TCP/IP Study Notes (4)-ICMP protocol, Ping and traceroute

From: http://blog.csdn.net/goodboy1881/article/details/670761

--------------------------------------------------------

1. imcp Protocol Introduction

As mentioned above, the IP protocol is not a reliable protocol. It does not guarantee that data is delivered. Naturally, the data delivery should be completed by other modules. An important module is the ICMP (Network Control Packet) protocol.

When an error occurs when an IP packet is transmitted, such as host failure or route failure, the ICMP protocol packets the error information and sends it back to the host. This gives the host a chance to handle errors. That is why the Protocol established above the IP layer is possible for security reasons. An ICMP packet consists of an 8-Bit Error type, an 8-bit code, and a 16-bit checksum. The first 16 BITs constitute the information to be transmitted by ICMP. Figure 6-3 clearly shows the meaning of the combination of error types and codes.

Although in most cases, an ICMP packet should be sent to an incorrect packet, in special cases, an ICMP error message is not generated. As follows:

1. ICMP error messages do not generate ICMP error messages (imcp query messages) (prevent unlimited generation and transmission of imcp)
2. The destination address is the IP datagram of the broadcast address or multicast address.
3. As the datagram of link layer broadcast.
4. It is not the first slice of an IP address.
5. The source address is not a datagram of a single host. This means that the source address cannot be zero, loop back, broadcast address, or multicast address.

Although some of the provisions are not quite clear yet, all these provisions are defined to prevent the infinite transmission of ICMP packets.

ICMP is generally divided into two types: Query Packets and error packets. The query message has the following purposes:

1. Ping query (do not tell me you do not know the Ping program)
2. Subnet Mask query (used to initialize the subnet mask when the diskless workstation initializes itself)
3. Time stamp query (can be used to synchronize time)

The error message is generated when an error occurs during data transmission. I will not go into details.

2. ICMP Application -- Ping

Ping is the most famous application of ICMP. When a website cannot be accessed. Usually ping this website. Ping will display some useful information. The general information is as follows:

 

Reply from 10.4.24.1: bytes = 32 time <1 ms TTL = 255
Reply from 10.4.24.1: bytes = 32 time <1 ms TTL = 255
Reply from 10.4.24.1: bytes = 32 time <1 ms TTL = 255
Reply from 10.4.24.1: bytes = 32 time <1 ms TTL = 255

Ping statistics for 10.4.24.1:
Packets: Sent = 4, stored ED = 4, lost = 0 (0% loss ),
Approximate round trip times in Milli-seconds:
Minimum = 0 ms, maximum = 0 ms, average = 0 ms

The word Ping is derived from the sonar location, and this program does the same thing. It uses ICMP protocol packets to detect whether another host is reachable. The principle is to request ICMP requests with a type code of 0, and the requested host responds with an ICMP response with a type code of 8. Ping the program to calculate the interval and the number of packets delivered. You can determine the network conditions. We can see that ping provides the data of the transfer time and TTL. The example I gave is not very good. Because there are few routes, You can ping a foreign website, such as sf.net, if you are interested. Then you can see packet loss, the program runs for a longer time.
Ping also gives us a chance to view the route from the host to the target host. This is because, when the ICMP ping request datagram passes through a vro, The vro will put its own IP address in the report. The target host will copy the IP address list to the host in response to the ICMP packet. However, in any case, the list of routes that the IP header can record is very limited. To observe routing, we still need to use a better tool, that is, traceroute (tracert in Windows ).

3. ICMP Application -- Traceroute

Traceroute is an important tool used to detect routes between the host and the target host. It is also the most convenient tool. As mentioned above, although the ping tool can also perform detection, Ping cannot completely record the router that passes through due to the IP Address Header restriction. So traceroute just fills this gap.

The principle of traceroute is very interesting. After receiving the IP address of the target host, it first sends a TTL = 1 to the target host (Do you still remember what TTL is ?) After the first router receives the packet, the TTL is automatically reduced by 1 and the TTL is changed to 0, the router discards the packet and generates an ICMP datagram that is inaccessible to the host. After receiving the datagram, the host sends a UDP datagram with TTL = 2 to the target host, and then stimulates the second router to send an ICMP data report to the host. Until the target host is reached. In this way, traceroute obtains all the router IP addresses. This avoids the problem that the IP header can only record limited routing IP addresses.

Someone asked, How do I know that UDP has not reached the target host? This involves a technical problem. The TCP and UDP protocols have a port number definition, while common network programs only monitor a few ports with smaller numbers, such as 80, for example 23, and so on. Traceroute sends a UDP packet with the port number> 30000 (abnormal). When the target host arrives, the target host can only send an ICMP datagram with a port inaccessible to the host. Once the host receives this report, it will know that the host has arrived. Therefore, traceroute is a scammers and cannot be used at all :)

The traceroute program provides some useful options and even includes IP address routing options. Please refer to the man document to learn about these options. I will not go into details here.

 

TCP/IP Study Notes (4)-ICMP protocol, Ping and traceroute