3/3/2015

ICMP basics
ICMP : Internet Control Message Protocol
Basically ICMP is an error reporting mechanism.
ICMP is provided within IP which generates error messages to
help IP layers (best effort delivery).
there are two versions ICMPv4 and ICMPv6 corresponding to
IPv4 and IPv6.

ICMP basics
Need of ICMP
Message format
Types and classes of ICMP messages
ICMPv6 vs. ICMPv4
Some ICMPv6 messages

Function of ICMP
a node recognizes a transmission problem (TTL exceed, destination
unreachable, etc.) and generates ICMP messages
ICMP provides some useful diagnostics about network operation (ping,
traceroute)

OPM

OPM

ICMP basics (Cont.)

ICMP used for

ICMP error messages are never generated in case of:

without any reason.

Broadcast, multicast
Other fragments, except first fragment
This to prevent broadcast storm

Used for diagnostics of following problems

What are broadcast storms ?

a large number of broadcast datalink frames transmitted nearly simultaneous
from several hosts in a network.

ICMP error reporting messages are sent to source from

intermediate routers or destination device.

Destination unreachable
Time exceeded, TTL hits 0
Parameter problem, bad header field
Source quench, throttling mechanism rarely used
Redirect, feedback on potential bad route
Echo Request and Echo reply, ping
Timestamp request and Timestamp reply, delay performance

Can use information to help map out a network

Some people block ICMP from outside network domain for
security purpose.

ICMP request messages are sent to intermediate routers or

destination from a source device.
OPM

ICMP Encapsulation

OPM

ICMP Header
0

1516

31

Indicateerrorproblems
Type

Containprotocol
indicateICMP

Code

Type:8bits

Code:8bits

Checksum:16bits

Contentspecifictotypeandcodevalues
IPheader

IPData

Frameheader
e.g.Ethernet

Type : relevant ICMP message

Code : more details information
Checksum : covers ICMP header/data (not IP header)

FrameData

OPM

OPM

3/3/2015

Type Field values

Important ICMP Types and code values

http://www.iana.org/assignments/icmp-parameters

Type

Code

echo reply (router or destination to source)

Meaning

network unreachable

host is unreachable

port is unreachable

source quench

Redirect path

echo request (Source to destination or router)

11

Time Exceeded

9/10

router discovery/advertisement

12

Parameter Problem

11

time exceed

13

Timestamp

12

parameter problem

14

Timestamp Reply

13/14

time stamp request/reply

15

Information Request

17/18

network request/reply

16

Information Reply

OPM

Type
---17
18
19
20-29

Type Name
---- ------------------------0
Echo Reply
1
Unassigned
2
Unassigned
3
Destination Unreachable
4
Source Quench
5
Redirect
6
Alternate Host Address
7
Unassigned
8
Echo
9
Router Advertisement
10
Router Solicitation

30
31
32
33
34
35
36
37
38
39
40
41-255

Code Field values

Name
------------------------Address Mask Request
Address Mask Reply
Reserved (for Security)
Reserved (for Robustness Experiment)
Traceroute
Datagram Conversion Error
Mobile Host Redirect
IPv6 Where-Are-You
IPv6 I-Am-Here
Mobile Registration Request
Mobile Registration Reply
Domain Name Request
Domain Name Reply
SKIP
Photuris
Reserved now used in ICMPv6

OPM

PING : ICMP Echo Request/Reply

http://www.iana.org/assignments/icmp-parameters

Many of these ICMP types have a "code" field.

Type 3: Destination Unreachable

Here are the assigned code fields for Type 3

Destination Unreachable.

Codes
Codes 2 and 3 are created only by the
0 Network Unreachable
Destination Host, all others are created only by
1 Host Unreachable
routers.
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is Administratively Prohibited
10 Communication with Destination Host is Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service
13 Communication Administratively Prohibited
14 Host Precedence Violation
15 Precedence cutoff in effect

OPM

PING sends ICMP echo request to a remote host, which then

returns an ICMP echo reply to the sender
All TCP/IP nodes are expected to implement ICMP and respond to
ICMP echo
PING

Reply

OPM

10

ICMP type 0/8 (echo request/reply)

What we get from PING?

ICMP request message with type 0 is sent from source to other network
devices.

