Internet Control Message

Protocol
Position of ICMP in the network layer
 IP drawbacks:
• IP has no error reporting or error correction mechanism
• What happens if a router must discard a datagram because it cannot
find a router to destination?
• What happens if the final destination host must discard all fragments of a
datagram because it has not received all fragments within a predetermined
time limit?
• IP lacks in mechanism for host and management queries
 host may want to know whether a router or another host is alive?
 network manager may need information from another host or router

ICMP is designed to compensate the above deficiencies

• The Internet Control Message Protocol (ICMP) is a Network Layer protocol
used by network devices to diagnose network communication issues.

• ICMP is mainly used to determine whether or not data is reaching its intended
destination in a timely manner.

• Commonly, the ICMP protocol is used on network devices, such as routers.

ICMP is crucial for error reporting and testing
ICMP encapsulation

•ICMP is network layer protocol

•Its messages are not directly passed to the datalink layer
•The messages are encapsulated inside IP datagrams
•The value of the protocol field in the IP datagram is 1 to indicate that the
IP data is an ICMP message
TYPES OF MESSAGES
ICMP messages are divided into error-reporting messages and query
messages. The error-reporting messages report problems that a router or
a host (destination) may encounter. The query messages get specific
information from a router or another host.
Figure 3 ICMP messages

• Error reporting messages report problems that a router or a

host may encounter when it processes an IP packet
• Query messages (occur in pairs) help host or network
manager to get specific information from a router or another
host .e.g., nodes can discover their neighbors, host can learn
about the routers on their network, routers can help node to
redirect its messages
ICMP messages
MESSAGE FORMAT
An ICMP message has an 8-byte header and a variable-size data section.
Although the general format of the header is different for each message
type, the first 4 bytes are common to all.
Figure 4 General format of ICMP messages

• Type define the type of message

• The code field specifies the reason for the particular message type
• Checksum field is used for error detection
• The rest of the header is specific for each message type
• The data section in error messages carries information for finding the
original packet that had an error
• In query messages, data section carries extra information based on
the type of query
ERROR REPORTING
IP, as an unreliable protocol, is not concerned with error checking and
error control. ICMP was designed, in part, to compensate for this
shortcoming. ICMP does not correct errors, it simply reports them.
Error correction is left to higher level protocols

The topics discussed in this section include:

Destination Unreachable
Source Quench
Time Exceeded
Parameter Problem
Redirection
 Note:

ICMP always reports error messages

to the original source, because the
only information available in the
datagram about the route is the
source and destination IP address.
Figure 5 Error-reporting messages
 Note:
The following are important points about ICMP error
messages:
❏ No ICMP error message will be generated in response
to a datagram carrying an ICMP error message.
❏ No ICMP error message will be generated for a
fragmented datagram that is not the first fragment.
❏ No ICMP error message will be generated for a
datagram having a multicast address.
❏ No ICMP error message will be generated for a
datagram having a special address such as 127.0.0.0 or
0.0.0.0.
Figure 6 Contents of data field for the error messages

• All error messages contain a data section that includes IP header

of the original datagram + 8 bytes of data in that datagram
•The 8 bytes of data are included because, these bytes define the
port numbers (UDP and TCP) and sequence number in (TCP)
• This information is needed so the source can inform the protocols
(TCP or UDP) about the error
 Figure 7 Destination-unreachable format

• When a router cannot route a datagram, or a host cannot deliver a

datagram, the datagram is discarded and the router or the host
sends a destination unreachable message back to the source host
that initiated the datagram

• Code 0: network unreachable

• Code 1: host unreachable
• Code 2: protocol is unreachable; data received for TCP ,and TCP is
not running at the moment could only be detected by the destination
• Code 3: port unreachable (application process)
……
……
……
 Note:

Destination-unreachable messages
with codes 2 or 3 can be created only
by the destination host.
Other destination-unreachable
messages can be created only by
routers.
 Note:

A router cannot detect all problems

that prevent the delivery of a packet.
e.g. Datagram travelling through
Ethernet
 Note:

There is no flow-control mechanism in

the IP protocol. (IP is connectionless,
no communication between source-
generates datagram, router- forwards
datagram, destination host-processes
datagram)
Figure 8 Source-quench format

• The source quench message in ICMP was designed to add

flow and congestion control to IP
• When a router or host discards a datagram it sends a
source-quench message to the sender of datagram
 Note:

A source-quench message informs the

source that a datagram has been
discarded due to congestion in a router
or the destination host.
The source must slow down (quench)
the sending of datagrams until the
congestion is relieved.
 Note:

One source-quench message is sent for

each datagram that is discarded due to
congestion.
Source Quench
• Router or destination host sends source quench message for congestion in
the network
• No mechanism to tell source that congestion is relieved or not
• So source continues to send data at slower rate until no more source
quench messages are received
• Congestion may be created by one-to-one or many-to-one type
communication
• In one-to-one communication if the sender is sending data at a higher rate
than the router or destination host can process it, then in this case source
quench messages help the sender to slow down its data transfer
• In many-to-one type communication many sources create datagram, some
transfer at faster rate and some slower. The destination host or router has
no clue which source is responsible for congestion , hence the technique
fails (it may drop a packet from a very slow source instead of dropping the
datagram that has actually created congestion)
 Note:

Whenever a router decrements a time-

to-live value to zero, it discards the
datagram and sends a time-exceeded
message to the original
source.(packets travel in loop)
 Note:

