The so-called ICMP is nothing more than a general and soldiers

[[396354]]

This article is reprinted from the WeChat public account "Feitian Veal", the author is Feitian Veal. Please contact Feitian Veal public account for reprinting this article.

What is ICMP protocol

We mentioned this in the article about the IP protocol. As a network layer protocol that provides unreliable data delivery, IP datagrams may be lost, duplicated, delayed, and out of order during transmission. However, the IP protocol does not have effective detection and compensation measures for these bad situations, and certainly will not notify the sender and receiver of these results.

Therefore, in view of the above reasons, we need to pay special attention to two points when building an IP network:

• Confirm that the network is working properly
• Even if the diagnosis is abnormal, the cause

Thus, the Internet Control Message Protocol (ICMP) came into being.

Figuratively speaking, the IP protocol is like a general, and the ICMP protocol is his intelligence officer. The general is planning his strategy from thousands of miles away, but casualties are inevitable for the soldiers fighting on the front line.

The general who cannot go to the front line in person must at least know two things: first, whether my soldiers are advancing in the direction I direct them to, and whether they rush to the wrong place; second, how many casualties my soldiers have suffered and what caused them to be injured. Only by understanding the causes of casualties can we make the next strategic deployment. We can't die without knowing it. Needless to say, this is what the intelligence officer ICMP should do.

Of course, the above is just an analogy and may not be very rigorous. It’s enough for you to understand what it means and there’s no need to be too picky.

Here we use academic language to summarize, the main functions of ICMP are as follows:

1) Confirm whether the IP datagram is successfully delivered to the target address

2) If an IP datagram fails to reach its destination for some reason, ICMP will be responsible for notifying the specific reason.

A Brief Study on ICMP Messages

The specific cause of the error is notified by the ICMP protocol. The scientific name of this notification is ICMP message. So is the ICMP message sent by the sender or the receiver?

Neither.

ICMP messages are sent by routers.

For example: Host A sends a data packet to Host B without knowing it, while Host B is sleeping soundly. Host A and Host B are not in the same local network. Assume that there are two routers between them. See the figure below:

As we all know, in addition to the IP address, we also need the MAC address to ensure that the data packet can accurately find the transmission direction. Therefore, in order to know the MAC address of host B, Router 2 will broadcast an ARP request message, hoping to obtain the MAC address of host B. However, host B is turned off and naturally cannot respond to this request message.

Therefore, Router 2 will resend the ARP request message over and over again. After many unsuccessful attempts, Router 2 will return an ICMP Destination Unreachable packet to Host A (ICMP message types will be discussed below), notifying Host A that, unfortunately, the packet you sent to Host B failed to arrive successfully.

So, how exactly is the ICMP message transmitted to host A?

This is very simple. ICMP messages are transmitted in the same way as TCP/UDP messages.

That is to say, the real data will first be added with the ICMP header, encapsulated into an ICMP message, and then encapsulated into an IP datagram by the IP protocol for plain text transmission, and the source IP address and destination address will be specified by the IP protocol. After receiving the data, host A will decapsulate it layer by layer, thereby obtaining the real data and knowing the cause of the abnormality, and then shout angrily: stupid host B.

ICMP message format

At this point, you already know that ICMP messages are encapsulated in IP datagrams. Let's take a look at the following figure:

Well, there doesn't seem to be much to say here. The picture above is very nice. I took a screenshot of the Wang Dao video on Bilibili when I was preparing for the postgraduate entrance examination. You can understand the picture above and know what's in the ICMP header. You just need to know that the type and code fields are very important, especially the type. Let's focus on it next.

ICMP Message Types

The ICMP Destination Unreachable mentioned above is the ICMP message that the destination is unreachable.

ICMP message types can be roughly divided into two types, error messages and inquiry messages. Explain:

The so-called query message is a query message used by the host for diagnosis.

