In the previous article, we have introduced the ICMP packet structure. For more information, see the article "basic structure and packet type of ICMP protocol". Next we will introduce the decoding process of this Protocol, first, let's briefly review the basic information of this Protocol.
Basic Concepts
The full name of ICMP Protocol is Internet Control Message Protocol, and the Chinese name is Internet Control Message Protocol. It works at the OSI network layer and reports errors to source hosts in data communication. ICMP supports fault isolation and recovery.
The network itself is unreliable. during network transmission, many emergencies may occur and data transmission may fail. The IP protocol at the network layer is a connectionless protocol that does not handle faults in network layer transmission. The ICMP protocol at the network layer makes up for the IP address shortage. It uses the IP protocol for information transmission, provide Error information feedback at the network layer to the source node in the data packet.
Detailed Decoding
When we capture data packets using the kolai Network Analysis System, we get the ICMP echo message, as shown in 1.
Figure 1 icmp echo packets captured by the kolai Network Analysis System)
The decoding information in Figure 1 is described in detail.
Type: 8, indicating an ICMP echo request message;
Code: 0, indicating that the network is inaccessible;
Checksum: 0x0000c of ICMP; IP checksum algorithm used;
ID: 0x0400;
Serial number: 0x0700. Each ICMP echo message has a serial number that increases progressively;
Data: indicates a 32-byte data;
Note: The above is an ICMP return packet. It can be seen that it is a little different from the ICMP packet listed above. There are several types of ICMP messages that are inaccessible to the target, redirect, timeout, send-back, and reply packets. Each packet has some differences, we will not introduce it here.