Internet Control Message Protocol
Mississippi College
Computer Science
Dr. Bennet
  1. The Internet Control Message Protocol (ICMP) is for
    1. Reporting errors.
    2. Pass control information.
    3. Request changes in behavior.
  2. ICMP messages are IP datagrams, and are so encapsulated.
    ICMP Header
    ICMP Data Area
    IP Header
    IP Payload (ICMP message)
    Frame Header
    Frame Payload (IP datagram)
    1. The frame header contains type code hex 0800 for IP.
    2. The Type field in the IP header contains 1 for ICMP.
  3. Reporting errors is one of the main purposes. There's a lot that can go wrong.
    1. Packet header is malformed.
    2. Packet must be dropped because a router is to congested to accept it.
    3. Packet runs out of TTL.
    4. Destination host can't be found.
    5. etc.
  4. ICMP Message format varies with the type of message.
    1. First byte is the message type.
    2. Second byte a sub-code which is more specific.
    3. Next two bytes is a checksum.
    4. The rest varies. If the message is sent in response to some IP message, its header and first 64 payload bits are placed here.
    5. Some type codes and sub-codes.
      0.Echo request. This is what ping sends.
      8.Echo response.
      2.Destination Unreachable. A router (or the sender) cannot get the packet to the destination
      0.Network Unreachable. Don't have a route to network number for the packet.
      1.Host Unreachable. The packet reached the destination network, but no computer here matches the host number.
      2.Protocol Unreachable. The recipient will not accept the payload type given by the type field.
      3.Port Unreachable. The recipient computer will is not accepting data on the port number specified in the transport protocol (next major topic).
      4.Fragmentation needed, but the don't fragment bit is set.
      5.Redirect: Update your routing table. (Don't know if this used much now.
      11.Time exceeded. The TTL value was reached, or not all fragments were collected within the time limit.
      12.Parameter problem. Contains a pointer to say where the error is.
      30.Tracerout request response
  5. No ICMP errors for ICMP packets.
    1. An ICMP error message may be sent in response to an a non-ICMP IP packet.
    2. An error in an ICMP packet may not be reported with another ICMP.
    3. This avoids the possibility of an infinite exchange where each error response returns another error response.
  6. Using ICMP messages.
    1. The ping utility.
      1. Ping sends an ICMP type 0 message, and waits for a response.
      2. The ICMP 0 message may contain arbitrary data, which is returned in the type 8 response.
      3. Ping stores the time in the sent message. When it comes back, ping can measure the roundup time.
      4. The response might be an error message instead of a ping response, which ping reports.
      5. There may be no response, which ping reports as a timeout.
    2. The traceroute utility. Traceroute determines the list of routers on the way to some destination IP address.
      1. Send a series of UDP packets to the destination, with increasing TTL.
      2. Send (typically 3) packets with TTL 1, then TTL 2, then TTL 3, etc.
      3. Tracerout harvests ICMP time expired messages (type 11). The ones with TTL 1 will come from the first router, TTL 2 from the second, etc.
      4. Default is to send a UDP packet to a usually unused port. Reaching the destination should return port unreachable (type 2/3).
      5. Some routers may not respond; response times out, and the program usually prints stars.
      6. Some uncivilized routers filter ICMP responses, so the trace cannot reach past them.
    3. Finding the path MTU.
      1. Similar to traceroute, send packets of various sizes with the do-not-fragment bit set.
      2. Collect the the ICMP 3/4 errors that are sent when the packet needs to be fragmented.
      3. The path MTU is at least the size of the largest packet that gets through, since it did not need to fragment.