I have also serialized many articles on computer network. You can find them on my public account “Programmer Cxuan” or my Github

Systematic learning.

Computer network first, talk about network foundation: summary of basic knowledge of computer network

TCP/IP: A summary of TCP/IP fundamentals

You should also know: I’m the nicest guy in the park with the Internet protocol

Computer Networking 4, this article is a long time in the making, beautifully illustrated and well worth your time: 40 diagrams to help you understand TCP and UDP

Computer network chapter 5, the basic concept of the router at the network layer: Router

Computer network sixth, understand the concept of IP basic knowledge: SUMMARY of IP basic knowledge

Computer Network chapter 7, a comprehensive knowledge of the network layer: I drew 40 diagrams just to make you understand the computer network layer

Computer network eight, understand what the ARP protocol is: ARP, the hidden man behind the network

The ninth computer network, DNS protocol is often tested to the point of the interview, this take you in-depth understanding of the DNS protocol: ten thousand words long explosion liver DNS protocol!

We read about TCP/IP in an earlier article, and I wrote a sentence there

The link to the original article is below:

Summary of TCP/IP basic knowledge

Let’s get to know ICMP for real

What is the ICMP

ICMP stands for Internet Control Message Protocol. It is an Internet suite used to send Control messages over IP. That is, ICMP relies on THE IP protocol for sending messages. It is a major part of IP, but architecturally it sits above IP because ICMP packets are carried in IP packets in the same way that TCP and UDP packets are carried as IP payloads. This means that when a host receives an IP datagram that identifies the upper-layer protocol as ICMP, it will decompose the contents of the datagram to ICMP, just as it decomposed the contents of the datagram to TCP and UDP.

ICMP is different from TCP and UDP. It is used to send messages rather than transmit data. Because the IP protocol now has two versions: IPv4 and IPv6, ICMP also has two versions: ICMPv4 and ICMPv6.

Main functions of ICMP

There are two main functions of ICMP

  • The first function of ICMP is to check whether an IP packet can successfully reach the destination address. When two devices are connected over the Internet, if the IP packet sent from one device to the other does not arrive, ICMP packets are generated and sent to the device for sharing.
  • The second function of ICMP is to conductNetwork in the diagnosis ofThe two terminal programs that frequently use ICMP packets arepingtracerouteThe traceroute program is used to display possible paths between two Internet devices and measure the delay of packets over the IP network. Ping is a simplified version of Traceroute. We often use the ping command to test whether two devices are connected to each other. Ping is usually used to test the connection speed between two hosts and to accurately report the time it takes for a packet to reach its destination and return.

Now we know that if an IP packet fails to reach the destination host for some reason during IP communication, the specific reason will be notified by ICMP. The following is an ICMP notification diagram

Above, we only draw that router 2 sent an ICMP packet to host A without drawing the specific notification type. However, the actual situation is that the packet sent above is Destination unreachable, and ICMP also has different notification types. Below we summarize the specific notification types of ICMP packets.

The ICMP notification types shown in the preceding table are classified into two types: ICMP messages about IP packet transmission, which are also called error messages, and ICMP messages about information collection and configuration, which are also called query or information messages.

Information messages include echo request and reply (types 8 and 0), router announcement and router request (types 9 and 0). The most common error message types include target unreachable (type 3), redirect (type 5), and timeout (type 11).

ICMP encapsulation in IPv4 and IPv6

As we know, ICMP is carried inside IP, and IPv4 and IPv6 are encapsulated in different locations:

ICMP encapsulation in IPv4

ICMP encapsulation in IPv6

The two graphs above show the message formats of ICMPV4 and ICMPv6. The first four bytes are the same in all packets. But the rest is different in different messages.

The ICMP header contains the checksum of the entire ICMP data segment in the following format

All ICMP packets start with an 8-bit Type and Code field, followed by a 16-bit checksum covering the entire packet. ICMPv4 and ICMPv6 have different Type and Code fields.

ICMP main message

ICMP Target unreachable (Type 3)

As we know, when a router fails to send an IP packet to the Destination address, it will return an ICMP Message with Destination Unreachable Message to the sending host and display the specific reason of Unreachable Message in the Message.

Various unreachable information will be displayed during actual communication. For example, error code 1 indicates that the host is unreachable, which means that there is no host information in the routing table, or the host is not connected to the network. The causes of some ICMP unreachable messages are as follows

ICMP Redirection message (Type 5)

If the router finds that the sending host is using a suboptimal path to send data, it returns an ICMP Redirect Message to the host. This ICMP redirect message contains the most appropriate routing information and source data. This can happen if the router holds better routing information. The router uses this ICMP message to send a more appropriate route to the sending host.

Host The IP address of Host is 10.0.0.100. The host’s routing table has a default route entry pointing to router G1’s IP address 10.0.0.1 as the default gateway. Router G1 uses router G2’s IP address 10.0.0.2 as the next hop when forwarding packets to destination network X.

When a host sends a packet to the destination network X, the following happens

  1. Gateway G1 at IP address 10.0.0.1 receives packets from 10.0.0.100 on the network to which it is connected.

  2. Gateway G1 checks its routing table and obtains the IP address 10.0.0.2 of the next gateway G2 in the route to the packet destination network X.

  3. If the Host identified by the source address of G2 and IP packets is on the same network (that is, the Host Host), G1 sends an ICMP redirect message to the Host. The ICMP redirect message suggests that the Host directly send packets destined for network X to G2, because host-G2 is the shorter path to the destination.

