Network Administration Module 5 ICMP and IGMP

TCP/IP Protocol Structure Application Layer Transport Layer Internet Layer Link Layer

ICMP (Reference RFC 792) Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite ICMP is a protocol used for exchanging error or control messages between routers or hosts ICMP uses IP to deliver messages to the original source ICMP messages are usually generated and processed by the IP software, not the user process (i.e. it is not processed by software application) ICMP can only report error, congestion, or other network condition. It does nothing to enhance IP’s best effort delivery approach. Note: ICMP messages themselves are nothing more than specially formatted IP datagram, subject to the same conditions as other IP packets in the general network traffic.

Encapsulation of ICMP packet

ICMP Messages

General format of ICMP messages

Type of ICMP Messages ICMP Message Type Use or Significance ICMP Echo / Echo Reply Supports functionality for reachability utilities like PING and TRACEROUTE; essential when installing, configuring and troubleshooting IP networks ICMP Destination Unreachable Documents when routing or delivery errors prevents IP datagrams from reaching their destinations; code values are extremely important. ICMP Source Quench Permits a receiving host or intermediate gateway to instruct a sending host to adjust (lower) its sending rate to ease congestion problem ICMP Redirect Permits a gateway (router) on a non-optimal route between sender and receiver to redirect traffic to a more optimal path

Type of ICMP Messages ICMP Message Type Use or Significance ICMP router Discovery Permits hosts to request information about local routers, and routers to advertise their existence on an IP network ICMP Time Exceeded Indicates that an IP datagram’s TTL or a fragmented IP datagram’s reassembly timer, has expired; can indicate either a too-short TTL, or the presence of a router loop on a network (which must be removed) ICMP Parameter Problem Indicates some error occurred while processing the IP header of an incoming datagram, causing that datagram to be discarded; catchall for ambiguous or miscellaneous errors, it indicates further investigation is required

ICMP Functions ICMP provides a way to return information to sender, in the form of specific kind of ICMP messages, about route traveled (including reachability information) as packet get forwarded and a positive way to return error information to a sender when routing or reachability problem prevent delivery of an IP datagram.

Time-To-Live (TTL) Time-to-live (TTL) field of the IP Header is defined to be a timer limiting the lifetime of a datagram. It is an 8-bit field and the units are seconds. Each router that handles a packet MUST decrement the TTL by at least one, even if the elapsed time was much less than a second. Since this is very often the case (decrement for a second) the TTL is effectively a hop count limit on how far a datagram can propagate through the Internet.

ICMP Utilties ICMP’s most common uses are testing and troubleshooting. Two of the most well known utilities, ping and traceroute rely on ICMP to perform connectivity test and path discovery. Other tools e.g VisualRoute (http://www.visualroute.com) WinMTR (http://winmtr.sourceforge.net)

traceroute It prints the path a packet takes to reach its destination showing the names of all the intermediate routers Making use of the following ICMP messages Time exceeded Destination unreachable [root@CimLinuxServer ~]# traceroute www.cisco.com traceroute to www.cisco.com (198.133.219.25), 30 hops max, 38 byte packets 1 192.168.19.249 (192.168.19.249) 0.364 ms 0.279 ms 0.256 ms 2 fw17.vtc.edu.hk (192.168.16.176) 1.211 ms 1.172 ms 1.028 ms 3 cw7204.vtc.edu.hk (202.40.210.220) 1.819 ms 1.870 ms 2.380 ms 4 218.189.111.201 (218.189.111.201) 4.417 ms 4.738 ms 4.880 ms 5 210.0.247.6 (210.0.247.6) 5.706 ms 4.338 ms 5.259 ms 6 62.216.146.241 (62.216.146.241) 6.742 ms 5.772 ms 4.490 ms Note: You may use the “-c” option to specify the no. of ping packets. e.g. ping –c 4 172.21.2.30

traceroute (Linux / Unix) It determines the path by sending a series of UDP probe packets with TTL fields 1, 2, 3, … This causes each intermediate router on the path to send a Time Exceeded message back to the sender

Illustration: TTL=1

Illustration: TTL=2

Illustration: TTL=3

Illustration: TTL=4

tracert (Windows) Windows equivalent of traceroute Use ICMP echo requests and echo replies Send packets to port 7 instead of a high port