When the final destination does not

receive all of the fragments in a set
time, it discards the received fragments
and sends a time-exceeded message to
the original source. (timer)
 Note:

In a time-exceeded message, code 0 is

used only by routers to show that the
value of the time-to-live field is zero.
Code 1 is used only by the destination
host to show that not all of the
fragments have arrived within a set
time.
Figure 9 Time-exceeded message format
 Note:

A parameter-problem message can be

created by a router or the destination
host.
Figure 10 Parameter-problem message format

• Any ambiguity in the header part of a datagram can create

serious problems as the datagram travels through the internet
• If a router or host finds such ambiguity it discards the packet
and sends a parameter problem to the source

Code 0: Error in one of the header fields, pointer points to the byte
having problem
Code 1: The required part of the option is missing
Figure 11 Redirection concept
 Note:

A host usually starts with a small

routing table that is gradually
augmented and updated. One of the
tools to accomplish this is the
redirection message.
Figure 12 Redirection message format

Code 0: Redirection for a network specific route

Code 1: Redirection for a host specific route
Code 2: Redirection for a network specific route based on
specific type of service
Code 3: Redirection for a host specific route based on
specific type of service
 Note:

A redirection message is sent from a

router to a host on the same local
network.
QUERY
ICMP can also diagnose some network problems through the query
messages, a group of four different pairs of messages. In this type of
ICMP message, a node sends a message that is answered in a specific
format by the destination node.

The topics discussed in this section include:

Echo Request and Reply
Timestamp Request and Reply
Address-Mask Request and Reply
Router Solicitation and Advertisement
Figure 13 Query messages
 Note:

An echo-request message can be sent

by a host or router. An echo-reply
message is sent by the host or router
which receives an echo-request
message.(diagnostic purpose)
 Note:

Echo-request and echo-reply messages

can be used by network managers to
check the operation of the IP
protocol.(working or not)
 Note:

Echo-request and echo-reply messages

can test the reachability of a host. This
is usually done by invoking the ping
(Packet Internet Groper) command.
Figure 14 Echo-request and echo-reply messages
Figure 15 Timestamp-request and timestamp-reply message format

• The source creates a time stamp request message, fills original

timestamp (at departure time), other two fields are 0
• The destination creates a time stamp reply message, copies original ts,
fills receive ts, fills transmit timestamp (time at which the packet
departs)
• Sending time= receive timestamp-original timestamp
• Receiving time=returned time-transmit time
• Round-trip time= Sending time + Receiving time
 Note:

Timestamp-request and timestamp-

reply messages can be used to
calculate the round-trip time between
a source and a destination machine
even if their clocks are not
synchronized.
Example:

Original timestamp: 46
Receive timestamp:59
Transmit timestamp: 60
Return time:67

Sending time=59-46=13ms
Receiving time=67-60=7ms
Round-trip time=13+7= 20ms
 Figure 16 Mask-request and mask-reply message and Router advt.

• The duties of the mask request reply and router

advertisement are done by DHCP
• Hence they are not used now-a-days
IP addresses: how to get one?
Q: How does a host get IP address?

 hard-coded by system admin in a file

 Windows: control-panel->network->configuration-
>tcp/ip->properties
 UNIX: /etc/rc.config
 DHCP: Dynamic Host Configuration Protocol:
dynamically get address from as server
 “plug-and-play”

Network Layer 4-43

DHCP: Dynamic Host Configuration Protocol
goal: allow host to dynamically obtain its IP address from network
server when it joins network
 can renew its lease on address in use
 allows reuse of addresses (only hold address while
connected/“on”)
 support for mobile users who want to join network (more
shortly)
DHCP overview:
 host broadcasts “DHCP discover” msg [optional]
 DHCP server responds with “DHCP offer” msg [optional]
 host requests IP address: “DHCP request” msg
 DHCP server sends address: “DHCP ack” msg

Network Layer 4-44

DHCP client-server scenario

DHCP
223.1.1.0/24
server
223.1.1.1 223.1.2.1

223.1.1.2 arriving DHCP

223.1.1.4 223.1.2.9
client needs
address in this
223.1.3.27
223.1.2.2 network
223.1.1.3

223.1.2.0/24

223.1.3.1 223.1.3.2

223.1.3.0/24

Network Layer 4-45

DHCP client-server scenario
DHCP server: 223.1.2.5 DHCP discover arriving
client
src : 0.0.0.0, 68
Broadcast: is there a
dest.: 255.255.255.255,67
DHCPyiaddr:
server 0.0.0.0
out there?
transaction ID: 654

DHCP offer
src: 223.1.2.5, 67
Broadcast: I’m a DHCP
dest: 255.255.255.255, 68
server! Here’s an IP
yiaddrr: 223.1.2.4
address youID:can
transaction 654 use
lifetime: 3600 secs
DHCP request
src: 0.0.0.0, 68
Broadcast: OK. I’ll take
dest:: 255.255.255.255, 67
yiaddrr: 223.1.2.4
that IP address!
transaction ID: 655
lifetime: 3600 secs

DHCP ACK
src: 223.1.2.5, 67
Broadcast: OK. You’ve
dest: 255.255.255.255, 68
yiaddrr: 223.1.2.4
got that IPID:
transaction address!
655
lifetime: 3600 secs
Network Layer 4-46
DHCP: more than IP addresses
DHCP can return more than just allocated IP
address on subnet:
 address of first-hop router for client
 name and IP address of DNS sever
 network mask (indicating network versus host portion
of address)

Network Layer 4-47