  4. Gateway G1 forwards the raw packet to its destination.

Of course, depending on the Host’s configuration, the Host Host can also choose to ignore the ICMP redirection messages G1 sends it. However, you do not enjoy two major benefits of ICMP redirection, namely

  • Optimize the forwarding path of data in the network; Traffic gets to its destination faster
  • Reduce network resource utilization, such as bandwidth and router CPU load

If the Host uses the ICMP redirect path, the Host sends the packet directly to network X, as shown in the figure below

These advantages are visible in the network after the host creates a routing cache entry for network X with G2 as the next hop:

  • Bandwidth utilization of the link between switch and router G1 decreases in both directions
  • Because traffic from the host to network X no longer flows through this node, router G1’s CPU utilization is reduced
  • End-to-end network latency between host and network X is improved.

The following is an example of ICMP redirection

ICMP Timeout message (Type 11)

Among IP packets, there is a TTL(Time To Live), whose value decreases by 1 after each hop through the router. When the IP packet decreases To 0, it is discarded. In this case, the IP router will send an ICMP TIme Exceeded Message (error number 0) to the host to inform the host that the packet has been discarded.

The main purpose of setting the life cycle is to prevent IP packets from endlessly forwarding on the network when the router control encounters a problem and circulates, as shown below

A useful tool for tracking timeout messages is Traceroute, which shows how many routers the executing host has to pass through before reaching a particular host. Traceroute’s website is at www.traceroute.org

ICMP Echo messages (types 0 and 8)

ICMP echo messages are used to check whether hosts communicating with each other are connected, that is, to check whether the sent data packets can reach the destination host. You can send an ICMP Echo Request Message (type 8) to the peer host or receive an ICMP Echo Reply Message (type 0) from the peer host. The most common ping command on the network is implemented using this.

Other ICMP Messages

ICMP Origin Suppression message (Type 4)

In the case of low rate networks, network traffic may encounter network congestion, ICMP origin suppression is designed to deal with this situation. An ICMP Source Quench Message is sent to the Source address of the IP packet when a router sends data to a low-speed line and the remnant datagram of its transmit queue becomes zero. The host receiving this message knows that there is a congestion somewhere on the line and inhibits the sending of IP datagrams.

However, this ICMP message may cause unfair network traffic and is generally not used.

ICMP Router Exploration messages (types 9 and 10)

ICMP Router Discovery messages are mainly used for Router Discovery (RD). They are divided into two types: Router Solicitation (type 10) and Router Advertisement (type 9). The host sends an RS message on any network connected to the multicast route. It wants to select a router to learn the RS message as the default route, and the corresponding route sends an RA message as the default route in response.

ICMP Address mask messages (types 17 and 18)

It is used when the host or router wants to know the subnet mask. You can send an ICMP Address Mask Request message (type 17) and an ICMP Address Mask Reply message (ICMP Address Mask Reply, Type 18) Obtain subnet mask information.

ICMPv6

The role of ICMPv6

IPv4 supports ICMP only as a secondary function. This means that in the era of IPv4, normal IP packets can be sent and received without ICMP, namely IP communication. However, in IPv6, the role of ICMP is amplified. Without ICMP, normal IP communication cannot be carried out.

Especially in IPv6, the protocol for locating MAC addresses from IP is changed from ARP to ICMP Neighbor Discovery. The neighbor exploration message combines IPv4 ARP, ICMP redirection and ICMP routing. There is even an automatic IP setting function.

In IPv6, ICMP messages are divided into two types: error messages and information messages. 0-127 is an error message. 128-255 are informational messages.

The following message types are described in RFC 2463:

ICMPv6 has two additional features in addition to all the features of ICMPv4.

ICMPv6 neighbor exploration

Neighbor exploration is a very important feature of ICMPv6. Messages of the type 133-137 are called neighbor exploration messages. This neighbor exploration message plays an important role in IPv6 communication. Neighbor request messages are used to query the mapping between IPv6 addresses and MAC addresses. Neighbor request messages are transmitted using IPv6 multicast addresses.

In addition, because IPv6 implements plug and play function, it can automatically obtain IP address even without DHCP server. If the network has no router, the MAC address is used as the link-local unicast address. If you are on a router network, you can obtain the first part of the IPv6 address from the router and set the second part using the MAC address. You can use the router request message and router announcement message to set this up.

ICMPv6 multicast listen discovery protocol

The Multicast Listener Discovery Protocol (MLD) is managed by Multicast members within a subnet. The MLD protocol defines three ICMPv6 messages:

  • Multicast listening query message: A multicast router sends this message to a multicast receiver in a subnet to obtain the status of the multicast receiver.
  • Multicast receiver reports a message: A multicast receiver reports its current status, including leaving a multicast group, to the multicast router.
  • Multicast listener.

Icmp-related attacks

ICMP attacks are classified into three categories: flood, bomb, and information disclsure.

  • Flooding would generate so much traffic that it would result in an effective Dos attack on one or more computers.
  • Bomb refers to the sending of specially constructed packets that can cause IP or ICMP processing to fail or crash.
  • The leaks themselves are not harmful, but can aid other attacks.

ICMP attacks against TCP are documented in RFC5927.

In addition, add my becomecxuan on wechat to join the one question of the day group and one interview question of the day to share. For more content, please refer to my Github to become the bestJavaer. This article has been included, see the original link for details.

I have uploaded six PDFS by myself. After searching the public account of “Programmer Cxuan” on wechat, I reply to CXuan on the background and get all PDFS. These PDFS are as follows

Six PDF links