1: icmp_seq=0 ttl=240 time=447.080 ms 64 bytes from 194.94.233.1: icmp_seq=1 ttl=240 time=368.383 ms 64 bytes from 194.94.233.1: icmp_seq=2 ttl=240 time=353.992 ms 64 bytes from 194.94.233.1: icmp_seq=3 ttl=240 time=323.380 ms 64 bytes from 194.94.233.1: icmp_seq=4 ttl=240 time=353.782 ms 64 bytes from 194.94.233.1: icmp_seq=5 ttl=240 time=326.356 ms ^C --- fileserv1.cologne.de ping statistics --- 7 packets transmitted, 6 packets received, 14% packet loss round-trip min/avg/max = 323.380/362.162/447.080

17. © Jörg Liebeherr (modified by M. Veeraraghavan) 17 Running Ping on a different machine duke% ping mng mng.poly.edu is alive

18. © Jörg Liebeherr (modified by M. Veeraraghavan) 18 Traceroute program Uses ICMP and TTL rather than the IP Record Route option Why not use RR option? –RR option not always implemented in routers –RR is a one-way option - need to get a return message –Room allocated in options field not sufficient

19. © Jörg Liebeherr (modified by M. Veeraraghavan) 19 Traceroute operation

20. © Jörg Liebeherr (modified by M. Veeraraghavan) 20 LAN Output Svr4% traceroute slip traceroute to slip (140.252.3.65), 30 hops max, 40 byte packets 1 bsdi (140.252.13.35) 20ms 10ms 10ms 2 slip (140.252.13.65) 120ms 120ms 120ms At each TTL value, three datagrams are sent –Times correspond to the round-trip times for each datagram