Networking

A bit info about ICMP, ping and traceroute

uc0Leave a comment
I’ve went through RFC 792 and would like to share some basic(high level) info about ICMP and how we are using it.
ICMP is an INTERNET CONTROL MESSAGE PROTOCOL
  • It runs over network layer – so it’s encapsulated in IP datagrams
  • Unreliable – Simple datagram service, there is no retries to re transmit the messages in case if it failed to reach the destination
  • ICMP message is generated using the header of IP datagram(source address, destination address) and it takes first 8 bytes from original IP datagram payload,afterwards the message will be marked with type and code. Some of the types : icmp_types
  • Host unreachable – when IP datagram gets to the last router but last router doesn’t know where the host is
  • Port unreachable –  means that the ports that’s contained inside of outgoing packet is not being recognized at receivers end

How does the PING uses ICMP :

The ping application calls ICMP directly, it sends ICMP echo request – message type 8 code 0 to receiver.

that get’s encapsulated into IP datagram, flows through the network, when receiver will get it it will send echo reply – type 0 code 0

How Traceroute uses ICMP and UDP – *nix version, as Windows uses pure ICMP sends the echo requests until they won’t get echo reply from the target(link) :

  • For TRACEROUTE the goal is to discover all routers in the path, show the path and provide the round trip delay.

  • When  execute the traceroute it generates an UDP message which will be encapsulated in IP datagram, TTL will be set to 1 for the first message.

  • After reaching the first router, TTL will be decremented and equal to 0, that will force the router to drop the packet and generate a ICMP message back to sender with ICMP Type 11 = which means TTL expired.

  • To send that TTL expired message back router will take the IP header data and first 8 bytes from IP payload.

  • When TTL expired message will reach the source – traceroute will know that TTL has expired and this message has arrived from first hop router, also traceroute will measure the round-trip-time ( how long it took from sending the UDP message to receiving TTL expired back)

  • Now it will generate a second UDP message only with one change – the TTL field value will be increased to 2, then the same to 3 and etc. it will stop only when destination port unreachable message arrives back.

  • Traceroute by generating the requests also generates a random unusable UDP port number, when our UDP datagram will get through all the routers to destination, receiver won’t be able to recognize the UDP port number and will send the ICMP Type 3 Code 3 Message – Destination Port Unreachable – after receiving that Traceroute will end the trace.

Picture of ICMP types taken from Stanford Networking course http://online.stanford.edu/course/introduction-computer-networking

 

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s