Error and Control Messages (ICMP) : by Z.A. Solangi
Error and Control Messages (ICMP) : by Z.A. Solangi
(ICMP)
By
Z.A. Solangi
Overview
2
Overview
4
Internet Control Message
Protocol (ICMP)
Example
Workstation 1 is sending a datagram to Workstation 6
Fa0/0 on Router C goes down
Router C then utilizes ICMP to send a message back to Workstation 1
indicating that the datagram could not be delivered.
ICMP does not correct the encountered network problem.
Router C knows only the source and destination IP addresses of the
datagram, does not know about the exact path the datagram took to
Router C, therefore, Router C can only notify Workstation 1 of the failure
ICMP reports on the status of the delivered packet only to the source
device.
6
Format of an
ICMP Message
Type Field
Type Name Type Name
---- ------------------------- ---- -------------------------
0 Echo Reply 17 Address Mask Request
1 Unassigned 18 Address Mask Reply
2 Unassigned 19 Reserved (for Security)
3 Destination Unreachable 20-29 Reserved (for Robustness Experiment)
4 Source Quench 30 Traceroute
5 Redirect 31 Datagram Conversion Error
32 Mobile Host Redirect
6 Alternate Host Address
33 IPv6 Where-Are-You
7 Unassigned
34 IPv6 I-Am-Here
8 Echo 35 Mobile Registration Request
9 Router Advertisement 36 Mobile Registration Reply
10 Router Solicitation 37 Domain Name Request
11 Time Exceeded 38 Domain Name Reply
12 Parameter Problem 39 SKIP
13 Timestamp 40 Photuris
14 Timestamp Reply 41-255 Reserved
15 Information Request
16 Information Reply
http://www.iana.org/assignments/icmp-parameters 7
Format of an
ICMP Message
Code Field
Many of these ICMP types have a "code"
Type 3: Destination Unreachable field.
Here are the assigned code fields for Type 3
Codes
Destination Unreachable.
0 Net Unreachable
1 Host Unreachable Codes 2 and 3 are created only by the
2 Protocol Unreachable Destination Host, all others are created only
3 Port Unreachable
by routers.
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is Administratively Prohibited
Network Unreachable
Generated by router lacking any route to destination
Host Unreachable
Last hop router cannot contact destination
Port Unreachable
No process bound to port
10
Unreachable
networks
Examples of problems:
Sending device may address the datagram to a non-existent IP
address
Destination device that is disconnected from its network.
Router’s connecting interface is down
Router does not have the information necessary to find the destination
network.
12
Destination unreachable
message
ICMP Destination Unreachable
Type = 3
13
ICMP Echo (Request) and Echo
Reply
14
Detecting excessively long
IP Header routes
0 15 16 31
4-bit 4-bit 8-bit Type Of
Version Header Service 16-bit Total Length (in bytes)
Length (TOS)
3-bit
16-bit Identification Flags 13-bit Fragment Offset
Data
+--------------------+-------+---------+---------+
| OS Version |"safe" | tcp_ttl | udp_ttl |
+--------------------+-------+---------+---------+
AIX n 60 30 Assigned Numbers (RFC
DEC Pathworks V5 n 30 30
1700, J. Reynolds, J.
FreeBSD 2.1R y 64 64
HP/UX 9.0x n 30 30 Postel, October 1994):
HP/UX 10.01 y 64 64
Irix 5.3 y 60 60
IP TIME TO LIVE
Irix 6.x y 60 60 PARAMETER
Linux y 64 64
MacOS/MacTCP 2.0.x y 60 60
The current
OS/2 TCP/IP 3.0 y 64 64 recommended default
OSF/1 V3.2A n 60 30 time to live (TTL)
Solaris 2.x y 255 255 for the Internet
SunOS 4.1.3/4.1.4 y 60 60
Protocol (IP) is 64.
Ultrix V4.1/V4.2A n 60 30
VMS/Multinet y 64 64
VMS/TCPware y 60 64
VMS/Wollongong 1.1.1.1 n 128 30 Safe: TCP and UDP
VMS/UCX (latest rel.) y 128 128 initial TTL values
MS WfW n 32 32
MS Windows 95 n 32 32
should be set to a
MS Windows NT 3.51 n 32 32 "safe" value of at
MS Windows NT 4.0 y 128 128 least 60 today.
16
IP Parameter
Problem
ICMP Parameter Problem
Type = 12
17
ICMP Control Messages
Introduction to ICMP Control
Messages
Unlike error messages, control messages are not the
results of lost packets or error conditions which occur
during packet transmission.