Such academic words may not be easy to understand. So, let's put it figuratively. In fact, query messages have nothing to do with communication anomalies. Query messages are like a general leading thousands of troops to a silent canyon, which is a place prone to ambush. The general dare not move forward rashly, so he sends several intelligence agents to find out the enemy situation and report immediately if there is any movement.

Common ICMP query message types are as follows:

• Echo Reply, corresponding to the value of the ICMP message header type field: 0
• Echo Request, corresponding to the value of the ICMP message header type field: 8

The error message is used to inform the host of the cause of the error. Obviously, the ICMP error report message is generated along with the error data. Once the IP protocol finds that an IP datagram is wrong, it will first resolutely discard the wrong IP datagram and then send an ICMP error message.

Common ICMP error message types are as follows:

• Destination Unreachable, corresponding to the value of the ICMP message header type field: 3
• Source Quench, corresponding to the value of the ICMP message header type field: 4
• Redirect or change the route (Redirect), corresponding to the value of the ICMP message header type field: 5
• Time Exceeded, corresponding to the value of the ICMP message header type field: 11

The following is a detailed explanation of these common ICMP message types.

ICMP echo message (type 0, 8)

A message used between communicating hosts or routers to determine whether the sent data packet has successfully reached the other end.

It can send ICMP echo request messages (Echo Request, type 8) to the peer host, and it can also receive ICMP echo reply messages (Echo Reply, type 0) sent back by the peer host.

picture

The ping command we often use is implemented based on ICMP echo messages.

The word ping comes from sonar positioning, and this command does the same thing. It sends an ICMP Echo Request message of type 0, and the host that receives the request responds with an ICMP Echo Reply message of type 8. Ping will calculate the interval between sending the Request and receiving the Reply message, and calculate how many packets are delivered, how many packets are lost, etc. Users can use this to determine the general situation of the network.

Let's ping Github as shown below:

Ping does not do nothing. It adds two fields to the ICMP message format: the identifier and the sequence number. These two fields are actually very easy to understand:

1) The identifier is used to distinguish which application sends the ICMP packet.

Figuratively speaking, the general sent out two intelligence agents, one to understand the battle situation, and the other to call for reinforcements. So there must be an identifier to distinguish the two intelligence agents. Identifiers do this. The easiest thing to think of as an identifier is the process PID.

2) The sequence number is used to confirm whether the network packet is lost.

Figuratively speaking, the general sent out 10 intelligence agents and assigned each of them a number. In this way, if 10 were sent out and 10 returned, it means that the battle situation at the front was good; if 10 were sent out and none returned or only 1 returned, it means that the situation was not good.

ICMP Destination Unreachable Message (Type 3)

When a router cannot send an IP datagram to the destination address, it returns an ICMP message "Destination Unreachable Message" to the sending host.

There are many possible reasons for the target being unreachable, such as network problems, target host problems, etc., so the target unreachable message also needs to indicate the specific reason for the unreachability. This specific reason is recorded in the code field of the ICMP header.

So here we still use the example of marching and fighting to see what are the common target unreachable types of code:

1) The war was intense at the front, and the general (host A) sent a team of soldiers back to the capital to ask the emperor (host B) for help. On the way, the intelligence officer rushed to report: General, we lost our way on the way and can't find where the capital is. This is the network unreachable, and its code is 0

2) Assume that the soldiers successfully return to the capital, but the emperor is out of the city, and the court officials dare not agree to send troops to rescue him privately. This is the host unreachable, and no one is found at the place. Its code is 1

3) Assume that the soldiers successfully found the capital, but because the soldiers had been fighting outside for many years, the young guards guarding the city no longer recognized these famous soldiers, so they needed to use the password to prove their identity. However, the experienced soldiers could not remember these things for a while, so they could not enter the city. This is the protocol unreachable, and its code is 2

4) Assume that the soldiers successfully entered the city and met with the emperor, but the emperor said that the intelligence told him by the Secret Service was different from what you said. You said you needed reinforcements, but the information I got was that you only needed food. This is the port unreachable, and its code is 3

