1.IMCP Protocol Introduction
As mentioned earlier, the IP protocol is not a reliable protocol, it does not guarantee that the data will be delivered, then, naturally, the work of ensuring that the data is delivered should be done by other modules. One of the important modules is the ICMP (Network control Message) protocol.
When an error occurs in transmitting an IP packet-such as a host unreachable, routing unreachable, and so on-the ICMP protocol will packet the error message and send it back to the host. Give the host a chance to handle the error, which is why it is possible to say that the protocol built above the IP layer is likely to be secure. The ICMP packet consists of the 8bit error type and the 8bit code and 16bit checksum. The first 16bit makes up the message that ICMP is going to deliver. Figure 6-3 in the book clearly gives the meaning of the type of error and the combination of the code.
Although in most cases, the wrong packet transfer should give the ICMP message, but in special cases, the ICMP error message is not generated. As follows
- ICMP error messages do not generate ICMP error messages (out of IMCP query packets) (to prevent the infinite generation and transmission of IMCP)
- The destination address is the IP datagram of the broadcast address or multicast address.
- A datagram that is broadcast as a link layer.
- is not the first piece of IP shard.
- The source address is not a single host datagram. This means that the source address cannot be a 0 address, a loopback address, a broadcast address, or a multicast address.
While some of the rules are not clear yet, all of these rules are defined to prevent the infinite propagation of ICMP messages.
The ICMP protocol is broadly divided into two categories, one is the query message and the other is the error message. There are several uses of the query message:
- Ping query (Don't tell me you don't know the ping program)
- Subnet mask query (for diskless workstations initializing the subnet mask when initializing itself)
- Timestamp query (can be used to synchronize time)
The error message is generated when the data transmission errors occur. Don't dwell on it.
Application of 2.ICMP--ping
Ping can be said to be the most famous application of ICMP when we do not go on one of the sites. This site is usually ping. Ping will show back some useful information. General information is as follows:
Ping this word originates from sonar positioning, and this program does the same, and it uses the ICMP protocol packet to detect whether another host is up or down. The principle is to use an ICMP request with a type code of 0, and the requested host uses an ICMP response of type Code 8. The ping program calculates the interval time and calculates how many packets are delivered. Users can determine the approximate situation of the network. We can see that the ping gives out the data for the time and TTL transmitted. I give the example is not very good, because there are fewer routes to go, it is interesting to ping the foreign sites such as sf.net, you can observe some of the phenomenon of packet loss, and the program will run longer.
Ping gives us a chance to see the host's route to the destination host. This is because the ping request datagram for ICMP is reported by the router to put its own IP in the datagram every time it passes through a router. The destination host copies the IP list back to the host in response to the ICMP packet. However, in any case, the list of routes that the IP header can record is very limited. If we want to observe the route, we still need to use a better tool, that is, Traceroute (the name under Windows is called tracert).
Application of 3.ICMP--traceroute
Traceroute is an important tool to detect the routing between host and destination hosts, and is also the most convenient tool. As mentioned earlier, although the Ping tool can also detect, however, because of the IP header limit, ping can not be fully recorded under the router. So the traceroute just fills this flaw.
The principle of traceroute is very very interesting, it receives the IP of the destination host, first sends a ttl=1 to the destination host (remember what TTL is?). UDP (the next to know what UDP is the packet), and after the first router receives the packet, the TTL is automatically reduced by 1, and the TTL becomes 0, the router will discard the packet, and at the same time produce a host unreachable ICMP datagram to the host. The host receives this datagram and sends a ttl=2 UDP datagram to the destination host, then stimulates the second router to send ICMP datagrams to the host. This is repeated until the destination host is reached. In this way, traceroute gets all the router IPs. This avoids the problem that the IP header can only record limited routed IP.
Someone asked, how do I know if UDP arrives at the destination host? This involves a trick question, the TCP and UDP protocols have a port number definition, while the normal network program only monitors a few small numbers of ports, such as 80, 23, and so on. And traceroute send is the port number >30000 (true abnormal) of the UDP, so when the destination host, the destination host can only send a port unreachable ICMP datagram to the host. Host received this report will know, the host to, so, said Traceroute is a liar is not a bit too:)
There are some useful options in the Traceroute program, including options for IP routing, see the man documentation to learn about these, and don't dwell on them.
This command under the Windows system is tracert.
TCP/IP Detailed learning notes (4)-icmp protocol, Ping and Traceroute