Address Resolution Protocol (ARP) &

Internet Control Message Protocol (ICMP)

Presenter: Assoc.Prof.Dr. Fatih ABUT

1
Overview

• The IP (Internet Protocol) relies on several other protocols to

perform necessary control and routing functions:
• Address resolutions (ARP)
• Control functions (ICMP)
• Multicast signaling (IGMP)
• Setting up routing tables (RIP, OSPF, BGP, PIM, …)

2
Address Resolution Protocol (ARP) and
Reverse ARP (RARP)
• Note:
– The Internet is based on IP addresses
– Data link protocols (Ethernet, FDDI, ATM) may have
different (MAC) addresses
• The ARP and RARP protocols perform the translation
between IP addresses and MAC layer addresses
• We will discuss ARP for broadcast LANs, particularly Ethernet
LANs

ARP Ethernet MAC

IP address
address
(32 bit)
(48 bit)
RARP
3
Coupling of the IP layer to the Ethernet
layer according to OSI

IP packet
IP Dest.
(2)-ICI IP Source IP packet
MAC Dest.
MAC Data
IP layer Source
IP entity

(2)-SAP
(2)-IDU

(2)-ICI
Ethernet frame
MAC-Dest.
MAC-Source MAC Dest.
MAC Source
2-Layer Ethernet frame
(Ethernet) IP packet
IP Dest.
IP Source

Data
(2)-entity

System (Ethernet/IP)
ARP Protocol
REQUEST: Computer with MAC-Adr-A and IP-Adr-A to
all: Looking for a MAC? from computer with IP-Adr-B

A B

ARP-Cache: ARP-Cache:
ARP-Cache:
empty empty
IP-Adr-A → MAC-Adr-A

RESPONSE: To computer with MAC-Adr-A:

Have MAC-Adr-B and IP-Adr-B

A B

ARP-Cache:
ARP cache: ARP-Cache:
ARP cache:
empty
IP-Adr-B → MAC-Adr-B empty
IP-Adr-A → MAC-Adr-A
ARP Packet Format (1)

Ethernet II header

Destination Source Type

address address 0x8060
ARP Request or ARP Reply Padding CRC

6 6 2 28 10 4

Hardware type (2 bytes) Protocol type (2 bytes)

Hardware address Protocol address
Operation code (2 bytes)
length (1 byte) length (1 byte)
Source hardware address*

Source protocol address*

Target hardware address*

Target protocol address*

* Note: The length of the address fields is determined by the corresponding address length fields
6
ARP Packet Format (2)

• Hardware type (HTYPE)

– This field specifies the network link protocol type. Example: Ethernet is 1.
• Protocol type (PTYPE)
– This field specifies the internetwork protocol for which the ARP request is intended. For IPv4, this has
the value 0x0800. The permitted PTYPE values share a numbering space with those for EtherType.
• Hardware length (HLEN)
– Length (in octets) of a hardware address. Ethernet address length is 6.
• Protocol length (PLEN)
– Length (in octets) of internetwork addresses. The internetwork protocol is specified in PTYPE.
Example: IPv4 address length is 4.
• Operation
– Specifies the operation that the sender is performing: 1 for request, 2 for reply.
• Sender hardware address (SHA)
– Media address of the sender. In an ARP request this field is used to indicate the address of the host
sending the request. In an ARP reply this field is used to indicate the address of the host that the
request was looking for.
• Sender protocol address (SPA)
– Internetwork address of the sender.
• Target hardware address (THA)
– Media address of the intended receiver. In an ARP request this field is ignored. In an ARP reply this
field is used to indicate the address of the host that originated the ARP request.
• Target protocol address (TPA)
– Internetwork address of the intended receiver.

7
Example

• ARP Request from Argon:

Source hardware address: 00:a0:24:71:e4:44
Source protocol address: 128.143.137.144
Target hardware address: 00:00:00:00:00:00
Target protocol address: 128.143.137.1

• ARP Reply from Router137:

Source hardware address: 00:e0:f9:23:a8:20
Source protocol address: 128.143.137.1
Target hardware address: 00:a0:24:71:e4:44
Target protocol address: 128.143.137.144

8
ARP Cache

• Since sending an ARP request/reply for each IP datagram is

inefficient, hosts maintain a cache (ARP Cache) of current
entries. The entries expire after 20 minutes.

