ICMP protocol principles

ICMP protocol principles
 
About ICMP

For those familiar with the network, ICMP is no longer familiar. It works in the network layer of the ISO model like the IP protocol, and its full name is Internet Control Message Protocal. Its main role in the network is:
-Host detection
-Route maintenance
-Route Selection
-Traffic Control
There are many methods for host detection: Some service BANNER of the host, some applications used, or tools used to detect the host, such as NMAP, www.netcraft.com is available on the WEB for simple host estimation. The following describes how to use the ICMP protocol to detect the host. We can also understand the ICMP protocol. Here we mainly use the ICMP protocol.
Protocol Analysis-ICMP protocol decoding
ICMP stands for Internet Control Message Protocol. The Chinese name is Internet Control Message Protocol. It works at the OSI network layer and reports errors to source hosts in data communication. ICMP supports fault isolation and recovery.
The network itself is unreliable. during network transmission, many emergencies may occur and data transmission may fail. The IP protocol at the network layer is a connectionless protocol that does not handle faults in network layer transmission. The ICMP protocol at the network layer makes up for the IP address shortage. It uses the IP protocol for information transmission, provide Error information feedback at the network layer to the source node in the data packet.
The ICMP header is 8 bytes long, as shown in structure 1.
 

 

Type (0 or 8)	Code (0)	Inspection
For use
Data

 

(Figure 1 ICMP header structure)
Type: identifies the generated error message. It is the first field in the ICMP message;
Code: further limit the generation of ICMP packets. This field is used to find the cause of the error;
Checksum: stores the checksum value used by ICMP.
Unused: reserved field for future use. The starting value is 0.
Data: contains the IP header of all received data packets. It also contains the first eight bytes of data in the IP datagram;
The diagnostic packet types provided by ICMP are shown in table 1.

 

Type	Description
0	Response (Ping response, used together with Ping requests of Type 8)
3	Inaccessibility
4	Source extinction
5	Redirection
8	Response Request (Ping request, used together with Ping response of Type 8)
9	Vro announcement (used with type 10)
10	Router request (used with type 9)
11	Timeout
12	Parameter Problems
13	Time Scale request (used with Type 14)
14	Time Scale response (used with Type 13)
15	Information Request (used with Type 16)
16	Information Response (used with Type 15)
17	Address Mask Request (used with type 18)
18	Address Mask response (used with type 17)

 

 

(Table 1 ICMP diagnostic packet types)
ICMP provides multiple types of messages to provide network-layer fault information feedback for source node nodes. Its packet types can be classified into the following five categories:
Diagnostic message (Type 8, code 0, Type 0, code 0 );
Destination unattainable packet (Type 3, code 0-15 );
Redirect Message (type 5, code 0-4 );
Timeout message (Type 11, code 0-1 );
Information packet (Type 12-18 ).
Detailed Decoding
When we capture data packets using the kolai Network Analysis System, we get the ICMP echo message, as shown in 1,

(Figure 1 the icmp echo packet captured by the kolai Network Analysis System)
The decoding information in Figure 1 is described in detail,
Type: 8, indicating an ICMP echo request message;
Code: 0, indicating that the network is inaccessible;
Checksum: 0x0000c of ICMP. The IP checksum algorithm is used.
ID: 0x0400
Serial number: 0x0700. Each ICMP echo message has a serial number and is incremental.
Data: indicates a 32-byte data.
Note: The above is an ICMP return packet. It can be seen that it is a little different from the ICMP packet listed above. Because ICMP has several types of packets (destination inaccessible packets, redirection packets, timeout packets, send-back requests, and send-back response packets), each packet has some differences, we will not introduce it here.
ICMP Packets:
1. Send back or send back response
We use an ICMPECHO packet to detect whether the host address is alive (of course, the host is not configured as an ICMP filter). By simply sending an ICMPECHO (Type 8) packet to the target host, if the ICMPECHOReply (ICMPtype0) packet is received, the host is alive. If not, you can preliminarily determine whether the host is not online or some filtering devices have filtered icmp reply. This mechanism is the usual ping command used to check whether the target host can be pinged.
The source address of the send-back message is the destination address of the send-back Response Message. To form a return response message, you should exchange the source and target addresses, change the type code to 0, and re-calculate the verification code.
The following is the message format:
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1
+- +-+
| Type | Code | Checksum |
+- +-+
| Identifier | Sequence Number |
+- +-+
| Data...
+-
Type:
8 indicates the send-back message;
0 indicates the return response message.
Code: 0
Verification Code:
The 16-bit data (starting from the ICMP type) is reversed and retrieved. To calculate the verification code, the verification code field should be zero. These Zeros will be replaced by verification codes in the future.
Identifier: if the code is 0, the code that helps match the response can be 0.
Sequence Code: if the code is 0, the sequence code that helps match the return and return responses can be 0.
Note:
The message received in the return message should be returned in the return response message. Identifiers and serial codes are matched by the delivery sender using the help code.
The response of the send-back request. Code: receive 0 from the host or gateway
 
2. Timeout packets
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1
+- +-+
| Type | Code | Checksum |
+- +-+
| Unused |
+- +-+
| Internet Header + 64 bits of Original Data datasync |
+- +-+

Type: 11
Code:
0 = Transfer timeout;
1 = multipart loading timeout.
Verification Code:
The 16-bit data (starting from the ICMP type) is reversed and retrieved. To calculate the verification code, the verification code field should be zero.
These Zeros will be replaced by verification codes in the future.
Internet Baotou + 64-bit source datagram data:
The header of the source data added to the Internet packet header is 64-bit. This data is used to match information on the host to the corresponding process.
If the High-level protocol uses the port number, it should be assumed that it is the first 64 bytes of the source data.
Note:
If the gateway finds that the TTL domain is zero when processing the data report, the datagram must be discarded. The gateway must also pass
The source host is notified. If the host fails to assemble data within the specified time segment due to the loss of data segment,
This datagram must be discarded. The timeout message sent by the gateway.
If the segment is unavailable, no timeout information is required.
Code 0 is sent by the gateway, and code 1 is sent by the host.
3. Inaccessible packets of the target host
0 1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 4 5 6 7 8 9 0 1
+- +-+
| Type | Code | Checksum |
+- +-+
| Unused |
+- +-+
| Internet Header + 64 bits of Original Data datasync |
+- +-+

Type: 3
Code:
0 = inaccessible network;
1 = Host inaccessible;
2 = protocol unavailable;
3 = the port is inaccessible;
4 = required segments and DF settings;
5 = source route failure;
Verification Code:
The 16-bit data (starting from the ICMP type) is reversed and retrieved. To calculate the verification code, the verification code field should be zero.
These Zeros will be replaced by verification codes in the future.
Internet header + Source datagram:
The header of the source data added to the Internet packet header is 64-bit. This data is used to match information on the host to the corresponding process.
If the High-level protocol uses the port number, it should be assumed that it is the first 64 bytes of the source data.
Note:
The route table corresponding to the Gateway. If the specified network in the target domain is not reachable, if the network distance is infinite, the gateway sends
The host that sends the source data cannot send messages. In addition, in some networks, the gateway can determine whether the target host is accessible.
If the destination is inaccessible, it will send an inaccessible message to the host that sends the source data.
On the target host, if the IP module cannot submit a datagram because the specified protocol module and process port are unavailable
Sends inaccessible information to the host that sends the source data.
In another case, when the datagram must be transmitted in segments and the "non-segmented" bit is enabled, the gateway must discard
This datagram and sends an inaccessible message to the host that sends the source data.
Codes 0, 1, 4, and 5 are sent by the gateway, while codes 2 and 3 are sent by the host.