Time information
Connection reliability
Destination Unreachable

ICMP reply eco message with type 8 is sent form a router or destination
to source

no response/ time out/ unreachable

no end node, no connection, TTL becomes 0 value
lost packet /congestion
transmission error on LAN/WAN, overloading bridge or router

identifier and sequence number are used to identify datagrams

Type=0or8

code

checksum

identifier

Sequencenumber
Optionaldata

OPM

11

OPM

12

3/3/2015

ICMP type 4 Source Quench

ICMP type 3 Destination Unreachable

If a Router is unable to deliver datagram, it returns the ICMP type
3 with failure code

Router detects destination hosts overload, would send this

message to source hosts that were the major cause of overload.
the source host would then reduce the rate at which subsequence
message are sent

Internet header plus 64 bits of original datagram are used to

identify the datagram caused/ faced the problem
Type=3

code

RFC recommends that router must not generate source quench,

host must still accept the message but need to take no action

checksum

Type=4

code

unused

Unused(mustbe0)

IPheader+64bitsoforiginaldata

OPM

checksum

IPheader+64bitsoforiginaldata

13

OPM

ICMP source-quench
messages

14

ICMP type 5 Route Change Request/ redirect

ICMP Source Quench

Type = 4

Used only by router to suggest a more suitable route to the

originator (also called ICMP redirect)

IP has no mechanism for flow control

Type=5

Some issues with ICMP Source Quench:

A router or destination host (buffers full) sends one source-quench
message for each discarded packet.
No mechanism to tell the source that the congestion has been relieved and
source can resume sending at previous rate.

code

checksum

IPaddressofamoresuitablerouter
IPheader+64bitsoforiginaldata

Remember, TCP/IP uses TCP mechanisms for flow control and reliability
including sliding windows.
OPM

OPM
15

ICMP type 11Time Exceeded

Type11

Code

Router Solicitation and Advertisement

Checksum

ICMP Router Solicitation

Type = 10

Unused

16

ICMP Router Advertisement

Type = 9

Internetheader&8bytesofdata

Time-to-live has expired at a router (code=0)

TTL sets bound on number of routers datagram can transit

Prevents infinite routine loops

Initialized by sender, decremented by 1 each time passes router
When TTL = 0 datagram thrown away & sender notified by ICMP
message

Fragment reassembly timer (code=1)

Whenahostonthenetworkboots,andthehosthasnotbeenmanuallyconfigured
withadefaultgateway,itcanlearnofavailableroutersthroughtheprocessofrouter
discovery.
Thisprocessbeginswiththehostsendingaroutersolicitationmessagetoallrouters,
usingthemulticastaddress224.0.0.2asthedestinationaddress.(Mayalsobe
broadcast).
Whenarouterthatsupportsthediscoveryprocessreceivestherouterdiscovery
message,arouteradvertisementissentinreturn.
Routersmayalsoperiodicallyadvertiserouteradvertisementmessages.

OPM

17

OPM
18

3/3/2015

Clock synchronization and transit time estimation

Clock synchronization and transit time estimation

ICMP Timestamp Request/ reply

ICMP Timestamp request / reply

Type = 13 / 14

Type = 13 / 14

TheTCP/IPprotocolsuiteallowssystemstoconnecttooneanotherovervast
distancesthroughmultiplenetworks.
Eachoftheseindividualnetworksprovidesclocksynchronizationinitsownway.
Asaresult,hostsondifferentnetworkswhoaretryingtocommunicateusing
softwarethatrequirestimesynchronizationcansometimesencounter
problems.
TheICMPtimestampmessagetypeisdesignedtohelpalleviatethisproblem.
TheICMPtimestamprequestmessageallowsahosttoaskforthecurrenttime
accordingtotheremotehost.
TheremotehostusesanICMPtimestampreplymessagetorespondtothe
request.

AllICMPtimestampreplymessagescontaintheoriginate,receiveandtransmit
timestamps.
Usingthesethreetimestamps,thehostcanestimatetransittimeacrossthe
networkbysubtractingtheoriginatetimefromthetransittime.
Itisonlyanestimatehowever,astruetransittimecanvarywidelybasedontraffic
andcongestiononthenetwork.
Thehostthatoriginatedthetimestamprequestcanalsoestimatethelocaltimeon
theremotecomputer.
WhileICMPtimestampmessagesprovideasimplewaytoestimatetimeona
remotehostandtotalnetworktransittime,thisisnotthebestwaytoobtainthis
information.
Instead,morerobustprotocolssuchasNetworkTimeProtocol(NTP)attheupper
layersoftheTCP/IPprotocolstackperformclocksynchronizationinamorereliable
manner.
OPM
20

OPM
19

Address Masks

Information requests and

reply message formats

ICMP Address Mask Request / Reply

Type = 17 / 18

ICMP Information Request / Reply

Type = 15 / 16
TheICMPinformationrequestsandreplymessageswereoriginallyintended
toallowahosttodetermineitsnetworknumber/IPaddresses.
ThisparticularICMPmessagetypeisconsideredobsolete.
OtherprotocolssuchasBOOTPandDynamicHostConfigurationProtocol
(DHCP)arenowusedtoallowhoststoobtaintheirnetworknumbers.