Illustration: TTL=4 (tracert)

ping A utility to check whether other machines are reachable It sends out a series of ICMP echo-request and then captures echo-reply messages It provides statistical information for network testing, measurement and management [root@CimLinuxServer ~]# ping www.yahoo.com PING www.yahoo-ht2.akadns.net (209.131.36.158) 56(84) bytes of data. 64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=0 ttl=55 time=162 ms 64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=1 ttl=55 time=156 ms 64 bytes from f1.www.vip.sp1.yahoo.com (209.131.36.158): icmp_seq=2 ttl=54 time=172 ms

Stop responding from ping You may use the following command to stop your machine from responding to ping from other machine [root]#echo 1 > /proc/sys/net/ipv4/echo_icmp_ignore_all Note: A ping of death (abbreviated "POD") is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. 

IGMP The Internet Group Message Protocol (IGMP) has been designed to help a multicast router identify the hosts in a LAN that are members of a multicast group IGMP has only 2 types of messages: report and query The report message is sent from the host to router The query message is sent from the router to the hosts

Unicast Unicast is the term used to describe communication where a piece of information is sent from one point to another point. In this case there is just one sender, and one receiver. Unicast transmission, in which a packet is sent from a single source to a specified destination, is still the predominant form of transmission on LANs and within the Internet. All LANs (e.g. Ethernet) and IP networks support the unicast transfer mode, and most users are familiar with the standard unicast applications (e.g. http, smtp, ftp and telnet) which employ the TCP transport protocol.

Broadcast Broadcast is the term used to describe communication where a piece of information is sent from one point to all other points. In this case there is just one sender, but the information is sent to all connected receivers. Broadcast transmission is supported on most LANs (e.g. Ethernet), and may be used to send the same message to all computers on the LAN (e.g. the address resolution protocol (arp) uses this to send an address resolution query to all computers on a LAN). Network layer protocols (such as IP) also support a form of broadcast which allows the same packet to be sent to every system in a logical network.

Multicast Multicast is the term used to describe communication where a piece of information is sent from one or more points to a set of other points. In this case there is may be one or more senders, and the information is distributed to a set of receivers (there may be no receivers, or any other number of receivers).

Multicast Multicasting is the networking technique of delivering the same packet simultaneously to a group of clients. IP multicast provides dynamic many-to-many connectivity between a set of senders (at least 1) and a group of receivers. The format of IP multicast packets is identical to that of unicast packets and is distinguished only by the use of a special class of destination address (class D IP address) which denotes a specific multicast group. Since TCP supports only the unicast mode, multicast applications must use the UDP transport protocol.

Operation of IGMP in a single network A Mrouter connected to a LAN has a list of multicast address of the groups for which there is at least one loyal member

Operation of IGMP in a single network (Cont) Joining a group Each host maintains a list of processes with membership in a group When a process want to join a group, it sends its request to the host, the host will add the name of the process and the name of the requested group to its list Then the host sends a IGMP report to the multicast router

Operation of IGMP in a single network (Cont) Monitoring group membership A multicast router is responsible for monitoring all of the hosts in a LAN to see if they want to continue their membership The router periodically sends a query message

Operation of IGMP in a single network (Cont) Continue membership The host keeps a list of processes that wish to continue membership in a group When a host receive a query, it checks this list For each group with at least one process still interested in continuing the membership, the host must send a report

Operation of IGMP in a single network (Cont) Leaving a group When a host receives a query and finds that there is not a process interested in that group anymore, it does not respond and does not send a report about that group If no host on the LAN sends a report for a specific group, the address of that group is deleted

Operation of IGMP in Internet

Operation of IGMP in Internet (Cont) Multicast routing in an Internet is accomplished by using the spanning tree algorithm The spanning tree algorithm is used in data structures to create a tree out of a group

RFC (Request for Comments) Request for Comments, a series of notes about the Internet, started in 1969. An Internet Document can be submitted to the IETF by anyone, but the IETF decides if the document becomes an RFC. Eventually, if it gains enough interest, it may evolve into an Internet standard. Each RFC is designated by an RFC number. Once published, an RFC never changes. Modifications to an original RFC are assigned a new RFC number. e.g. rfc792 – ICMP rfc2236 – IGMP rfc2612 – HTTP version 1.1 …