Instead, they are used to inform hosts of conditions such
as:
Network congestion
Existence of a better gateway to a remote network
19
ICMP Redirect 3
ICMP Redirect 2
Type = 5 Code = 0 to 3 1 2
4
21
Clock synchronization and transit
Replaced by
time estimation
ICMP Timestamp Request
Type = 13 or 14
22
Clock synchronization and transit
time estimation
Replaced by
ICMP Timestamp
Type = 13 or 14
All ICMP timestamp reply messages contain the originate, receive and
transmit timestamps.
Using these three timestamps, the host can estimate transit time across
the network by subtracting the originate time from the transit time.
It is only an estimate however, as true transit time can vary widely based
on traffic and congestion on the network.
The host that originated the timestamp request can also estimate the
local time on the remote computer.
While ICMP timestamp messages provide a simple way to estimate time
on a remote host and total network transit time, this is not the best way
to obtain this information.
Instead, more robust protocols such as Network Time Protocol (NTP) at
the upper layers of the TCP/IP protocol stack perform clock
synchronization in a more reliable manner.
23
Information requests and reply
message formats
ICMP Information Request/Reply
Type = 15 or 16
Replaced by
The ICMP information requests and reply
messages were originally intended to
allow a host to determine its network
parameters.
This particular ICMP message type is
considered obsolete.
Other protocols such as BOOTP and
Dynamic Host Configuration Protocol
(DHCP) are now used to allow hosts to
obtain their network numbers.
24
Address Masks
ICMP Address Mask Request/Reply
Type = 17 or 18
27
ICMP source-
quench
messages
ICMP Source Quench
Type = 4
Congestion can also occur for various reasons including when traffic from a
high speed LAN reaches a slower WAN connection.
Dropping of packets occur when there is too much congestion on a
network.
ICMP source-quench messages are used to reduce the amount of data lost.
The source-quench message asks senders to reduce the rate at which they
are transmitting packets.
In most cases, congestion will subside after a short period of time, and the
source will slowly increase the transmission rate as long as no other
source-quench messages are received.
Most Cisco routers do not send source-quench messages by default ,
because the source-quench message may itself add to the network
congestion.
28
ICMP source-
quench
messages
ICMP Source Quench
Type = 4
29
ICMP Path MTU Discovery
Path MTU
Discovery
Problem:
How path MTU discovery (PMTU-D) combined with filtering ICMP
messages can result in connectivity problems.
Path MTU discovery allows a node to dynamically discover and adjust
to differences in the MTU size of every link along a given data path.
In IPv4, the minimum link MTU size is 68 octets and the recommended
minimum is 576 octets, which is the minimum reassembly buffer size.
So, any IPv4 packet must be at least 68 octets in length.
(In IPv6, the minimum link MTU is 1280 octets, but the recommended MTU value for
IPv6 links is 1500 octets. The maximum packet size supported by the basic IPv6 header
is 64,000 octets. Larger packets called jumbograms could be handled using a hop-by-hop
extension header option.)
31
Path MTU Discovery - Terms
Path MTU : The smallest MTU of any link on the current path between two
hosts.
This may change over time since the route between two hosts, especially on
32
Terms
packets.
In some configuration, simpler firewalls will block all fragments because
they don't contain the header information for a higher layer protocol (eg.
TCP) needed for filtering.
33
Terms
3 4
DF (Don't Fragment) bit: This is a bit in the IP header that can be set to indicate
that the packet should not be fragmented by routers.
If the packet needs to be fragmented, an ICMP "can't fragment" error is
returned sent to the sender and the packet is dropped.
ICMP Can't Fragment Error:
This error is a type 3 (destination unreachable), code 4 (fragmentation needed
but don't-fragment bit set)
Returned by a router when it receives a packet that is too large for it to forward
and the DF bit is set.
The packet is dropped and the ICMP error is sent back to the origin host.
Normally, this tells the origin host that it needs to reduce the size of its packets
if it wants to get through.
Recent systems also include the MTU of the next hop in the ICMP message so
the source knows how big its packets can be.
Note that this error is only sent if the DF bit is set; otherwise, packets are just
fragmented and passed through.
34
Terms
35
Path MTU Discovery (PMTU-D)
36
PMTU-D
37
PMTU-D
38
The problem with ICMP filtering and
PMTU-D
Many network administrators usually decide to filter ICMP at a router
or firewall.
There are valid (and many invalid) reasons for doing this, however it
can cause problems.
ICMP is an integral part of the Internet and can not be filtered without
due consideration for the effects.
In this case, if the ICMP can't fragment errors can not get back to the
source host due to a filter, the host will never know that the packets it
is sending are too large.
This means it will keep trying to send the same large packet, and it will
keep on dropping--silently dropped
While a small handful of systems that implement PMTU-D also
implement a way to detect such situations, most don't and even for
those that do it has a negative impact on performance.
39
The Symptoms
41
The End
Engr. Z. A. Solangi 42