Detailed description of TCPIP (6) ICMP protocol

1. ICMP protocol format

ICMP packets are transmitted inside the IP datagram: | IP header | ICMP packets |

ICMP Message format:

Bits 0-7 8-15 16-23 24-31
0 type code checksum
32 rest of Header

• Type-ICMP type as specified below.
• Code-subtype to the given type.
• Checksum-error checking data. calculated from the ICMP header + data, with value 0 for this field. The Checksum algorithm is specified in RFC 1071.
• Rest of header-four byte field. will vary based on the ICMP type and code.

ICMP messages can be divided into two types: query messages and error messages, as shown in the following figure:

The following situations do not cause ICMP error packets:

1) ICMP error packets (however, ICMP Query Packets may generate ICMP error packets ).
2) the destination address is the IP datagram of the broadcast address or multicast address.
3) as the datagram for Link Layer broadcast.
4) It is not the first slice.
5) the source address is zero address, loop address, broadcast address, or multicast address.

These rules are used to prevent the broadcast storms caused by the past Allow ICMP error messages to respond to broadcast groups.

2. ICMP address mask request

The ICMP address mask request is used to obtain its own subnet mask when the diskless system starts.

The message format is shown in:

Construct an ICMP address mask request:

We want to send an ICMP packet Address Mask Request and wait 10 seconds to see the replies. We mask the packet with source address of 10.2.3.4 and we send it to the address 10.0.1.255:

Icmpush-mask-SP 10.2.3.4-to 10 10.0.1.255

Note: The ICMP address mask response must be the subnet mask of the Request interface.

3. ICMP timestamp request and response

The ICMP timestamp request allows the system to query the current time from another system. The recommended value is the number of milliseconds calculated from midnight. The consistent time can reach the resolution of milliseconds.

Message format:

Construct an ICMP timestamp request: icmpush-tstamp 192.168.3.255

Tcpdump packet capture:

15:08:29. 017664 IP 192.168.3.159> 192.168.3.255: ICMP time stamp query ID 0 seq 0, length 20
15:08:29. 018170 IP 192.168.3.1> 192.168.3.159: ICMP time stamp reply ID 0 seq 0: org 356: 22: 16.510, Recv 603: 27: 17.188, xmit 603: 27: 17.188, length 20

4. ICMP port inaccessibility Error

Protocol format:

There are 15 types of ICMP error messages based on different codes.

Example:

# TFTP
TFTP> connect 192.168.12.54
TFTP> get

# Tcpdump // same as above
15:29:17. 014369 IP 192.168.32.159.57181> 192.168.12.54.69: 15 rrq "get" netascii
15:29:17. 014555 IP 192.168.12.54> 192.168.32.159: ICMP 192.168.12.54 UDP port 69 unreachable, length 51
15:29:22. 014478 IP 192.168.32.159.57181> 192.168.12.54.69: 15 rrq "get" netascii
15:29:22. 014880 IP 192.168.12.54> 192.168.32.159: ICMP 192.168.12.54 UDP port 69 unreachable, length 51
15:29:27. 014596 IP 192.168.32.159.57181> 192.168.12.54.69: 15 rrq "get" netascii
15:29:27. 014850 IP 192.168.12.54> 192.168.32.159: ICMP 192.168.12.54 UDP port 69 unreachable, length 51

Note that ICMP packets are exchanged between hosts, instead of the destination port number. UDP datagram is sent from one specific port to another.

An ICMP rule is that an ICMP error message must include at least the first eight bytes after the IP header of the datagram IP that generates the error message (including any options. The cause of the error in the I p header in the datagram is that the I p header contains the protocol field, so that ICMP can know how to interpret the next 8 bytes. For TCP and UDP protocols, these eight bytes are the source port number and destination port number.

A time series in the book: