9-1

Chapter 9

Internet Control Message Protocol (ICMP)

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

9-2

Position of ICMP in network layer

The IP provides unreliable and connectionless datagram delivery. It was designed to make efficient use of network resources. IP has no error-reporting or error correcting mechanism. IP has no mechanism for host and management queries. ICMP has been designed to compensate for the above deficiencies.

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Encapsulation of ICMP packet

ICMP messages are encapsulated into IP datagrams before sent to link layer

9-3

Code
1 2 6 17

Keyword
ICMP IGMP TCP UDP

Meaning
internet control message protocol Internet Gateway Management Protocol Transmission Control Protocol User Datagram Protocol

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-4

Types of ICMP messages

Type 3 4 11 12 5

Message Destination unreachable Source quench Time exceeded Parameter problem Redirection

Type 8/0 13/14 18/18 10/9

Message Echo (request/reply) Timestamp (req./rep.) Address mask (req./rep.) Router solicitation/advertisement

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-5

General format of ICMP messages

Covers header and data

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-6

Error Reporting
ICMP does not correct errors, it reports them to the original source The error correction is then leaved to the upper layer protocols

Error reporting messages:

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-7

Important points about ICMP error messages:

1. No ICMP error message for a datagram carrying an ICMP error message. 2. No ICMP error message for a fragmented datagram that is not the first fragment. 3. No ICMP error message for a datagram having a multicast address. 4. No ICMP error message for a datagram with a special address such as 127.0.0.0 or 0.0.0.0.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Contents of data field for error messages

IP datagram that caused the error Original IP header 8 bytes of original data is included because they normally contain UDP/TCP header (see chapter 11) Source/destination port, total length, checksum

9-8

IP header (of ICMP datagram) 8-byte header

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-9

Destination-unreachable

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Destination-unreachable codes
Code
0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15

9-10

Description
Network unreachable, h/w failure (Router-generated) Host unreachable, h/w failure (Router-generated) Protocol unreachable (e.g. UDP not running,) Port unreachable (e.g. destination program not running) Fragmentation required, but D bit set Source routing cant be accomplished Destination network unknown Destination host unknown The source host is isolated Communication with dest. net. is administratively prohibited Communication with dest. host is administratively prohibited Network unreachable for the specified type of service Host unreachable for the specified type of service Host unreachable because the admin. has put a filter on it Host unreachable because its precedence is violated Host unreachable because its precedence is cut off

Codes McGraw-Hill

2 and 3 can be generated only by destinationThe McGraw-Hill Companies, Inc., 2000 host, others only by routers

Source-quench

9-11

IP doesnt have flow control luck of flow control can create congestion in routers and destination host. The source-quench is added to add a kind of flow control. A source-quench message informs the source that a datagram has been discarded due to congestion in a router or in the destination host. The source must slow down (quench) the sending of datagrams until the congestion is relieved. One source-quench message should be sent for each datagram that is discarded due to congestion.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Time-exceeded message
Code 0: Time to live; Code 1: Fragmentation

9-12

Whenever a router receives a datagram with a time-to-live value of zero (TTL), it discards the datagram and sends a time-exceeded message to the original source (used only by routers) When the final destination does not receive all of the fragments (TO) in a set time (time out field in reassembly table), it discards the received fragments and sends a time-exceeded message to the original source (used only by destination host)
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Parameter problem message

Code 0: Main header problem (error or ambiguity in one of the header fields); Code 1: Problem in the option field (part of option missing)

9-13

Pointer points to the troubled field

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Redirection concept
This host has chosen a poor next-hop address
Better choice for A

9-14

The default router isnt necessarily the best choice It will correct this by sending redirection message

The packet is not discarded

Hosts do not dynamically update their routing tables as routers do (see chapter 13). They use static tables, with usually only one next hop: the default router. Therefore the default router could be not the best choice. Router R1 can see that and send the redirection message to tell the host it should update RT with the more suitable router, that is R2. In time, the RT of the host can grow by the means of redirection messages.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

9-15

Redirection message

Code 0: Code 1: Code 2: Code 3:

Network specific Host specific Network specific (specified service) Host specific (specified service)

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-16

Query messages

Router discovery

Query messages are used to diagnose the network problems, to analyze the network behavior and to discover routers on the local network.

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Echo-request and echo-reply message

Not a part of ICMP, can be used arbitrarily by the user

9-17

An echo-request message can be sent by a host or router. An echo-reply message is sent by the host or router which receives an echo-request message. Echo-request and echo-reply messages can be used by network managers to check the operation of the IP protocol Echo-request and echo-reply messages can test the reachability of a host. This is usually done by invoking the ping command. MS also offers tracert command to trace all routers on the path between the source and the destination.
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

ping command
ping

9-18

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

ping command with record route option

9-19

Notice: there can be only (60-20-3)/4 = 9 addresses in recorded route option

McGraw-Hill

IP header

Code, length, pointer McGraw-Hill Companies, Inc., 2000 The

9-20

Example: Sending an ICMP echo request (used in ping command)

// Declare ICMP header typeded struct {uchar type; uchar code;. . . }ICM_HDR; int hsize = sizeof(ICMP_HDR); ICMP_HDR icmp; char buf[hdrsize+32]; icmp = (ICMP_HDR *)buf; //ICMP packet (header + payload) //Pointer to header part

