ICMP protocol
ICMP is often considered an integral part of the IP layer. It is a protocol at the network layer that transmits error messages and other information that requires attention, ICMP packets are usually used by the IP layer or higher layers (such as TCP and UDP), which are transmitted within the IP datagram.
ICMP messages are roughly divided into two types: query messages and error messages.
First, let's look at the error message. When an error occurs when an IP datagram is transmitted (for example, the host cannot be reached or the network cannot be reached), the ICMP protocol will send an ICMP error message to the source host so that the host can handle the error accordingly, therefore, some protocols above the IP layer may achieve reliable transmission. The book provides some combinations of ICMP error messages (combinations of types and codes), such as network accessibility, network accessibility, protocol accessibility, and Port accessibility. One of the UDP rules is that if a UDP datagram is received and the destination port is inconsistent with a process in use, UDP returns an ICMP inaccessibility packet, and sets the combination of the type and code in the packet to port inaccessibility. The Traceroute program generates ICMP error packets by using port unavailability.
In addition, in most cases, an ICMP error message is generated when an error occurs when an IP datagram is transmitted, but the following situations do not cause an ICMP error message:
* ICMP error messages do not generate error messages (ICMP query messages may generate ICMP error messages );
* The destination address is the IP datagram of the broadcast address and multicast address;
* As the datagram broadcast at the link layer;
* It is not the first IP part.
* The Source Address is not a datagram of a single host.
These rules are used to prevent broadcast storms caused by the impact of ICMP error packets on broadcast groups in the past.
Let's take a look at the ICMP query message. The main purposes of the query message are:
* Subnet mask Query;
* Query timestamp;
* Ping query.
Ping program
Ping is a well-known application of ICMP. The basic tool used to test the connectivity of two TCP/IP systems during ping. It only uses ICMP echo requests and echo response packets, instead of passing through the transport layer, the ping SERVER is generally used to test the ICMP function in the kernel. When a website cannot be accessed, We can ping the website to check the connectivity. For example:
Ping the google server first. We can see that the connectivity is not very good, the packet loss rate is 50%, and We ping the Github server. The connectivity is good, and the packet loss rate is 0%.
Traceroute Program
Traceroute is another important application of ICMP protocol. It is mainly used to detect routes between the source host and the target host. Traceroute uses the TTL field in the ICMP message and the IP header. The principle is very simple. At the beginning, a UDP datagram with the TTL field 1 is sent, and after receiving the ICMP timeout packet, then, send a UDP datagram with the TTL field plus 1 to determine each vro in the path. When each vro discards the UDP data report, it returns an ICMP timeout message. After the packet reaches the destination host, because ICMP selects an impossible value as the UDP port (greater than 30000 ). In this way, the target host sends an ICMP error message that is inaccessible to the port.