1.IMCP Protocol Introduction
As mentioned earlier, the IP protocol is not a reliable protocol, it does not guarantee that the data will be delivered, then, naturally, the work of ensuring that the data is delivered should be done by other modules. One of the important modules is the ICMP (Network control Message) protocol.
When an error occurs in transmitting an IP packet-such as a host unreachable, routing unreachable, and so on-the ICMP protocol will packet the error message and send it back to the host. Give the host a chance to handle the error, which is why it is possible to say that the protocol built above the IP layer is likely to be secure. The ICMP packet consists of the 8bit error type and the 8bit code and 16bit checksum. The first 16bit makes up the message that ICMP is going to deliver. Figure 6-3 in the book clearly gives the meaning of the type of error and the combination of the code.
Although in most cases, the wrong packet transfer should give the ICMP message, but in special cases, the ICMP error message is not generated. As follows
- ICMP error messages do not generate ICMP error messages (out of IMCP query packets) (to prevent the infinite generation and transmission of IMCP)
- The destination address is the IP datagram of the broadcast address or multicast address.
- A datagram that is broadcast as a link layer.
- is not the first piece of IP shard.
- The source address is not a single host datagram. This means that the source address cannot be a 0 address, a loopback address, a broadcast address, or a multicast address.
The above rules are designed to prevent the generation of ICMP message broadcast storms.
The ICMP protocol is broadly divided into two categories, one is the query message and the other is the error message. There are several uses of the query message:
- Ping query (Don't tell me you don't know the ping program)
- Subnet mask query (for diskless workstations initializing the subnet mask when initializing itself)
- Timestamp query (can be used to synchronize time)
The error message is generated when the data transmission errors occur. Don't dwell on it.
Application of 2.ICMP--ping
Ping can be said to be the most famous application of ICMP when we do not go on one of the sites. This site is usually ping. Ping will show back some useful information. General information is as follows:
Reply from 10.4.24.1:bytes=32 time<1ms ttl=255
Reply from 10.4.24.1:bytes=32 time<1ms ttl=255
Reply from 10.4.24.1:bytes=32 time<1ms ttl=255
Reply from 10.4.24.1:bytes=32 time<1ms ttl=255
Ping statistics for 10.4.24.1:
Packets:sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in Milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
Ping this word originates from sonar positioning, and this program does the same, and it uses the ICMP protocol packet to detect whether another host is up or down. The principle is to use an ICMP request with a type code of 0, and the requested host uses an ICMP response of type Code 8. The Ping program calculates the interval time and calculates how many packets are delivered. Users can determine the approximate situation of the network. We can see that the ping gives out the data for the time and TTL transmitted.
A further review of the principles and processes
(Ping is actually using the ICMP echo and ICMP echo reply packets to detect the presence of the host, so the process of pinging is simple: sending ICMP echo packets----> receiving ICMP Echo reply packets)
Ping gives us a chance to see the host's route to the destination host. This is because the ping request datagram for ICMP is reported by the router to put its own IP in the datagram every time it passes through a router. The destination host copies the IP list back to the host in response to the ICMP packet. However, in any case, the list of routes that the IP header can record is very limited. If we want to observe the route, we still need to use a better tool, that is to speak of traceroute (in Windows cmd corresponds to tracert).
Application of 3.ICMP--traceroute
Traceroute is an important tool to detect the routing between host and destination hosts, and is also the most convenient tool. As mentioned earlier, although the Ping tool can also detect, however, because of the IP header limit, ping can not be fully recorded under the router. So the traceroute just fills this flaw.
The principle of traceroute is very very interesting, it receives the IP of the destination host, first sends a ttl=1 to the destination host (remember what TTL is?). UDP (the next to know what UDP is the packet), and after the first router receives the packet, the TTL is automatically reduced by 1, and the TTL becomes 0, the router discards the packet, and simultaneously produces a time-out ICMP datagram to the host. The host receives this datagram and sends a ttl=2 UDP datagram to the destination host, then stimulates the second router to send ICMP datagrams to the host. This is repeated until the destination host is reached. In this way, traceroute gets all the router IPs. This avoids the problem that the IP header can only record limited routed IP.
Someone asked, how do I know if UDP arrives at the destination host? This involves a trick question, the TCP and UDP protocols have a port number definition, while the normal network program only monitors a few small numbers of ports, such as 80, 23, and so on. And Traceroute sends the port number >30000 (True metamorphosis) of the UDP datagram, so when the destination host, the destination host can only send a port unreachable ICMP datagram to the host. Host received this report will know, the host to, so, said Traceroute is a liar is not a bit too:)
4.ICMP protocol, Ping and Traceroute