// Define ICMP header: icmp->type = 8; //Echo request type icmp->code = 0; //Always 0 icmp->checksum = 0; //Zero before computing checksum icmp->id = GetCurrentProcessID(); //Arbitrary icmp->sequence = 0; icmp->timestamp = GetTickCount(); // Payload: memset(&buf[hsize],@,32); //Fill in a random character icmp->icmp_checksum = checksum(buf,hsize+32); // Create a raw socket: SOCKET s = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); SOCKADDR_STORAGE dest; ((SOCKADDR_IN *)&dest)->sin_family = AF_INET; ((SOCKADDR_IN *)&dest)->sin_addr.s_addr = inet_addr(w.x.y.z); // Send echo request: sendto(s,buf,hsize+32,0,(SOCKADDR *)&dest,sizeof(dest));
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Encapsulates directly into IP datagram, bypasses TCP/UDP

9-21

Tracert Command
Determines the path taken to a destination by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination with incrementally increasing Time to Live (TTL) field values. The path displayed is the list of near-side router interfaces of the routers in the path between a source host and a destination. The near-side interface is the interface of the router that is closest to the sending host in the path. Used without parameters, tracert displays help. tracert [-d] [-h MaximumHops] [-j HostList] [-w Timeout] [TargetName] -d - Prevents tracert from attempting to resolve the IP addresses of intermediate routers to their names. -h MaximumHops - Specifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops. -j HostList - Specifies that Echo Request messages use the Loose Source Route option in the IP header with the set of intermediate destinations specified in HostList. With loose source routing, successive intermediate destinations can be separated by one or multiple routers. The maximum number of addresses or names in the host list is 9. The HostList is a series of IP addresses (in dotted decimal notation) separated by spaces. -w Timeout - Specifies the amount of time in milliseconds to wait for the ICMP Time Exceeded or Echo Reply message corresponding to a given Echo Request message to be received. If not received within the time-out, an asterisk (*) is displayed. The default time-out is 4000 (4 seconds). TargetName - Specifies the destination, identified either by IP address or host name.

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Implementation of tracert command

Send UDP packet with TTL = 1

9-22

R1

R2

Rn

Destination address

ICMP error message (Time exceeded) Send UDP packet with TTL = 2

R1

R2

Rn

Destination address

ICMP error message (Time exceeded) Send UDP packet with TTL = n

R1

R2

Rn

Destination address

ICMP error message (Time exceeded) Send UDP packet with TTL = n+1

R1

R2

Rn

Destination address

ICMP error message (unreachable port)

The destination doesnt know that it will receive UDP packet, therefore McGraw-Hill doesnt have a queue for it The McGraw-Hill Companies, Inc., 2000

9-23

tracert command

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Timestamp request and reply

9-24

Time stamp of the requester

Time stamp of the replier (request receive time)

Time stamp of the replier (reply transmit time)

Can be used between two machines to find the round-trip time between them. Can also be used to synchronize the clocks of the two machines. All timestamps in Universal Time (UT)
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

9-25

Sending time = receive timestamp - original timestamp Receiving time = time the packet returned - transmit timestamp Round-trip time = sending time + receiving time Timestamp-request and timestamp-reply messages can be used to calculate the round-trip time between a source and a destination machine even if their clocks are not synchronized (suppose the receiver has time advance T):
Round-trip = sending time + receiving time = = (receive TS + T) - original TS + return time (transmit TS + T) = receive TS - original TS + return time transmit TS

Original TS Sender Return time

Sending time Receiving time

Receive TS Transmit TS

Clock here T off

Receiver

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-26

Given the following information:

Value of original timestamp: 46 Value of receive timestamp: 59 Value of transmit timestamp: 60 Time the packet arrived: 67

We can calculate:
Sending time = 59 46 = 13 milliseconds (incorrect if clocks not synchronized) Receiving time = 67 60 = 7 milliseconds (incorrect if clocks not synchronized) Round-trip time = 13 + 7 = 20 milliseconds (correct even the clocks are not synch.)

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-27

Calculation of time difference (for synchronization)

(Receive TS + T) Original TS = Round Trip 2

Round Trip + Original TS Receive TS T = 2 T = 20/2 + 46 59 = -3 milliseconds

Receiver clock must go back 3 milliseconds

McGraw-Hill The McGraw-Hill Companies, Inc., 2000

9-28

Mask-request and mask-reply message

If a host wants to know its subnet mask it can ask the router on the same LAN. (This request can be broadcast)

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-29

Router solicitation message

A host can broadcast a router solicitation message to check if there is any router Around and alive. The routers that receive this message will broadcast the router advertisement message.

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

Router advertisement message

9-30

All routers on the local network will respond to the router solicitation message by broadcasting the router advertisement message. Routers can also broadcast periodically an unsolicited advertisement message. Number of seconds the address/preference pairs are valid

Number of address/preference pairs

Address -reference pair

Preferability of the router Address as a default router Address relative to other routers On the same subnet

Router announces not only its own presence but also the presence of all routers on the network of which it is aware
McGraw-Hill The McGraw-Hill Companies, Inc., 2000

Example of checksum calculation

9-31

Initial value of the checksum field

McGraw-Hill

The McGraw-Hill Companies, Inc., 2000

9-32

ICMP package

Handles all received ICMP messages

McGraw-Hill

Creates ICMP messages as requested by IP or higher layers

The McGraw-Hill Companies, Inc., 2000