Decoding Internet Control Message Protocol (ICMP)

Linux

Decoding Internet Control Message Protocol (ICMP)

By novicejava1 0
decoding-icmp-protocol

IP is a best effort mechanism that makes an attempt to deliver datagram but does not guarantee delivery.

A datagram travels through internet consisting of multiple routers to reach its final destination. If a router for some reason isn’t able to deliver the datagram to the final destination, it informs the original source about the problem.

Communication Problems

Failures in network communication system is inevitable. There may be multiple reasons due to which a datagram could not be delivered to its ultimate desitnation. Here are some the reasons.

  1. Failed network cables
  2. Malfunctioning network hardware
  3. Host disconnected from the network
  4. Datagram Hop Limit expiry before reaching ultimate destination
  5. Router overload

Error Reporting using ICMP

An internet is a giant network of multiple physical networks interconnected consisting of heterogenous hardware systems. For any failures in such at network it would be difficult to tell whether a delivery failure resulted from a malfunction of the local network or a failure of a system somewhere along the path to a destination.

IP protocol by itself contains nothing to help the sender test connectivity or learn about failures. There is an additional mechanism needed for the same. This is where the Internet Control Message Protocol comes into picture.

ICMP is primarily intended to inform a source when a datagram sent by the source experiences problems. ICMP messages are sent to Internet Protocol software on the source computer. The ICMP mechanism is considered a required part of IP and must be included in every IP implementation.

The IP protocol software handles these ICMP messages and takes further actions such as inform an application or a higher-level protocol about an incoming message.

ICMP was initially designed to allow routers to report the cause of delivery errors to hosts, but ICMP is not restricted exclusively to routers. A host can use ICMP to correspond with a router or another host.

ICMP Message Format

ICMP messages travel across the internet in the payload area of IP datagrams. This approach assumes errors are rare and the error messages will be delivered to the original source.

As shown in the diagram above, each ICMP message is encapsulated within the payload area of the IP datagram, which itself travels across an underlying network in the payload section of the frame.

The ICMP messages are carried like normal messages by the datagram and there are no no additional reliability or priority provided for the same. These error messages may get lost, duplicated or discarded due to congested network. There is one exception, ICMP messages are not generated for errors that result from datagrams carrying ICMP error messages.

ICMP is considered as required part of IP, so its classified as Layer 3 protocol. Here is the ICMP message format as shown below. Each Octet is 8 bit long.

  • TYPE: This field identifies the specific ICMP message that is being delivered
  • CODE: This field is an 8-bit value that provides specific details or subtypes for the message type indicated in the ICMP Type field.
  • CHECKSUM: It is a value computed over the entire ICMP message. ICMP uses the same 16-bit one’s comple- ment checksum as IP.

The message body in an ICMP message depends entirely on the ICMP type. It always includes the header plus additional octets from the datagram that caused the problem.

For details on ICMP code values refer “Internet Control Message Protocol (ICMP) Parameters“.

Testing Destination Reachability and Status with Ping

ping sends an ICMP Echo Request message to a remote computer. Any computer that receives an ICMP Echo Request creates an ICMP Echo Reply and returns the reply to the original sender.

Receiving a reply from the remote machines helps us verify major pieces of the IP Transport system are working correctly.

For IPv4, the TYPE is 8 in a request and 0 in a reply. For IPv6, the TYPE is 128 in a request and 129 in a reply. For any value in the TYPE field, the CODE is zero (i.e., echo requests and replies do not use the code field).

Whenever an error prevents a router from forwarding or delivering a datagram, the router sends an ICMP destination unreachable message back to the source and then drops (i.e., discards) the datagram. Network unreachable errors imply forwarding failures at intermediate points; host unreachable errors imply delivery failures across the final hop.

Hope you enjoyed reading this article. Thank you..