CS Notes

This site uses Just the Docs, a documentation theme for Jekyll.

Search

ICMP

ICMP (Internet Control Message Protocol) is used for IP routers to send messages to other routers in order to provide feedback about a network, for example to report a processing error.

Table of contents

  1. Introduction
  2. ICMP format
    1. Destination unreachable message
    2. Timestamp or Timestamp reply message
  3. References

Introduction

An ICMP message is sent in an IP packet, with the Protocol field set to 1 (for ICMP) [1, P. 465].

You can see a list of the main message types sent by ICMP:

Message type Description
Destination unreachable Packet could not be delivered.
Time exceeded Time to live field hit 0.
Parameter problem Invalid header field.
Source quench Choke packet.
Redirect Teach a router about geography.
Echo and echo reply Check if a machine is alive.
Timestamp request/reply Same as Echo, but with timestamp.
Router advertisement/solicitation Find a nearby router.
Information request/reply Find number of network.

The Destination unreachable message is used when the router is unable to locate the destination. It is also used when a packet that has the DF (Do not Fragment) bit set must be fragmented to pass through a network [1, P. 465].

Time Exceeded is sent when a packet is dropped after its TTL field has reached 0. Time Exceeded is used by traceroute, which finds the routers along a path by sending a sequence of packets with their TTL starting at 1 and incrementing until the message reaches its destination [1, P. 466].

Parameter problem is sent when an illegal value is detected in a header field [1, P. 466].

Echo and Echo reply messages are sent to see if a host is currently reachable. ping uses these messages to check if a host is reachable [1, P. 466].

The Redirect message is used when a router detects that a packet has been routed incorrectly [1, P. 466].

The Router advertisement and Router solicitation messages are used to let a host find nearby neighbors [1, P. 467].

ICMP format

The format of an ICMP message depends on the message type. This is always set in the first octet of the data (the Type field). The Type value determines the rest of the data that’s included.

Destination unreachable message 

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |     Code      |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |                             unused                            |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |      Internet header + 64 bits of original data datagram      |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[2, P. 4]

Type is 3 (for the Destination unreachable type).

Code can be one of:

  • 0: net unreachable.
  • 1: host unreachable.
  • 2: protocol unreachable.
  • 3: port unreachable.
  • 4: fragmentation needed and DF bit set.
  • 5: source route failed.

Checksum is the one’s complement of the one’s complement sum of the ICMP message.

unused is reserved for future extensions.

[2, P. 4]

Timestamp or Timestamp reply message 

    0                   1                   2                   3
    0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Type      |      Code     |          Checksum             |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |           Identifier          |        Sequence Number        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Originate Timestamp                                       |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Receive Timestamp                                         |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
   |     Transmit Timestamp                                        |
   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+

[2, P. 16]

Type is either 13 for Timestamp message, or 14 for Timestamp reply message.

Code is 0.

Checksum is the one’s complement of the one’s complement sum of the ICMP message.

Identifier is an identifier to help match Timestamp messages with Timestamp reply messages. May be 0.

Sequence Number is an identifier to help match Timestamp messages with Timestamp replies. May be 0.

All time values are the time in milliseconds since midnight UTC.

The Originate Timestamp field is the time the sender touched the message before sending it.

The Receive Timestamp field is the time the recipient first touched the message on receipt.

The Transmit Timestamp field is the time the recipient last touched the message before sending it.

[2, P. 16]

You can see a full list of the headers in the ICMP RFC.

References

  1. [1] A. Tanenbaum and D. Wetherall, Computer Networks, 5th ed. 2011.
  2. [2] “Internet Control Message Protocol,” no. 792. RFC Editor, Sep-1981.