• Contents of the ARP Cache:

(128.143.71.37) at 00:10:4B:C5:D1:15 [ether] on eth0
(128.143.71.36) at 00:B0:D0:E1:17:D5 [ether] on eth0
(128.143.71.35) at 00:B0:D0:DE:70:E6 [ether] on eth0
(128.143.136.90) at 00:05:3C:06:27:35 [ether] on eth1
(128.143.71.34) at 00:B0:D0:E1:17:DB [ether] on eth0
(128.143.71.33) at 00:B0:D0:E1:17:DF [ether] on eth0

9
Things to know about ARP

• What happens if an ARP Request is made for a non-existing

host?
Several ARP requests are made with increasing time
intervals between requests. Eventually, ARP gives up.

• What if a host sends an ARP request for its own IP address?

The other machines respond (gratuitous ARP) as if it
was a normal ARP request.
This is useful for detecting if an IP address has already
been assigned.

10
ICMP Overview

• The Internet Control Message Protocol (ICMP) is a helper protocol that

supports IP with facility for
– Error reporting
– Simple queries

• ICMP messages are encapsulated as IP datagrams:

IP header ICMP message

IP payload
11
ICMP message format

bit # 0 7 8 15 16 23 24 31

type code checksum

additional information
or
0x00000000

4 byte header:
• Type (1 byte): type of ICMP message
• Code (1 byte): subtype of ICMP message
• Checksum (2 bytes): similar to IP header checksum.
Checksum is calculated over entire ICMP message
If there is no additional data, there are 4 bytes set to zero.
→ each ICMP messages is at least 8 bytes long
12
ICMP Query message

ICMP query:
• Request sent by host to a router or host
• Reply sent back to querying host

13
Example of a Query:
Echo Request and Reply

• Ping’s are handled directly by the kernel

• Each Ping is translated into an ICMP Echo Request
• The Ping’ed host responds with an ICMP Echo Reply

Host Host
or or
Router router

14
Example of a Query:
ICMP Timestamp
Timestamp
• A system (host or router) asks Request
another system for the current time.
Sender
• Time is measured in milliseconds Receiver

after midnight UTC (Universal Timestamp

Reply
Coordinated Time) of the current
day
• Sender sends a request, receiver
responds with reply
Type Code
Checksum
(= 17 or 18) (=0)
identifier sequence number

32-bit sender timestamp

32-bit receive timestamp

32-bit transmit timestamp

15
ICMP Error message

• ICMP error messages report error conditions

• Typically sent when a datagram is discarded
• Error message is often passed from ICMP to the
application program

16
ICMP Error message
ICMP Message

from IP datagram that triggered the error

IP header ICMP header IP header 8 bytes of payload

type code checksum

Unused (0x00000000)

• ICMP error messages include the complete IP header and

the first 8 bytes of the payload (typically: UDP, TCP)

17
Frequent ICMP Error message

Type Code Description

3 0–15 Destination Notification that an IP datagram could not be

unreachable forwarded and was dropped. The code field
contains an explanation.
5 0–3 Redirect Informs about an alternative route for the
datagram and should result in a routing table
update. The code field explains the reason for
the route change.
11 0, 1 Time Sent when the TTL field has reached zero
exceeded (Code 0) or when there is a timeout for the
reassembly of segments (Code 1)
12 0, 1 Parameter Sent when the IP header is invalid (Code 0) or
problem when an IP header option is missing (Code 1)

18
Some subtypes of the “Destination Unreachable”

Code Description Reason for Sending

0 Network No routing table entry is available for the destination
Unreachable network.
1 Host Destination host should be directly reachable, but
Unreachable does not respond to ARP Requests.
2 Protocol The protocol in the protocol field of the IP header is
Unreachable not supported at the destination.
3 Port The transport protocol at the destination host cannot
Unreachable pass the datagram to an application.
4 Fragmentation IP datagram must be fragmented, but the DF bit in the
Needed IP header is set.
and DF Bit Set

19