The below videos and links helps in understanding ICMP in Detail.
One of the best explanation available :ICMP
One of the best explanation available :ICMP
http://www.firewall.cx/networking-topics/protocols/icmp-protocol.html
Source quench
Source Quench requests that the sender decrease the rate of messages
sent to a router or host. This message may be generated if a router or host
does not have sufficient buffer space to process the request, or may occur if
the router or host buffer is approaching its limit.
Redirect
Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternate route). If a host tries to send data through a router (R1) and R1 sends the data on another router (R2) and a direct path from the host to R2 is available (that is, the host and R2 are on the same Ethernet segment), then R1 will send a redirect message to inform the host that the best route for the destination is via R2. The host should then send packets for the destination directly to R2. The router will still send the original datagram to the intended destination. However, if the datagram contains routing information, this message will not be sent even if a better route is available. RFC1122 states that redirects should only be sent by gateways and should not be sent by Internet hosts.
Time exceeded
Time Exceeded is generated by a gateway
to inform the source of a discarded datagram due
to the time
to live field reaching zero. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented
datagram within its time limit.
Time exceeded messages are used by the traceroute utility to identify gateways on the path between two hosts.
Timestamp
Timestamp is used for time synchronization. It consists of the originating timestamp.
Explain ping packet (ICMP echo request/reply) format?
An Echo is simply what we networking engineers call a 'ping'. The Echo Reply is, as most would guess, the 'ping reply'. ICMP Echos are used mostly for troubleshooting. When there are 2 hosts which have communication problems, a few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems with the routes packets are taking in order to get to the other side.
ICMP:
ICMP header starts after the IPv4 header and is
identified by protocol no: 0x01 for ICMP
in ip header.
ICMP packet will have an 8-byte header and variable
sized data section.
First 4
bytes of the header will be consistent. The first byte is for ICMP type. 2nd
byte is for the ICMP code. 3 and 4th bytes are for checksum of the
entire ICMP message.
The contents of the remaining 4 bytes [since ICMP
segment size is 8 bytes] of the header will varies based on the ICMP type and
code.
ICMP error messages contain a data section that
includes the entire IP header plus the first 8 bytes of data from the ip packet
that caused the error message. The ICMP packet is then encapsulated in a new
packet.
ICMP error message == Contains Data section + entire
IP header + first 8 bytes of data from the IP packet that caused the error
message.
- Type
– ICMP type as specified below.
- Code
– Subtype to the given type.
- Checksum
– Error checking data. Calculated from the ICMP header+data, with value 0
for this field. The checksum algorithm is specified in RFC 1071.
- Rest of
Header – Four byte field. Will vary based on the ICMP type and code.
Source quench
Source Quench requests that the sender decrease the rate of messages
sent to a router or host. This message may be generated if a router or host
does not have sufficient buffer space to process the request, or may occur if
the router or host buffer is approaching its limit.
As no
acknowledgement mechanism is present in the network layer, the client does not
know whether the data has reached the destination successfully. Hence some
remedial measures should be taken by the network layer to avoid these kind of
situations. These measures are referred to as source quench. In a source quench
mechanism, the router sees that the incoming data rate is much faster than the
outgoing data rate, and sends an ICMP message to the clients, informing them
that they should slow down their data transfer speeds or wait for a certain
amount of time before attempting to send more data. When a client receives this
message, it will automatically slow down the outgoing data rate or wait for a
sufficient amount of time, which enables the router to empty the queue. Thus
the source quench ICMP message acts as flow control in the network layer.
Redirect
Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information (to send packets on an alternate route). If a host tries to send data through a router (R1) and R1 sends the data on another router (R2) and a direct path from the host to R2 is available (that is, the host and R2 are on the same Ethernet segment), then R1 will send a redirect message to inform the host that the best route for the destination is via R2. The host should then send packets for the destination directly to R2. The router will still send the original datagram to the intended destination. However, if the datagram contains routing information, this message will not be sent even if a better route is available. RFC1122 states that redirects should only be sent by gateways and should not be sent by Internet hosts.
Time exceeded
Time Exceeded is generated by a gateway
to inform the source of a discarded datagram due
to the time
to live field reaching zero. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented
datagram within its time limit.Time exceeded messages are used by the traceroute utility to identify gateways on the path between two hosts.
Timestamp
Timestamp is used for time synchronization. It consists of the originating timestamp.
Explain ping packet (ICMP echo request/reply) format?
An Echo is simply what we networking engineers call a 'ping'. The Echo Reply is, as most would guess, the 'ping reply'. ICMP Echos are used mostly for troubleshooting. When there are 2 hosts which have communication problems, a few simple ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems with the routes packets are taking in order to get to the other side.
The 'ping' command is very well known, but the results of it are very often misunderstood and for that reason I have chosen to explain all those other parameters next to the ping reply, but we will have a look at that later on.
Let's have a look at what an ICMP-Echo or Echo Reply packet looks like:
If the above packet was an ICMP Echo (ping), then the Type field takes a value of 8. If it's an ICMP Echo Reply (ping reply) then it would take a value of 0.
The picture below is a screen shot I took when doing a simple ping from my workstation:
Okay, now looking at the screen shot above, you can see I 'pinged' www.firewall.cx. The first thing my workstation did was to resolve that URL to an IP address. This was done using DNS. Once the DNS server returned the IP address of www.firewall.cx, the workstation generated an ICMP packet with the Type field set to 8.
Here is the proof:
The picture above is a screenshot from my packet sniffer the same time this experiment was taking place. The packet displayed is one of the 4 packets which were sent from my workstation to the webserver of firewall.cx
Notice the ICMP type=8 Echo field right under the ICMP Header section. This clearly shows that this packet is being sent from the workstation and not received. If it was received, it would have been an 'Echo Reply' and have a value of 0.
The next weird thing, if anyone noticed, is the data field. Look at the screen shot from command prompt above and notice the value there and the value the packet sniffer is showing on the left. One says 32 Bytes, and the other 40 Bytes !
The reason for this is that the packet sniffer is taking into account the ICMP header files (ICMP type, code, checksum and identifier), and I'll prove it to you right now.
Look at the top of this page where we analysed the ICMP headers , you will notice that the lengths (in Bits) of the various fields are as follows: 8, 8, 16, 16, 16. These add up to a total of 64 Bits. Now 8 Bits = 1 Byte, therefore 64 Bits = 8 Bytes. Take the 32 Bytes of data the workstation's command prompt is showing and add 8 Bytes .... and you have 40 Bytes in total.
Two routers A and B are connected back to back with hub in between. Router A ip is 2.2.2.2 and Router B ip 3.3.3.3. Will ping happens? Will ARP happens?
Ping will fail so do arp.
Router#ping 3.3.3.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Here routing table and ARP table do not show any entry of router B
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/0
Router#
Router#
Router#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 2.2.2.2 - 0007.EC3B.29C5 ARPA FastEthernet0/0
Routers b2k interfaces need to be in same subnet.
Now I configured router B interface as 2.2.2.1
Router#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 0/0/0 ms
Router#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, FastEthernet0/0
Router#
Router#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 2.2.2.1 0 0060.7039.799A ARPA FastEthernet0/0
Internet 2.2.2.2 - 0007.EC3B.29C5 ARPA FastEthernet0/0
No comments:
Post a Comment
Note: only a member of this blog may post a comment.