Computer network summary four ICMP

One reason for the emergence of ICMP

In IP communication, there are often cases where data packets cannot reach the other party. The reason is that a router somewhere on the way of communication discards the data packets one by one because it cannot process all the data packets. Or, although the other party has been reached, the server software may not be able to accept it due to the wrong port number. At this time, at the scene where the error occurred, the pigeons flying over for communication are ICMP messages. On the IP network, due to data packets being discarded, etc., necessary information is passed to the sender in order to control. The ICMP protocol was created to supplement the IP protocol and exchange various control information.

The IETF, which formulated the World Wide Web specification, compiled RFC7922 as the basic specification of ICMP in 1981. The beginning of RFC792 reads "ICMP is an indispensable part of IP, and all IP software must implement the ICMP protocol. Also, ICMP was developed to share some of the functions of IP.

Insert picture description here

Two uses of ICMP

In RFC, ICMP is roughly divided into two functions: error notification and information query.
Insert picture description here
[1] Error notification to the sender;
[2] Information query of the sender.

[1] is used when an error occurs when the IP data packet is processed by the other party's computer. Not only the fact that an error has occurred, but also messages such as the cause of the error are transmitted.

[2] The information inquiry is used when the sender's computer asks the other party's computer for information. The types of content inquired are very rich. They have basic confirmation of whether the machine with the target IP address exists, investigate the subnet mask of their own network, and obtain the time information of the other party's machine.

Three ICMP is working as the upper layer protocol of IP

The content of MP is placed in the data part of the IP data packet to communicate with each other. That is, in terms of ICMP message format, ICMP is the upper layer protocol of IP. However, as documented in the RFC, ICMP shares some of the functions of IP. Therefore, it is considered to be a protocol at the same layer as IP. Take a look at the data packet format and message content specified by the RFC.
Insert picture description here
Let's look at the format of the data packet in more detail. There are actually many fields on the IP data packet used to transmit ICMP packets. But actually there are only 7 sub-segments related to the ICMP protocol.

1) Protocol; 2) Source IP address; 3) Destination IP address; 4) Time to live; these four fields are included in the IP header.

5) Type; 6) Code; 7) Option data; These three fields are included in the ICMP data section.

Here, 1) the value of the protocol field is 1. 2) and 3) are used to exchange the address information of the ICMP message, and have no special meaning. For understanding ICMP itself, it is important to 5), 6), and 7) three fields. The important fields that can be called the core are 5) type and 6) code. All messages used by ICMP to communicate error notification and information inquiry are represented by a combination of type and code. RFC defines 15 types. Error notifications such as "message unreachable" and information queries such as "return request" are distinguished by the type field. ICMP messages are expressed by their types, and when small information needs to be transmitted, they are classified by codes. Further, when you need to send data to the other party, use 7) option data field to place it.

List of possible messages:
Insert picture description here

Four MTU exploration of ICMP realization

The so-called path MTU exploration is the function of exploring the MTU size that can be exchanged with the communicating party without fragmenting IP data packets. The MTU size refers to the maximum length of data that a computer can send out at a time, and is basically determined by the type of network. For example, Ethernet is usually 1500 bytes, and ADSL using PPPoE is usually 1492 bytes. In order to realize this path MTU exploration, ICMP is used. Along the process, let's take a look at the look of Windows MTU exploration in detail.
Insert picture description here
The principle of path MTU exploration is very simple. First, when Windows sends an IP packet to the communicating party, it first sets the fragmentation prohibition flag in the IP header and then sends it. This is the basic of path MTU exploration. If Windows sends out a data packet larger than 1000 bytes, there is a place on the communication path where the MTU changes from 1500 bytes to 1000 bytes. Therefore, that router will not allow packets exceeding 1000 bytes to pass through, and enter the network with an MTU of 1000 bytes. The router is trying to fragment the IP packet. But because the fragmentation prohibition flag of the data packet is valid, it cannot be fragmented. The router discards the IP packet, and uses ICMP to notify the sender that it "wants to be fragmented, but cannot be fragmented". At this time, the type field of the ICMP sent by the router is 3, and the code field is 4. This is the meaning of "need to be fragmented but not fragmented, and cannot be sent to the end". Moreover, most routers will fill in the MTU size that can be passed without fragmentation in the data option section. After Windows receives the ICMP message, it knows the data size that can be transmitted without fragmentation, and temporarily replaces the MTU size, and then continues communication.

Five ping command implemented by ICMP

The ping command is used to investigate whether it is connected to the specified machine at the IP level, and how long it takes for the data packet to reciprocate. In order to achieve this function, the ping command uses two ICMP packets.
Insert picture description here
1. Send a loopback request to the target server.
First, send a return request (type 8 and code 0) message to the target server (same as 2). In this echo request message, in addition to the type and code fields, identifier and serial number fields are also added. The identifier and sequence number fields are 16-bit fields respectively. When the ping command sends an echo request message, fill in any values ​​in these two fields. For the identifier, the same value is filled in all the messages sent during the execution of the application. For the sequence number, the value is increased by 1 every time a message is sent. Moreover, the option data part of the echo request is used to load arbitrary data. This arbitrary data is used to adjust the size of the ping communication packet.

2. Return and reply back like a parrot.
After the echo request sent by the computer reaches the target server, the server answers the request and sends a echo request (type is 0, code is 0) to the sender (same as 3). This ICMP echo reply message is basically the same as the sent echo request message from the IP layer. The only difference is that the source and destination IP address fields are exchanged, and the type field is filled with 0, which means that the response is returned. That is, from the point of view of the sender, the ICMP message sent by oneself is returned from the target server as a parrot.
The sender's computer can confirm that the target server is working by receiving the reply message. Further, remember the time to send the echo request message, and compare it with the time to receive the echo reply message, you can calculate the time required for the message to go back and forth (same as 4). However, if only the type and code are written in the received response message, the sender computer will not be able to determine whether it is the response requested by itself. Therefore, the identifier and sequence number fields mentioned earlier have their meaning. As soon as these two values ​​are compared with the same field value in the echo reply message, the sender computer can simply check whether the echo reply is correct. If the ping command is executed and there is no problem with the investigation result, the IP address of the target server, the size of the data, and the time spent in reciprocating are printed on the screen.

3. There are roughly three reasons why you can't determine the connection with the other party with the ping command.
1) The target server does not exist; 2) The time spent on data packet communication is too long. The ping command is considered to be timed out; 3) The target server does not answer the ping command. If it is the reason 2), by using the option of the ping command to extend the timeout waiting time, the result will be displayed correctly. If the cause is 1) or 3), the result of the ping command alone cannot be used to determine which party it is. Just like this, the ping command does not necessarily determine whether the other party exists.

Guess you like

Origin blog.csdn.net/GreedySnaker/article/details/115001065