Internet Control Message Protocol ICMP is an important protocol in the network layer. The ICMP protocol is used to transmit various error and control information between network devices, which is very important for collecting various network information, diagnosing and eliminating various network faults. When using ICMP-based applications, you need to be familiar with how ICMP works.
Learning Goals:
1. Describe the application scenario for ICMP
2. Understanding common ICMP message types
3. Mastering the application of ping and tracert
ICMP is one of the core protocols of TCP/IP protocol cluster, it is used to send control messages between IP network devices, transmit error, control, query and other information.
ICMP redirect redirection messages are used to support routing capabilities. , host a wants to send a message to server A, and then sends a paper to the gateway RTB based on the configured default gateway address. After the gateway RTB receives the message, it checks the message and discovers that the message should be forwarded to another gateway device RTA on the same network segment as the source host, because this forwarding path is a better path. So RTB sends a redirect message to the host notifying the host to send the message directly to another gateway, RTA. After the host receives the redirect message, the RTA sends a delivery paper to RTA, which forwards the messages to server A.
ICMP echo messages are often used to diagnose network connectivity between sources and destinations, and can provide additional information, such as round-trip time for messages.
That is, the ping process.
ICMP defines various error messages that are used to diagnose network connectivity problems, and according to these error messages, the source device can determine the cause of the data transfer failure. For example, if a loop occurs in the network, causing the message to loop through the network and the final TTL timeout, in which case the network device sends a TTL timeout message to the sending device. For example, if the destination is unreachable, the intermediary network device will send the destination unreachable message to the sending device. There are many situations where the destination cannot be reached, if the network device cannot find the destination network, the destination network cannot reach the message; If the network device cannot find the destination host in the destination network, the destination host unreachable message is sent.
The ICMP message is encapsulated in the IP packet. The format of the ICMP message depends on the type and the Code field, where the Type field contains the message types and the code fields contain specific parameters for the message type. The checksum field that follows is used to check whether the message is complete. The message contains 32-bit mutable parameters, which are generally not used and are typically set to 0. In the ICMP Redirect message, this field is used to specify the gateway IP address from which the host redirects the message to the specified gateway. In the Echo Request message, this field contains the identifier and ordinal, and the source side associates the received reply message with the Echo request message sent by the local side based on these two parameters. In particular, when multiple echo Request messages are sent from the destination end of the source, the Echo request and reply must be one by one based on the identifier and sequence number.
ICMP defines a variety of message types for different scenarios. Some messages do not require a Code field to describe a specific type parameter, only the Type field is used to represent message types. For example, the Type field of the ICMP Echo reply message is set to 0.
Some ICMP messages use the Type field to define a large class of messages, with the Code field representing the specific type of message. For example, a message of type 3 cannot be reached, and different Code values indicate an unreachable reason, including the destination network unreachable (code=0), the destination host unreachable (code=1), the Protocol unreachable (code=2), the destination tcp/udp Port unreachable (code=3), and so on.
Where the network can not reach refers to the absence of this network segment, the host can not reach refers to the network segment, but the network segment does not have this host, the port can not reach refers to the host is not open this port (most commonly used), the protocol cannot reach refers to the protocol number is not supported.
A typical application of ICMP is ping. Ping is a common tool for detecting network connectivity and can also collect other relevant information. The user can specify different parameters in the ping command, such as the length of ICMP packets, the number of ICMP packets sent, the timeout of waiting for reply response, etc., the device constructs and sends ICMP packets according to the configured parameters for ping test.
The common configuration parameters for Ping are described below:
1.-a source-ip-address Specifies the source IP address where the ICMP echo-request message is sent. If you do not specify a source IP address, the IP address of the outgoing interface is used as the source address for the ICMP echo-request message.
2.-C count Specifies the number of ICMP Echo-request messages sent. By default, 5 ICMP echo-request messages are sent.
3.-H Ttl-value The value of the specified TTL. The default value is 255.
4.-t timeout specifies that after the ICMP echo-request is sent, wait for the ICMP echo-
The timeout period for reply.
The output information for the ping command includes the destination address, the ICMP message length, the sequence number, the TTL value, and the round-trip time. The ordinal number is a variable parameter field contained in the Echo reply message (type=0), and the TTL and round-trip time are included in the IP header of the message.
Another typical application of
ICMP is tracert. The tracert is based on the TTL value in the message header to track the forwarding path of the packet hop by step. To track the path to a particular destination address, the source first sets the TTL value of the message to 1. After the message arrives at the first node, the TTL times out, and the node sends a TTL time-out message to the source that carries the timestamp. The source side then sets the TTL value of the message to 2, the message expires after the second node, and the node returns the TTL timeout message, and so on until the message arrives at the destination. In this way, the source side can track each node through the message according to the information in the returned message, and calculate the round-trip time based on the timestamp information. Tracert is an effective means to detect the delay of packet loss, and can help administrators discover the routing loops in the network.
tracert commonly used configuration parameters are described below:
1.-a source-ip-address Specifies the source address of the tracert message.
2.-F First-ttl Specifies the initial TTL. The default value is 1.
3.-M MAX-TTL specifies the maximum TTL. The default value is 30.
4.-name enables the host name to be displayed for each hop.
5.-P port Specifies the UDP port number of the destination host.
The source-side (RTA) sends a UDP message to the destination (Host B) with a TTL value of 1, and the destination UDP port number is a number greater than 30000, because in most cases, a UDP port number greater than 30000 is a port number that is not available to any application.
When the first hop (RTB) receives a UDP message from the source, it is determined that the destination IP address of the message is not the native IP address, the TTL value is reduced by 1 and the TTL value is equal to 0, then the message is discarded and an ICMP timeout (time exceeded) message is sent to the source end ( The message contains the first hop IP address 10.0.0.2), so that the source end is the address of the RTB.
After receiving the ICMP hyper-times of RTB, the source side sends a UDP message to the destination again, with a TTL value of 2.
When the second hop (RTC) receives a UDP message from the source, it responds to an ICMP hyper-times so that the source has the RTC address (20.0.0.2).
The above process is continuous, until the destination receives the source sends the UDP message, determines the destination IP address is the native IP address, then processes this message. Based on the destination UDP port number in the message to find the upper layer protocol that occupies this port number, because no application uses the UDP port number on the destination, an ICMP Port unreachable (Destination unreachable) message is returned to the source side.
After receiving the ICMP Port unreachable message from the source, it is determined that the UDP message has reached the destination, then stop the TRACERT program to get the path (10.0.0.2;20.0.0.2;30.0.0.2) from the source end to the destination end of the data message.
Summarize:
1. What are the two types of ICMP messages that Ping uses?
2. What happens when a network device receives an IP message with a TTL value of 0?
For:
1. Ping uses an ICMP echo request message (type value of 8) to initiate detection purposes for accessibility. When the destination receives an ICMP echo request message, an ICMP echo reply message is sent to the source, based on the source address in the IP header (the type value is 0).
2. If the IP datagram has been downgraded to 0 before the destination is reached, the network device that receives the IP packet discards the packet and sends an ICMP message to the source to notify the source-side TTL timeout.
5.HCNA-HNTD--ICMP protocol