Write catalog title here
description
The ICMP protocol is a connectionless protocol used to transmit error report control information. It is a very important protocol, and it has extremely important significance for network security. It belongs to the network layer protocol and is mainly used to transfer control information between the host and the router, including reporting errors, exchanging restricted control and status information, etc. When the IP data cannot access the target, the IP router cannot forward the data packet at the current transmission rate, etc., it will automatically send an ICMP message.
ICMP is an important member of the network layer in the TCP/IP model. It forms the network layer in the TCP/IP model together with the IP protocol, ARP protocol, RARP protocol and IGMP protocol. Ping and tracert are two commonly used network management commands. Ping is used to test network reachability, and tracert is used to display the path to the destination host. Both ping and tracert use the ICMP protocol to implement network functions. They are typical examples of applying network protocols to daily network management.
Features
Its functions mainly include: detecting the existence of remote hosts, establishing and maintaining routing data, redirecting data transmission paths (ICMP redirection), and data flow control. During ICMP communication, it mainly uses different types and codes to allow the machine to identify different connection conditions.
principle
ICMP provides consistent and easy-to-understand error reporting information. The sent error message is returned to the device that sent the original data, because only the sending device is the logical receiver of the error message. The sending device can then determine the type of error based on the ICMP message and determine how to better resend the failed data packet. But the only function of ICMP is to report problems rather than correct errors. The task of correcting errors is done by the sender.
We often use the ICMP protocol in the network, such as the Ping command we often use to check the network connection (both in Linux and Windows). This "Ping" process is actually the process of the ICMP protocol. There are other network commands, such as the Tracert command to trace the route, which is also based on the ICMP protocol.
Types of
Respond to request
The pings we use the most daily are responding to requests (Type=8) and responses (Type=0). A host sends an ICMP message of Type=8 to a node. If there is no abnormality on the way (such as discarded by the router, the target If there is no response to ICMP or transmission failure), the target returns an ICMP message with Type=0, indicating that the host exists. More detailed tracert determines the network distance between the host and the target by calculating the nodes through which the ICMP message passes.
Destination unreachable, source suppression, and timeout messages
The formats of these three types of messages are the same. The target unreachable message (Type=3) is used when the router or host cannot transmit datagrams. For example, when we want to connect to a non-existent system port (port number less than 1024) of the other party, It will return an ICMP message with Type=3 and Code=3. It tells us: "Hey, stop connecting, I'm not at home!" Common unreachable types include unreachable network (Code=0), host Unreachable (Code=1), protocol unreachable (Code=2), etc. Source suppression acts as a flow control role. It notifies the host to reduce the datagram flow. Since ICMP does not resume the transmission of the message, the host will gradually restore the transmission rate as long as the message is stopped. Finally, the problem with the connectionless network is that the datagram will be lost, or the target can not be found when loitering on the network for a long time, or the host cannot reorganize the datagram segment within the specified time due to congestion, then an ICMP timeout message will be triggered The production. The code field of the timeout message has two values: Code=0 means transmission timeout, Code=1 means reassembly segment timeout.
Timestamp
The timestamp request message (Type=13) and the timestamp response message (Type=14) are used to test the transmission time of a datagram between two hosts. During transmission, the host fills in the original timestamp, and the receiver fills in the receiving timestamp after receiving the request and returns it in the message format of Type=14. The sender calculates the time difference. Some systems do not respond to such messages.
All message types
ICMP type:
| TYPE | CODE | Description | Query | Error |
|---|---|---|---|---|
| 0 | 0 | Echo Reply——Echo response (Ping response) | x | |
| 3 | 0 | Network Unreachable——Network Unreachable | x | |
| 3 | 1 | Host Unreachable——The host is unreachable | x | |
| 3 | 2 | Protocol Unreachable——The protocol is unreachable | x | |
| 3 | 3 | Port Unreachable——The port is unreachable | x | |
| 3 | 4 | Fragmentation needed but no frag. bit set—— Fragmentation needed but no frag. bit set | x | |
| 3 | 5 | Source routing failed-source station routing failed | x | |
| 3 | 6 | Destination network unknown——The destination network is unknown | x | |
| 3 | 7 | Destination host unknown-the destination host is unknown | x | |
| 3 | 8 | Source host isolated (obsolete)——The source host is isolated (obsolete) | x | |
| 3 | 9 | Destination network administratively prohibited-the destination network is forbidden | x | |
| 3 | 10 | Destination host administratively prohibited-the destination host is forbidden | x | |
| 3 | 11 | Network unreachable for TOS-due to service type TOS, the network is unreachable | x | |
| 3 | 12 | Host unreachable for TOS——The host is unreachable due to service type TOS | x | |
| 3 | 13 | Communication administratively prohibited by filtering-due to filtering, communication is forcibly prohibited | x | |
| 3 | 14 | Host precedence violation-host unauthorized | x | |
| 3 | 15 | Precedence cutoff in effect——Priority cutoff in effect | x | |
| 4 | 0 | Source quench-the source is closed (basic flow control) | ||
| 5 | 0 | Redirect for network——Redirect for network | ||
| 5 | 1 | Redirect for host-Redirect to the host | ||
| 5 | 2 | Redirect for TOS and network-Redirect for service type and network | ||
| 5 | 3 | Redirect for TOS and host——Redirect for service type and host | ||
| 8 | 0 | Echo request-echo request (Ping request) | x | |
| 9 | 0 | Router advertisement——Router advertisement | ||
| 10 | 0 | Route solicitation-router solicitation | ||
| 11 | 0 | TTL equals 0 during transit-the time to live during transit is 0 | x | |
| 11 | 1 | TTL equals 0 during reassembly-the survival time is 0 during datagram assembly | x | |
| 12 | 0 | IP header bad (catchall error)-bad IP header (including various errors) | x | |
| 12 | 1 | Required options missing-missing required options | x | |
| 13 | 0 | Timestamp request (obsolete)-timestamp request (obsolete) | x | |
| 14 | Timestamp reply (obsolete)——Timestamp reply (obsolete) | x | ||
| 15 | 0 | Information request (obsolete)——Information request (obsolete) | x | |
| 16 | 0 | Information reply (obsolete)——Information reply (obsolete) | x | |
| 17 | 0 | Address mask request-address mask request | x | |
| 18 | 0 | Address mask reply-address mask reply |