5) Assume that the soldiers successfully sought help and obtained more than ten boxes of firearms, but the mountain road was narrow and the carriages carrying firearms were too big to pass. Therefore, they needed to change to smaller carriages and load a little firearms in each carriage. However, due to the immature firearms technology and safety concerns, the general had already strictly prohibited the firearms from being divided. As a result, the mighty reinforcements were blocked in the narrow mountain road. This is when fragmentation is needed but the non-fragmentation bit is set, and its code is 4

ICMP Redirect message (type 5)

When it comes to this, we must first understand what the responsibilities of the IP protocol or the network layer are, which is to select appropriate Internet routing and switching nodes to ensure timely transmission of data.

For this reason, we always prefer to transmit based on the shortest and most optimal path.

If the router finds that the sending host uses a non-optimal path to send data, it will return an ICMP Redirect Message to the host, and this message includes the optimal routing information and source data.

I'm addicted to writing, haha, here's an example: the general was furious when he learned the intelligence about ICMP. The leader who was sent out to get reinforcements was actually taking a detour with 100,000 reinforcements, what a traitor. The general quickly ordered the killing of the leader and immediately rushed back by the shortest route.

ICMP Time Exceeded Message (Type 11)

There is a field in the IP packet called TTL (Time To Live), and its value decreases by 1 each time it passes through a router until it reaches 0, at which point the IP packet will be discarded.

At this time, the IP router will send an ICMP Time Exceeded Message to the sending host and notify that the packet has been discarded.

Figuratively speaking, the team sent by the general to get reinforcements had difficulty finding the direction of the capital, and at the beginning of the journey, they ran out of food and fodder that were only enough for three days, and the entire team died in despair.

The main purpose of setting the IP packet life cycle is to prevent IP packets from being endlessly forwarded on the network when routing control encounters problems and a loop occurs.

Applications of ICMP

One of the applications we have already mentioned is the ping command, which is based on ICMP query messages.

There is another command based on ICMP error messages. In Linux, this command is traceroute, and in Windows, it is tracert.

You may think that ICMP error messages are only generated when communication is abnormal. In fact, the traceroute command is an exception. It uses ICMP rules to deliberately create some scenarios that can cause abnormalities.

The traceroute command has two main functions:

1) Intentionally set a special TTL to track the routers along the way to the destination host.

Specifically, the sending host will continuously send UDP packets to the receiving host. The UDP packets are encapsulated into IP datagrams, and the TTL is incremented sequentially starting from 1.

For example, if TTL is set to 1, then when the IP datagram encounters the first router, it will be discarded and an ICMP error message of type ICMP timeout will be returned.

Next, set the TTL to 2. After passing the first router, the IP datagram will be discarded when it encounters the second router, and then an ICMP error message will be returned.

......

In this way, traceroute gets all the router IPs.

There is still a question here. How do we know whether the data has reached the destination host?

Traceroute is based on UDP transmission, so it is necessary to specify a port number. Traceroute will choose an impossible value as the UDP port number.

In this way, when the data reaches the destination host, it will find that the port does not match, so the router will generate an ICMP destination unreachable message with code 3, which means the port is unreachable.

When the sending host receives the port unreachable ICMP message, it knows that the destination host has successfully received the data.

2) Deliberately set it to not be fragmented, so as to determine the maximum transmission unit (MTU) of the path.

In some cases, we do not know the MTU size of the path, so we need some means to obtain the MTU in order to control the size of the data packets sent.

The task of the sending host is very simple, which is to send IP datagrams as usual, but set the fragmentation prohibition flag in the IP header to 1.

In this way, if the length of the IP datagram exceeds the MTU, the datagram will be directly discarded by the router, and an ICMP destination unreachable message will be sent to the sending host, with code 4, that is, fragmentation is required but the no-fragmentation bit is set.

In this way, each time the sending host receives an ICMP message indicating that fragmentation is required but the do not fragment bit is set, it reduces the length of the IP datagram until it reaches the destination host successfully.