Why is the ICMP protocol the most powerful aid in the network?

Today let's talk about the ICMP protocol. ICMP can be said to be the strongest support in the network world. If an IP data packet encounters an accident on the way, it depends on ICMP to notify it. Has the packet been transmitted successfully? If not, what is the reason for the failure? These are all notified by the ICMP protocol.

ICMP stands for Internet Control Message Protocol (Internet Control Message Protocol), which is an important protocol at the network layer.

What is ICMP for?

What is it for? Why is it called the Control Message Protocol, and what does it control?

ICMP is divided into two categories: query messages and error messages. The query message is initiated by us, such as the ping command; the error message is sent to the source after an error occurs, which is agreed by the Internet protocol model.

ICMP error message feedback occurs in various problems encountered in the communication environment. Through this information, managers can diagnose the problems and take appropriate measures to solve them.

The ICMP error message is a very important link in the entire data transmission link. To use a metaphor, the error message is a messenger that only reports bad news. When the data packet is unimpeded all the way in the network, the ICMP error message is like stealth, and you will never know its existence. When various obstacles are encountered in the network, this messenger comes out to act. It has only one purpose, which is to notify the sender of the accident encountered by this data packet, but there are only more than 20 kinds of words (corresponding to error codes) .

For example, the following two scenarios must be familiar to you.

  • When a router receives an IP datagram but cannot forward it, it sends an ICMP "host unreachable" error message.

  • When an IP datagram should be sent to another router, the router that received the datagram sends an ICMP "Redirect" error message to the sender of the IP datagram.

ICMP Protocol Description

Although it works at the network layer, it seems to be in parallel with the IP protocol, but the IP header is attached to the ICMP message, which is generally used by the IP layer or higher layer protocols (such as TCP or UDP). Few applications use the ICMP protocol directly, except  for ping.traceroute

ICMP protocol format

Compared with the IP protocol and the TCP protocol, the ICMP protocol format is still very simple.


The type field occupies 8 bits, and mainly defines the general category of the message. For example, type 3 means yes 不可达, and the specific reason is determined by the code field.

the code

The code field also occupies 8 bits. The code field is actually a subtype under the type. For example, the above mentioned that the type is 3 is unreachable, the code is 0, the network is unreachable, and the code is 1, the host is unreachable.


It is used for error checking, which is consistent with the checksum of the IP protocol.


Because the types and codes are different, it means that the reasons for the errors are different, and different reasons must have corresponding descriptions. The content part is used to describe the reasons for the errors.

A few examples will be given next.

The picture below is the classification of ICMP, including query messages and error messages. Students who need the original Excel can reply to  ICMPobtain the source file.

Destination Unreachable Error Message

Unreachable destination is a problem often encountered in network transmission. You may have encountered it during the development process, especially when doing network programming, such as connecting to the wrong IP or setting the wrong port.

It can be seen from the above table that when the type is 3, it is an unreachable error, and the code can range from 0 to 15, that is to say, there are 16 specific reasons for unreachability. The protocol format in this case is as follows.

Type 3, codes 0 - 15. There are 4 bytes of space after the checksum that are not used, but must be 0, no reason, that's it.

As mentioned earlier, the content part is different according to the type and code. If the destination is unreachable, that is, when the type is 3, the content is divided into two parts, the IP header and the first 8 bytes of the data part in the original IP datagram.

The data part of the original IP datagram refers to the protocol above the network layer of TCP or UDP. Taking TCP as an example, TCP is at the transport layer. When the TCP datagram reaches the network layer, it will add the IP header and become an IP data pack. So the data part mentioned here is the TCP datagram, but this datagram may be very large, so only the first 8 bytes are enough, because the information contained in the first 8 bytes is enough.

Recall the format of the TCP protocol. The first 8 bytes are the red box in the figure below, including the source port, destination port and serial number.

For example, when the code is 3, the error message is that the port is unreachable, then with the first 8 bytes of the TCP protocol, you can know the destination port in the original data message that caused the error, and the unreachable port is this port. You can also know what the source port of the original packet is. With the source port number, you can know which user process sent the data packet, and you can hand it over to this process to handle the error in time.

The source port number is an important indicator of the associated user process. For example, we have developed an application that occupies two ports 8888 and 8898. If the machine where the application is installed receives an error message, the content of the error message After dismantling the first 8 bytes of part of the original data packet, it is found that the source port is 8898, so we know that this will be handled by the application we developed.

Below is a port unreachable error message in the format detected by WireSharek.

telnet an unopened port to get an ICMP port unreachable error message.

query message

There are relatively few scenarios where ICMP is used as a query message. The meaning of using ICMP as a query message is like using the ARP protocol or the TCP protocol. It is initiated by us, but the ICMP protocol is selected.

For example,  ping with  traceroutethese two, we will talk about them later, these two are more interesting, and they are very clever for the application of ICMP.

In addition, it can be used as a diskless system to obtain its own subnet mask during startup. It can also be used to query the current timestamp from a third-party system.

Just get to know it.

In some scenarios, error messages are not sent

In some scenarios, error packets are not sent. The purpose of this is to prevent broadcast storms caused by ICMP error packets.

  1. If an error occurs in the ICMP error message itself, no error message will be sent to the error message. Is it a bit convoluted to read, TCP, UDP errors will send error messages, but the ICMP error message is wrong in the process of notifying the source, so don’t worry about it, otherwise it may be useless, such as the source end The network cable is down. However, the ICMP query message may generate an ICMP error message. For example, if an error occurs during the transmission of the ping command, the source end will receive an error message.

  2. The IP datagram whose destination address is a broadcast address or a multicast address (class D address) does not send an error message.

  3. As a link layer broadcast datagram, no error message is sent, and ARP is a typical link layer broadcast datagram.

  4. If it is not the first piece of IP fragmentation, no error message is sent. If the data is too long, the network layer will fragment it. These fragments are actually the same data packet. In this case, only the first fragment is sent with an error message, and the other fragments are ignored.

  5. For datagrams whose source address is not a single host, no error message is sent. The source address cannot be a zero address, loopback address, broadcast address, or multicast address.


1. ICMP is at the network layer, but the IP header must be added;

2. ICMP is divided into query messages and error messages, and error messages are mainly used;

3. The ICMP error message is like a message that only notifies bad news. When a datagram has a problem in the network, the source is notified in time. The content of the notification includes the reason and the necessary part of the original datagram that caused the error;

4. In some cases, ICMP error messages will not be sent, this is to prevent network storms;

If you think it's good, please give a recommendation! Public account "Ancient Kite", Java developer

Guess you like

Origin blog.csdn.net/Z__7Gk/article/details/131533835