5.2.7 Internet Control Message Protocol ICMP

5.2.7 Internet Control Message Protocol ICMP

We know that the technical core of the Internet is IP datagrams. The biggest feature of IP datagrams is that they are unreliable without connection, but in reality, there will also be communication lines or processor failures, router congestion, etc. in the Internet that make it impossible to receive or process data. Reports, routing tables are also misleading, leading to routing loops and other reasons may cause the failure of datagram delivery, so the Internet also needs an error checking and correction mechanism. Although it does not directly correct errors, there is an IP matching at the Internet network layer. The protocol or the extended protocol is called ICMP, which provides an error reporting mechanism for the router or the destination host to notify the source host of the IP datagram of the delivery problem or the routing problem. In addition, ICMP can also provide users with valuable information . Here we will learn more about ICMP.

1. The concept of ICMP

• ICMP (Internet Control Message Protocol) is the abbreviation of Internet Control Message Protocol, which is a sub-protocol of TCP/IP protocol family

• ICMP is used to transfer control messages between IP hosts and routers. The control information here refers to information about the network itself such as whether the network is unreachable, whether the host is reachable, and whether the route is available. Although these control messages do not transmit user data, they play a very important role in the transmission of user data.

• ICMP allows hosts or routers to report error conditions and provide reports about abnormal conditions. as shown in the picture

  

  The ICMP message is composed of ICMP header and data. The ICMP header consists of a fixed 8 bytes. The first 4 bytes are common parts, and the last 4 bytes will vary with different message types. , the transmission of ICMP messages requires the support of IP, that is to say, each ICMP message cannot be transmitted independently, but must be encapsulated into an IP datagram. The source IP address is the IP address of the machine sending the report, and the destination IP The address is the IP address of the source station of the datagram where the error occurred. ICMP is a necessary part of the IP protocol, so we cannot regard it as a high-level protocol. It is a protocol at the network layer. So ICMP looks like an ordinary IP datagram during network transmission. So how does a network device or a host recognize that what is transmitted on the network is an ICMP message? Here we want to review some knowledge in the IP datagram header introduced earlier. as shown in the picture

  We know that there is a protocol field in the IP datagram header, which indicates the protocol data unit of which protocol the datagram encapsulates, which can be ICMP, IGMP, and when the value of the protocol field is 1, it means that in the IP datagram What is encapsulated is the message from the ICMP protocol.

• The ICMP message is used as the data of the IP layer datagram, and the header of the datagram is added to form an IP datagram and sent out.

2. Types of ICMP packets

• ICMP messages are divided into two major types, ICMP error report messages and ICMP inquiry messages.

• The ICMPC error report message means that when an error occurs in the IP datagram, the router or the host will send this type of message, and the IP datagram with the error will be discarded when the ICMP error report is generated. The ICMP error report message will only report the error to the source station of the IP datagram that caused the problem, and is not responsible for correcting the error. Correcting errors is left to the higher-level operations.

• Why are ICMP messages only sent to the source of the problematic datagram? The reason is that the IP datagram only contains the IP address of the source and destination host, and generally it does not contain a complete record of the path traveled. And he really couldn't determine which network node on this road should be responsible for the network problem. Therefore, it is the most reasonable choice to send ICMP messages only to the source station of the datagram that caused the problem.

• The ICMP message reporting the error always duplicates the header and the first 8 bytes of the problematic IP datagram, which is the first 64 bits of data. This includes information such as the header of the IP datagram, port number, TCP sequence number, etc., so that the receiver can more accurately determine which protocol and application should be responsible for the errors that have occurred.

• Five types of ICMP error report messages

  1. end point unreachable

     There are many situations for the error report message that the destination is unreachable, including network unreachable, host unreachable, protocol unreachable, etc. For example, a destination host does not exist at all, or is in a shutdown state. , but cannot be forwarded, an ICMP host unreachable error report message will be sent at this time. The network specified by the IP address of the destination host of a datagram is unreachable. If the distance to the network is infinite, the router will send a network unreachable error message to the source host of the datagram . When the destination host receives a UDP datagram and the destination port does not match the process it is using, UDP will return an ICMP port unreachable error report message.

  2. time exceeded

     It is also called a timeout error report message. We have learned that there is a TTL in the IP datagram header, which is the time to live. In reality, TTL plays a role in limiting the number of hops, because the routing table in the network will inevitably have occasional errors. , in order to prevent the datagram from going around endlessly in the Internet and not being able to reach the destination host, so an initial value is assigned to the TTL when the IP datagram is generated, every time the datagram is forwarded by a router, the router will decrease the TTL value One, once the TTL value is reduced to zero, the router no longer forwards the IP datagram, but discards it and sends an ICMP error report message to the source station.

  3. source station simulation

  4. parameter problem

  5. route redirection

• ICMP query message

  For ICMP query messages, it is used for network administrators or applications to analyze the reachability of the network, address mask settings, clock synchronization, etc., so as to diagnose and control the network.

• Four ICMP query messages

  1. Echo request and reply messages

     Sending back request and reply messages is mainly used to test the reachability of the destination host. It can also calculate the time difference between sending the request and receiving the response to estimate the round-trip delay between the source host and the destination host. The TTL value of the datagram that echoes the request message can also implement traceroute.

  2. Timestamp request and reply messages

  3. Mask Address Request and Reply Messages

  4. Routing query and notification messages

3. Application of ICMP

• ICMP protocol can realize network reachability check, network delay measurement, network route tracking, network security investigation and other aspects have important applications.
• For example, tracert (trace route), which is a very practical small program, is used to determine the path through which the IP datagram accesses the target.
• For example, ping (Internet packet explorer), the ping command we often use to test network connectivity, is implemented based on the echo request and reply messages in the ICMP inquiry message type.