Your shopping cart is empty!
Internet Control Message Protocol (ICMP)
TCP/IP includes ICMP, a protocol designed to help manage and control the operation of a TCP/IP network. The ICMP protocol provides a wide variety of information about a network’s health and operational status. ICMP helps control and manage IP’s work by defining a set of messages and procedures about the operation of IP. ICMP is considered part of TCP/IP’s network layer. ICMP messages sit inside an IP packet, with no transport layer header, so ICMP is truly an extension of the TCP/IP network layer.
The following excerpt from RFC 792 describes ICMP:
Occasionally a gateway or destination host will communicate with a source host, for example, to report an error in datagram processing. For such purposes, this protocol, ICMP, is used. ICMP uses the basic support of IP as if it were a higher level protocol: however, ICMP is actually an integral part of IP and must be implemented by every IP module.
ICMP Message Types:
The ping Command and the ICMP Echo Request and Echo Reply
The ping command uses the ICMP Echo Request and Echo Reply messages. When people say they sent a ping packet, they really mean that they sent an ICMP Echo Request. The Echo Request means that the host to which it is addressed should reply to the packet. The Echo Reply is the ICMP message type that is used in the reply. The Echo Request includes some data that can be specified in the ping command; whatever data is sent in the Echo Request is sent back in the Echo Reply.
The Destination Unreachable ICMP Message
Hosts and routers send ICMP Destination Unreachable messages back to the sending host when that host or router cannot deliver the data completely to the application at the destination host.
The ICMP Unreachable message includes five separate unreachable functions (codes) that further identify the reason why the packet cannot be delivered. All five code types pertain directly to an IP, TCP, or UDP feature.
ICMP Unreachable Codes:
Codes That the ping Command Receives in Response to Its ICMP Echo Request:
The Redirect ICMP Message
The ICMP redirect message provides a means by which routers can tell hosts to use another router as default gateway for certain destination addresses. Most hosts use the concept of a default router IP address, sending packets destined for subnets to their default router. However, if multiple routers connect to the same subnet, a host’s default gateway may not be the best router on that subnet to which to forward packets sent to some destinations. The default gateway can recognize that a different router is a better option. Then it can send ICMP redirect messages to the host to tell it to send the packets for that destination address to this different router.
The host can ignore the redirect and keep sending the packets to its default router.
The ICMP Time Exceeded Mesage
The ICMP Time Exceeded message notifies a host when a packet it sent has been discarded because it was “out of time”. Packets are not actually timed, but to prevent them from being forwarded forever when there is a routing loop, each IP header uses a Time to Live (TTL) field. Routers decrement the TTL by 1 every time they forward a packet; if a router decrements the TTL to 0, it throws away the packet. This prevents packets from rotating forever.
The router that discards the packet also sends an ICMP Time Exceeded message, with a Code field of “time exceeded” to the host that sent the packet.
The traceroute Command
The traceroute command sends a set of messages with increasing TTL values, starting with 1. The traceroute command expects these messages to be discarded when routers decrement the TTL to 0, returning Time Exceeded messages to the traceroute command. The source IP addresses of the Time Exceeded messages identify the routers that discarded the messages, which can then be displayed by the traceroute command.
To see how this command works, consider the first set of packets (three packets by default) sent by the traceroute command. The packets are IP packets, with a UDP transport layer, and with the TTL set to 1. When the packets arrive at the next router, the router decrements the TTL to 0 in each packet, discards the packet, and sends a Time Exceeded message back to the host that sent the discarded packet. The traceroute command looks at the first router’s source IP address in the received Time Exceeded packet.
Next, the command sends another set of three IP packets, this time with TTL = 2. The first router decrements TTL to 1 and forwards the packet, and the second router decrements the TTL to 0 and discards the packets. This second router sends Time Exceeded messages back to the router where the command was used, and the command now knows the second router in the route.
The traceroute command knows when the test packets arrive at the destination host because the host sends back an ICMP Port Unreachable message. The original packets sent by the IOS traceroute command use a destination UDP port number that is very unlikely to be used on the destination host, so as soon as the TTL is large enough to allow the packet to arrive at the destination host, the host notices that it does not have an application listening at that particular UDP port. So, the destination host returns a Port Unreachable message, which tells the traceroute command that the complete route has been found, and the command can stop.
The extended version of the traceroute command does a much better job of simulating packets sent by end-user hosts, especially for testing reverse routes.