Thisnewsubnetmaskiscrucialinidentifyingnetwork,subnet,andhostbits
inanIPaddress.
Ifahostdoesnotknowthesubnetmask,itmaysendanaddressmask
requesttothelocalrouter.
Iftheaddressoftherouterisknown,thisrequestmaybesentdirectlytothe
router.
Otherwise,therequestwillbebroadcast.
Whentherouterreceivestherequest,itwillrespondwithanaddressmask
reply.
Somewhatobsolete,wasusedwithdisklessworkstationsthatusedRARPfor
theIPaddressandICMPforthesubnetmask.NowDHCPisusedtoknow
subnetmaskofanetwork.

OPM
21

Path MTU Discovery - Terms

MTU: The maximum transmission unit is a link layer restriction on the

maximum number of bytes of data in a single transmission (ie. frame, cell,
packet, depending on the terminology).
The table above shows some typical values for MTUs, taken from RFC1191.
Path MTU : The smallest MTU of any link on the current path between two
hosts.
This may change over time since the route between two hosts, especially on
the Internet, may change over time.
It is not necessarily symmetric and can even vary for different types of
traffic from the same host.
OPM
23

OPM
22

Path MTU Discovery

Problem:
How path MTU discovery (PMTU-D) combined with filtering ICMP
messages can result in connectivity problems.
Path MTU discovery allows a node to dynamically discover and adjust to
differences in the MTU size of every link along a given data path.
In IPv4, the minimum link MTU size is 68 octets and the recommended
minimum is 576 octets, which is the minimum reassembly buffer size.
So, any IPv4 packet must be at least 68 octets in length.

(In IPv6, the minimum link MTU is 1280 octets, but the recommended MTU value for IPv6 links is
1500 octets. The maximum packet size supported by the basic IPv6 header is 64,000 octets.
Larger packets called jumbograms could be handled using a hop-by-hop extension header
option.)
OPM
24

3/3/2015

The problem with ICMP filtering and PMTU-D

MTU-Discovery

A host does this by starting by sending packets that have a maximum size of the
lesser of the local MTU or the MSS announced by the remote system.
These packets are sent with the DF bit set.
If there is some MTU between the two hosts which is too small to pass the
packet successfully, then an ICMP can't fragment error will be sent back to the
source.
It will then know to lower the size; if the ICMP message includes the next hop
MTU, it can pick the correct size for that link immediately, otherwise it has to
guess.

Many network administrators have decided to filter ICMP at a router or

firewall.
There are valid (and many invalid) reasons for doing this, however it can cause
problems.
ICMP is an integral part of the Internet and can not be filtered without due
consideration for the effects.
In this case, if the ICMP can't fragment errors can not get back to the source
host due to a filter, the host will never know that the packets it is sending are too
large.
This means it will keep trying to send the same large packet, and it will keep
being dropped--silently dropped from the view of any system on the other side
of the filter.
While a small handful of systems that implement PMTU-D also implement a
way to detect such situations, most don't and even for those that do it has a
negative impact on performance and the network.

OPM
25

OPM
26

ICMPv6

ICMPv6 Types

Defined in RFC 2463

Two types of messages defined
Error messages
Informational messages
Implemented as extension header (type 58)
Follows other extension headers

ICMPv6 error messages some type values

Destination unreachable (1)

Packet too big (2)
Time exceeded (3)
Parameter problem (4)

ICMPv6 informational messages

Echo request (128)
Echo reply (129)

ICMPv6 header format is same as in basic ICMP or ICMPv4.

OPM

27

OPM

28

OPM

30

Router-solicitation message

ICMPv6 vs. ICMPv4

ICMPv6 is more complicated than ICMPv4: some protocols
that were independent in version 4 are now part of ICMPv6
and some new messages have been added to make it more
useful.
ICMPv6 is used with IPv6.

OPM

29

3/3/2015

Router-advertisement message

Neighbor-solicitation message

OPM

31

OPM

32

Redirection message

Neighbor advertisement message

Type: 137

16

Code: 0

31

Checksum
Reserved

Target (router) IP address

Destination IP address

Options

OPM

33

Inverse-neighbor-solicitation message

OPM

OPM

34

Inverse-neighbor-advertisement message

35

OPM

36

3/3/2015

Membership query message format

GROUP MEMBERSHIP MESSAGES

The management of multicast delivery handling in IPv4 is given
to the IGMPv3 protocol (Internet Group Management Protocol).
In IPv6, this responsibility is given to the Multicast Listener
Delivery protocol.
MLDv1 is the counterpart to IGMPv2; MLDv2 is the counterpart
to IGMPv3.
The material discussed in this section is taken from RFC 3810.

OPM

37

OPM

38

Membership-report message format

OPM

39