ICMP (Internet Control Message Protocol) Computer Networks By: Saeedeh Zahmatkesh 90-91 spring ICMP ICMP is used to send debugging information and error reports between hosts, routers and other network devices ICMP provides communication between the Internet Protocol software on one machine and the Internet Protocol software on another ICMP 2 ICMP Error Message Data Historically, ICMP errors returned the offending IP header and the 1st 8 data bytes No longer adequate with more complicated headers like IP in IP New rules say that it should contain as much as original datagram as possible, without the length of ICMP datagram being > 576 bytes (standard Internet min size) ICMP 3 ICMP Message Delivery In all other respects, an ICMP message travels as would any other datagram No additional reliability or priority The only difference between a normal datagram and a datagram containing an ICMP message occurs in the event that the datagram containing the ICMP causes an error No error messages are sent for ICMP error message failures ICMP 4 ICMP ICMP messages can be lost or discarded Errors in ICMP messages should not generate additional ICMP messages ICMP messages are not allowed to be sent in response to (RFC1812): an ICMP error message (ok for queries) datagrams failing header validation tests broadcast or multicast IP datagrams link-layer broadcast or multicast frames invalid source address any fragment other than the first ICMP 5 ICMP ICMP is an integral part of IP But it is actually encapsulated within IP (Protocol=1) IP datagram IP header ICMP message 20 bytes ICMP 6 ICMP Message Types Type Field ICMP Message Type 0 3 4 5 8 9 10 11 Echo Reply Destination Unreachable Source Quench Redirect Echo Request Router Advertisement Router Solicitation Time Exceeded ICMP 7 ICMP Message Types Type Field 12 13 14 15 16 17 18 ICMP Message Type Parameter Problem Timestamp Request Timestamp Reply Info Request (obsolete) Info Reply (obsolete) Address Mask Request Address Mask Reply ICMP 8 The ping program The ping program is a useful diagnostic tool It uses ICMP echo request/reply packets to test whether a device is reachable ICMP 9 The ping program The identifier allows ping to identify multiple instances of ping running at the same time on the same host The sequence number allows us to see if packets disappeared The round-trip time is also calculated ICMP 10 ICMP Destination Unreachable Message When a router cannot forward or deliver an IP datagram, it sends a type 3 ICMP message (destination unreachable) ICMP 11 Destination Unreachable Codes 0 1 2 3 Network unreachable generated by a router if a forwarding path (route) to the destination network is not available Host unreachable generated by a router if a forwarding path (route) to the destination host on a directly connected network is not available (does not respond to ARP); Protocol unreachable generated if the transport protocol designated in a datagram is not supported in the transport layer of the final destination Port unreachable generated if the designated transport protocol (e.g., UDP) is unable to demultiplex the datagram in the transport layer of the final destination but has no protocol mechanism to inform the sender ICMP 12 Destination Unreachable Codes 4 5 6 7 Frag needed and DF set generated if a router needs to fragment a datagram but cannot since the DF flag is set Source route failed generated if a router cannot forward a packet to the next hop in a source route option Destination network unkown This code SHOULD NOT be generated since it would imply on the part of the router that the destination network does not exist (net unreachable code 0 SHOULD be used in place of code 6); Destination host unkown generated only when a router can determine (from link layer advice) that the destination host does not exist … ICMP 13 Congestion and Datagram Flow Control Two common situations may cause a router to become congested with packets A high-speed sender transmits packets faster than an intermediate network (router) can handle them Many senders transmit packets through the same router ICMP 14 Congestion and Datagram Flow Control In order to signal senders that it can’t handle the load, a router sends an ICMP source quench message Ideally, such a message should be sent before a router is forced to drop packets Senders reduce transmission rate upon receipt of a source quench message ICMP 15 ICMP Source Quench Message Type (8-bit): 4 Code (8-bit): 0 Checksum (16-bit) Unused (Zero Field, 32-bit) ICMP 16 Route Change Requests Routers (not hosts) are responsible for keeping routing information up-to-date Routers are assumed to know correct routes Hosts begin with minimal routing information and learn new routes from routers A host may boot up knowing the address of only one router – but that may not be the best route for a given datagram ICMP 17 Route Change Requests When a router detects a host using a nonoptimal route it: Sends an ICMP redirect message to the host Forwards the message A host is expected to then update its routing table ICMP 18 Route Change Requests Not applicable to intermediate routers ICMP 19 ICMP Redirect Message Redirect Codes 0 1 2 3 Redirect for the network (obsolete) Redirect for the Host Redirect for the type-of-service and network (obsolete) Redirect for the type-of-service and Host ICMP 20 Circular or Excessively Long Routes To avoid cycles datagrams contain a TTL field (also called the hop count) which is decremented until it reaches zero When fragmented datagrams are received a reassembly timer is started if all the fragments are not received before the timer expires we say a timeout has occurred ICMP 21 ICMP Time Exceeded Message If either the TTL field reaches zero or a fragmentation reassembly timeout occurs, an ICMP time exceeded message is sent ICMP 22 ICMP 23 Links http://www.wiziq.com/tutorial/116986-Chapter-4-InternetControl-Message-Protocol http://fab.cba.mit.edu/classes/MIT/961.04/people/neil/ip. pdf http://www.sans.org/securityresources/idfaq/icmp_misuse.php ICMP 24