ICMP stands for Internet Control Message Protocol. Its primary usage is in sending control or error messages to routers or hosts. In simpler words it is an error reporting mechanism. Any ICMP message travels under two levels of encapsulation. The first level of encapsulation exists in the fact that each message travels accross the internet in the data portion of an IP datagram. The second level of encapsulation is added because the IP datagram travels inside the data portion of a frame.
While sending messages, ICMP encapsulates them in IP packets, and sets the protocol's header field to 1. One important point to remember is that the function of ICMP is to report problems that have occured. It does not have the resposibility to correct the problems. The responsibility for error correction lies with the sender. It is also important to remember that ICMP cannot send messages to an intermediate machine, but only to end nodes. This is because the datagram consists of only the source and destination addresses, so it cannot remember the intermediate nodes that the datagram passed through.
ICMP messages have a specific format, which consists of the following fields:
- : this is used to identify the message type. The size of this field is 8 bits.
- Code : provides information or parameters of the message type. Size is again 8 bits.
- Checksum : it provides the checksum of the whole message. Size is 16 bits.ICMP performs many functions. The main ones are listed below:[list]
- Error reporting
- Reachability testing
- Congestion control
- Route change notification
- Performance measuring
- Subnet addressing
It is used to find out information about a network or a machine attached to a network. Conceptually ICMP is similar to User Datagram Protocol (UDP). Like UDP, it handles messages that fit in one datagram. But ICMP is a lot simpler than UDP. It does't have a port number specified in its header. This is because all ICMP messages are interpreted by the network software by itself, so there is no need to specify the port number explicitly. ICMP messages can also be used to find out the subnet mask in an internetwork.
ICMP messages have a specific meaning. The common ones are explained below:
- Echo reply means the network host is alive.
- Destination unreachable means the packet was not delivered due to some error.
- Source quench message is used when choke condition arises.
- Time exceeded is used when Time to Live (TTL) field hits the zero value mark.
- Timestamp and timestamp reply are used to test the delay in the network.
- Parameter problem is used to indicate an invalid header field.
The meaning is interpreted by the 'type' field in the message. Common values are:
- 0 : Echo reply
- 3 : Destination unreachable
- 4 : Source quench
- 5 : Redirect
- 8 : Echo request
- 11 : Time exceeded
- 12 : Parameter problem
- 13 : Timestamp request
- 14 : Timestamp reply
- 15 : Information request
- 16 : Information reply
- 17 : Address mask request
- 18 : Address mask reply
References :
Computer Networks by A S Tanenbaum
Computer Networks and the Internet by D E Comer
TCP/IP Illustrated Volume 1 by Stevens and Comer
This article was originally published by CyberArmy.net in the CyberArmy Library.
|
|