Swiss Army Knife protocol-ICMP
ICMP protocol
An important supplement to the IP protocol is the ICMP protocol. ICMP (Internet Control Message Protocol) is a Protocol between the network layer and the transport layer. Its main function is to transmit network diagnostic information.
ICMP transmission information can be divided into two types: error information, which can be used to diagnose network faults. We already know that the IP protocol works in the "Best Effort" way. If the IP package is not transmitted to the destination, or an error occurs in the IP package, the IP protocol itself will not make any further efforts. However, the host and the router that sends the upstream IP packet do not know the downstream has errors and faults, and they may continue to send the IP packet. Through the ICMP packet, the downstream routers and hosts can report error messages to the upstream, so that the upstream routers and hosts can be adjusted. It should be noted that ICMP only provides specific types of error reporting, which cannot help the IP protocol become a reliable protocol. Another type of information is information of the nature of the consulting (Informational). For example, if a computer asks who is on each vro in the path, then each vro uses an ICMP packet to answer the question.
(ICMP is based on the IP protocol. That is to say, an ICMP packet needs to be encapsulated in an IP packet and then transmitted over the Internet. ICMP is an essential part of an IP set. That is to say, any computer that supports the IP protocol must simultaneously implement ICMP .)
ICMP packet structure:
A bunch of Types
All ICMP packets have three parts: Type, Code, and Checksum. Type indicates a large Type of ICMP packet, and Code is a small Type subdivided within a Type. Different Types and codes are available for different error messages or consultation information. As we can see from the above, ICMP supports many types, just like Swiss Army knife, and has various functions. The Checksum is similar to the header checksum of the IP protocol, but it is different from the checksum in the IP protocol. Here, the Checksum verifies the entire ICMP packet (including the header and data ).
The formats of the remaining ICMP packets vary according to different types. On the other hand, an ICMP packet is usually triggered by an IP packet. The header and part of the trigger IP packet will be contained in the Data Part Of The ICMP packet.
ICMP protocol is the basis for implementing ping and traceroute commands. These two tools are commonly used for network troubleshooting.
Common ICMP packet types
Echo
Echo is the consulting information. The ping command uses this type of ICMP packet. When the ping command is used, an ICMP packet of the Echo-query type will be sent to the target host, and after the target host receives the ICMP packet, the Echo-response type ICMP packet is returned, and the ICMP packet containing the data is queried. Ping Command is an important tool for network troubleshooting. If an IP address can receive a reply through the ping command, other network protocol communication methods may also be successful.
Source cooling
Source quench is an error message. If a host transfers data to a destination quickly, but the destination host does not have the matching processing capability, the destination host can send this type of ICMP packet to the destination host, remind the departure host to slow down sending speed (please be gentle ).
The destination cannot be reached
Destination Unreachable is an error message. If a router receives an IP packet that cannot be further relayed, it will send this type of ICMP packet to the departure host. For example, when an IP packet arrives at the last vro and the vro finds that the Destination host is down, it will send an ICMP packet of the Destination Unreachable type to the Destination host. There may be other reasons why the destination cannot be reached, such as the absence of a relay path, or the unreceived port number.
Timeout
Time-out (Time Exceeded) is an error message. The Time to Live (TTL) in IPv4 and the Hop Limit in IPv6 decrease with the passing router. When the value of this region is reduced to 0, the IP packet times out (Time Exceeded ). Time Exceeded is the ICMP packet sent from the router to the departure host when the TTL is reduced to 0, notifying it of a timeout error.
Traceroute uses this type of ICMP packet. The traceroute command is used to find the routers in the IP address route. It sends an IP packet to the destination, and sets TTL to 1 for the first Time, causing the Time Exceeded error of the first router. In this way, the first vroicmp replies to the ICMP packet so that the starting host knows the information of the first vro in the route. The TTL is then set to 2, 3, 4,... until it reaches the target host. In this way, each router along the way will send an ICMP packet to the departure host to report the error. Traceroute prints the ICMP packet information on the screen, which is the information of the relay path.
Redirect
Redirect is an error message. When a router receives an IP packet and compares it with its routing table, it finds that it should not receive the IP packet, and it will send a redirection type ICMP to the departure host, remind the departure host to modify its own routing table. For example, the following network:
If 145.1 is sent to the IP packet of 145.15, the result is received by the Intermediate router through the NIC of 145.17. Then the router will find that according to its own routing table, this IP package should be returned in the original path. Then the router can determine that 145.1 of the routing table may be faulty. Therefore, the router will send a redirect ICMP packet to 145.1.
IPv6 Neighbor Discovery
ARP is used to find the corresponding IP address and MAC address. However, ARP is only used for IPv4 and IPv6 does not use ARP. The IPv6 package implements ARP through Neighbor Discovery (ND, Neighbor Discovery. ND works in a similar way as ARP, but it is based on ICMP protocol. The ICMP packet has the Neighbor Solicitation and Neighbor Advertisement types. The two types correspond to the query and reply information of the ARP Protocol respectively.
Summary
ICMP is a helper for troubleshooting IP protocols. It helps people detect faults in IP communication in a timely manner. ICMP-based ping and traceroute also constitute an important network diagnostic tool. However, it should be noted that although ICMP is designed for good intentions, ICMP is often used by hackers for network attacks. For example, a large number of ICMP replies are triggered by using forged IP packets, and direct these ICMP packets to the affected host to form DoS attacks. The redirect type ICMP packet can cause a host to change its own routing table, so it is also used as an attack tool. Many sites choose to ignore some types of ICMP packets to improve their security.