Author: vamei Source: http://www.cnblogs.com/vamei welcome reprint, please also keep this statement. Thank you!
So far, we have explained the most important IP protocol in the network layer (refer to the Protocol forest ). An important supplement to the IP protocol is the ICMP protocol.
ICMP protocol
ICMP(Internet Control Message Protocol) YesBetween the network layer and Transport Layer. Its main function isTransmission Network diagnostic information.
ICMP transmission information can be divided into two types:Error MessageThis type of information can be used to diagnose network faults. We already know that the IP protocol works in the "Best Effort" way. If the IP package is not transmitted to the destination, or an error occurs in the IP package, the IP protocol itself will not make any further efforts. However, the host and the router that sends the upstream IP packet do not know the downstream has errors and faults, and they may continue to send the IP packet. Through the ICMP packet, the downstream routers and hosts can report error messages to the upstream, so that the upstream routers and hosts can be adjusted. It should be noted that ICMP only provides specific types of error reporting, which cannot help the IP protocol become a reliable protocol. Another type of information isInformational)For example, if a computer asks who each vro in the path is, then each vro uses an ICMP packet to answer the question.
(ICMP is based on the IP protocol. That is to say, an ICMP packet needs to be encapsulated in an IP packet and then transmitted over the Internet. ICMP is an essential part of an IP set. That is to say, any computer that supports the IP protocol must simultaneously implement ICMP .)
ICMP packet structure:
A bunch of Types
All ICMP packets haveType,CodeAndChecksumThree parts. Type indicates a large type of ICMP packet, and code is a small type subdivided within a type. Different Types and codes are available for different error messages or consultation information. As we can see from the above, ICMP supports many types, just like Swiss Army knife, and has various functions. The Checksum is similar to the header checksum of the IP protocol, but it is different from the checksum in the IP protocol. Here, the checksum verifies the entire ICMP packet (including the header and data ).
The formats of the remaining ICMP packets vary according to different types. On the other hand, an ICMP packet is usually triggered by an IP packet. ThisTrigger an IP packetThe header and part of the data will be contained in the Data section of the ICMP packet.
ICMP protocol is implementedPingCommands andTracerouteCommand. These two tools are commonly used for network troubleshooting.
Common ICMP packet types Echo
Echo)It is consulting information.PingThe command uses this type of ICMP packet. When the ping command is used, an ICMP packet of the echo-query type will be sent to the target host, and after the target host receives the ICMP packet, the echo-response type ICMP packet is returned, and the ICMP packet containing the data is queried. Ping Command is an important tool for network troubleshooting. If an IP address can receive a reply through the ping command, other network protocol communication methods may also be successful.
Source cooling
Source Quench is an error message. If a host transfers data to a destination quickly, but the destination host does not have the matching processing capability, the destination host can send this type of ICMP packet to the destination host, remind the departure host to slow down sending speed (please be gentle ).
The destination cannot be reached
Destination Unreachable)Error message. If a router receives an IP packet that cannot be further relayed, it will send this type of ICMP packet to the departure host. For example, when an IP packet arrives at the last vro and the vro finds that the destination host is down, it will send an ICMP packet of the destination unreachable type to the destination host. There may be other reasons why the destination cannot be reached, such as the absence of a relay path, or the unreceived port number.
Timeout
Time-out (exceeded)Error message. In IPv4Time to live (TTL)And in IPv6Hop limitIt will decrease with the passing router. When the value of this region is reduced to 0, it is considered that the IP packetTime-out (exceeded). Time exceeded is the ICMP packet sent from the router to the departure host when the TTL is reduced to 0, notifying it of a timeout error.
TracerouteThis type of ICMP packet is used. The traceroute command is used to find the routers in the IP address route. It sends an IP packet to the destination, and sets TTL to 1 for the first time, causing the time exceeded error of the first router. In this way, the first vroicmp replies to the ICMP packet so that the starting host knows the information of the first vro in the route. The TTL is then set to 2, 3, 4,... until it reaches the target host. In this way, each router along the way will send an ICMP packet to the departure host to report the error. Traceroute prints the ICMP packet information on the screen, which is the information of the relay path.
Redirect
Redirect)Error message. When a router receives an IP packet and compares it with its routing table, it finds that it should not receive the IP packet, and it will send a redirection type ICMP to the departure host, remind the departure host to modify its own routing table. For example, the following network:
If 145.1 is sent to the IP packet of 145.15, the result is received by the Intermediate router through the NIC of 145.17. Then the router will find that according to its own routing table, this IP package should be returned in the original path. Then the router can determine that 145.1 of the routing table may be faulty. Therefore, the router will send a redirect ICMP packet to 145.1.
IPv6 Neighbor Discovery
ARP is used to find the corresponding IP address and MAC address. However, ARP is only used for IPv4 and IPv6 does not use arp. IPv6 packets passNeighbor Discovery (Nd, Neighbor Discovery)To implement arp. Nd works in a similar way as ARP, but it is based on ICMP protocol. ICMP packet hasNeighbor solicitationAndNeighbor AdvertisementType. The two types correspond to the query and reply information of the ARP Protocol respectively.
Summary
ICMP is a helper for troubleshooting IP protocols. It helps people detect faults in IP communication in a timely manner. ICMP-based Ping and traceroute also constitute an important network diagnostic tool. However, it should be noted that although ICMP is designed for good intentions, ICMP is often borrowed by hackers.Network AttackFor example, a large number of ICMP replies are triggered using forged IP packets, and these ICMP packets are directed to the affected host to form DoS attacks. The redirect type ICMP packet can cause a host to change its own routing table, so it is also used as an attack tool. Many sites choose to ignore some types of ICMP packets to improve their security.
Welcome to the "protocol Forest" Series