ICMP : Internet Control Message Protocol

Computer Network System

Sirak Kaewjamnong

1
Basic Ideas
• ICMP is provided within IP which generates error
messages to help IP layers(best effort delivery)
• Function of ICMP
– a node recognizing a transmission problem (TTL exceed,
destination unreachable, etc.) generates ICMP messages
– ICMP provides some useful diagnostics about network
operation (ping, traceroute)

2
Basic Ideas
• ICMP error messages never generates due to:
– ICMP error message selves
– Broadcast, multicast
– Others fragments, except first fragment
– This to prevent broadcast storm
• What are broadcast storm
– a large number of broadcast datalink frames transmitted nearly
simultaneous from several hosts
– LAN may have been brought to standstill

3
ICMP Encapsulation
Indicate error problems
Contain protocol Type Code …….
indicate ICMP

IP header IP Data

Frame header Frame Data

e.g. Ethernet

4
ICMP Header
0 15 16 31
Type: 8 Code : 8 Checksum : 16

Content specific

• Type : relevant ICMP message

• Code : more details information
• Checksum : covers ICMP header/data (not IP header)

5
ICMP Types
Type Code Meaning
0 0 echo reply
3 0 network unreachable
3 1 host is unreachable
3 3 port is unreachable
4 0 source quench
5 0 redirect
8 0 echo request
9/10 0 router discovery/advertisement
11 0 time exceed
12 0 parameter problem
13/14 0 time stamp request
17/18 0 network request/reply

6
ICMP type 0/8 echo request/reply

• PING sends icmp type 8 echo request to a node and expects

an icmp type 0 echo reply
• identifier and sequence number are used to identify datagrams
Type = 0 or 8 code checksum
identifier Sequence number
Optional data

7
ICMP type 3 Destination Unreachable
• Router is unable to deliver datagram, it can return the
ICMP type 3 with failure code
• Internet header plus 64 bits of original datagram are used to
identify the datagram caused the problem
Type = 3 code checksum
unused
IP header + 64 bits of original data

8
ICMP type 4 Source Quench
• Router detected hosts were overload would send this
message to hosts that were the major cause
• the host would then reduce the rate at which subsequence
message are sent
• RFC recommends that router must not generate source
quench, host must still accept the message but need take no
action
Type = 4 code checksum
Unused (must be 0)
IP header + 64 bits of original data
9
ICMP type 5 Route Change Request
• Used only by router to suggest a more suitable route to the
originator (also called ICMP redirect)

Type = 5 code checksum

IP address of a more suitable router
IP header + 64 bits of original data

10
PING : ICMP Echo Request/Reply
• PING sends and ICMP echo request to a remote host, which
then return an ICMP echo reply to the sender
• All TCP/IP node is supposed to implement ICMP and
respond to ICMP echo
PING

Reply

11
PING Command
• Send a single echo request message and wait for a reply
• Another request is sent if the reply is not received within one
second
• Continue until at least one reply is received or stop after time out
> ping maliwan
maliwan.psu.ac.th is alive
If maliwan down
>ping maliwan
no answer from maliwan.psu.ac.th

12
PING Command
• Send an echo request message every seconds and records
the time it takes for each reply
• every echo request contains a unique sequence number to
match reply and request
• also record round-trip timing
• also do packet lost statistics

13
PING Example
C:\>ping maliwan.psu.ac.th
Pinging maliwan.psu.ac.th [192.168.100.4] with 32 bytes of data:
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=3ms TTL=32
Reply from 192.168.100.4: bytes=32 time=4ms TTL=32
Ping statistics for 192.168.100.4:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 3ms, Maximum = 4ms, Average = 3ms
C:\>_

14
What we get from PING?
• Timing information
• Connection reliability
• Destination Unreachable (routable)

15
PING Results
• no respond
no end node, no connection
• lost packet (significant when > 2-3 %)
transmission error on LAN/WAN, overloading bridge or router
• time acknowledge vary
host/network overloading > 100 ms make telnet less acceptable
• no lost and echo time is reasonably constant

16
Traceroute Command
• Command to determine the active route to a destination address
• How?
– Send a UDP message to an unused port on the target host with ttl = 1
– router decrease ttl to 0, it has to return an ICMP time exceed massage
– traceroute set ttl = 2 and retransmits, this time go one more hop
– ttl++ until UDP reach the destination
– the target returns an ICMP service unreachable because there is no
UDP port service

17
Traceroute Example
C:\>tracert www.psu.ac.th
Tracing route to s1.psu.ac.th [192.168.100.61]
over a maximum of 30 hops:
1 1 ms 1 ms 1 ms cs-gw.cs.psu.ac.th [172.28.80.1]
2 2 ms 2 ms 1 ms esw-cc.psu.ac.th [192.168.99.39]
3 2 ms 3 ms 5 ms cc-atm.psu.ac.th [192.168.0.249]
4 4 ms 2 ms 3 ms tooky.psu.ac.th [192.168.98.11]
5 3 ms 3 ms 3 ms s1.psu.ac.th [192.168.100.61]
Trace complete.
C:\>
• usually probes each hop 3 times
• a lost message or a router that doesn’t respond with denote
with an “ * “
18