ICMP (Internet Control Message Protocol)

ICMP: Internet Control Message Protocol.

The network layer of the Internet consists of the IP protocol, the routing protocol (RIP, OSPF, BGP), and ICMP.

ICMP is used to exchange messages between the host and the route. The most typical is used to report errors.

ICMP data is transmitted as valid data in IP data packets like TCP or UDP data packets. When the host receives an IP packet that encapsulates the ICMP packet, the ICMP packet is stripped from the packet Through multiplexing. This process is consistent with that of UDP and TCP.

The data format of the ICMP header:

• Type-ICMP Type;
• Code-Further divide the ICMP type. For example, the ICMP target type can be set to 1 to 15 to indicate different meanings.
• Checksum-This field is calculated from the ICMP header and data part and used to check the error data. The value of this verification code field is regarded as 0.
• ID-This field contains the id value. This field is returned in an echo reply message.
• Sequence-This field contains a sequence number, which also needs to be returned in the echo reply type message. (from: http://zh.wikipedia.org/wiki/ICMP)

ICMP is commonly used in two services: Ping and traceroute;

Ping is usually used to detect whether a host can communicate with another host through the IP protocol. Ping the host address to obtain ICMP response packets;

Ping also has many parameters to set. You can enter "Ping-h" on the command line to view them;

Traceroute: used to track routes from the local host to the target host. In the Windows command line, enter the tracert destination host address. Trace routing works by sending a series of IP data packets with an increasing TTL to the specified destination host (which encapsulates UDP data packets). That is to say, the first data packet sent has a TTL of 1, the second TTL is 2, and the third TTL is 3... the last one can reach the host, but the IP data port is incorrect. Because the IP packet does not pass through a route, the TTL of the IP packet is automatically-1. When it reaches 0, it is discarded and an ICMP packet (type11
The destination host returns an ICMP packet (type3code3) to the local host because the corresponding port number cannot be found ). You can find that an ICMP packet is returned when the host is not reached or the host is reached, but the corresponding port number cannot be found, then, how can I determine whether the tracking has been completed on the local host (that is, all the routes from the local host to the target host have been viewed )? You can see that the returned ICMP packet is different. The local host determines the difference based on the returned packet to stop tracking.

Why is it special? I haven't figured it out now... After finding it, you can make up it. It's better to make up the passing prawns.

ICMP also has many other interesting uses, such as hacker... the popular ping to death, ICMP floot, and so on.