Chapter 23 -- an error reporting mechanism (ICMP)

(Latest Revision: Sat Mar 31 16:34:22 PDT 2007 )

Notes On Chapter Twenty-Three -- An Error Reporting Mechanism (ICMP)

23.1 Introduction
- ICMP is an error-reporting protocol integrated with IP.
- It was originally intended as a means to tell a sender why its packets failed to arrive at their destination.
- It is also exploited to gather information about an internet.
23.2 Best Effort Semantics And Error Detection
- When a checksum in an IP packet is bad, the router or host that receives the packet just discards the packet without attempting to forward the packet or send an error message to the sender.
- The reason is that both the source and target addresses are "suspect" if the checksum is bad.
23.3 Internet Control Message Protocol
- Page 357 of the fourth edition has a list of all the ICMP message types.
- Examples: Source Quench, Time Exceeded (for TTL expiry, or fragment reception expiry), Destination Unreachable (can't forward to host or to network), Redirect (host sent a datagram to the wrong router on the LAN), Echo Request/Reply, Address Mask Request/Reply (booting hosts gets the correct mask used on the local subnet. )
23.4 ICMP Message Transport
- ICMP datagrams are encapsulated in IP datagrams.
- Mostly, routers send ICMP messages "about" a problem with an IP packet back to the sender of that IP packet.
- An ICMP packet can be a reply to an ICMP request packet.
- The protocol does not allow sending an error message about an error message.
23.5 Using ICMP Messages TO Test Reachability
- Ping uses ICMP echo request/reply.
23.6 Using ICMP To Trace A Route
- Traceroute discovers addresses of routers by setting the TTL field and reading off the address of the router that sends back the "time exceeded" message.
- The first packet is sent with TTL==1, and the first router sends back "time exceeded" (unless it is the final destination).
- Problems: duplicate responses, lost datagrams, and changing routes.
23.7 The Last Address Printed by Traceroute
- The "time exceeded" trick does not work to get a reply from the final destination.
- Traceroute sends something that requires a response from the destination host: an ICMP echo request, or a UDP packet with a bogus port number.
- The destination host should respond with an echo reply or "destination unreachable" message.
23.8 Using ICMP For Path MTU Discovery
- Where routes are stable path MTU can be discovered by trial and error.
- Mark a large packet "do not fragment" and see if you get a ICMP "Datagram Conversion Error" packet back from a router, meaning that the packet needed to be fragmented but the router was not allowed to do it.
- Send smaller and smaller packets until you stop getting this error message back.
23.8 Summary