Make a little progress every day.

preface

In daily life or work, we use the ping command to check whether the network is smooth.

“Do you know how Ping works?” — Soul torture from Kobayashi

May have a small partner strange ask: “ALTHOUGH I do not understand its work, but PING I also use the thief 6 ah!”

You use 6, but you can’t stand 6 in front of the interviewer, because they like to ask questions.

Therefore, we should have a “know what, know why” attitude, so that you can avoid the interview process, out of the right situation.

Soul searching from the interviewer

It doesn’t matter if you don’t know. Today we’re going to figure it out. Eliminate the question mark, make the question mark less.


The body of the

IP protocol assistant – ICMP protocol

Ping is based on the ICMP protocol, so to understand the work of ping, we first to familiar with the ICMP protocol.

What is ICMP?

ICMP stands for Internet Control Message Protocol.

There is a key word in it — control. How?

In the complex network transmission environment, network packets often meet various problems. When it comes to problems, it is not the style of computer networks to be vague and clueless. So you need to get word out that something is wrong, so that you can adjust your transmission strategy and control the situation.

What are the ICMP functions?

ICMP checks whether AN IP packet is successfully sent to the destination address, reports the cause of IP packet discarding during sending, and improves network Settings.

In IP communication, if an IP packet fails to reach its destination address for any reason, the specific reason is notified by ICMP.

ICMP Destination unreachable message

For example, host A sends A packet to host B. For some reason, router 2 on the way fails to detect the existence of host B. In this case, router 2 sends an ICMP destination unreachable packet to host A, indicating that the packet sent to host B fails.

ICMP such notification messages are sent using IP.

Therefore, the ICMP packets returned from Router 2 pass through Router 1 and then are forwarded to host A according to the usual routing control. Host A, which receives the ICMP packet, decomposes the ICMP header and data field to find out the specific cause of the problem.

ICMP Packet header format

ICMP packets are encapsulated in IP packets. They work at the network layer and are assistants of THE IP protocol.

The ICMP message

ICMP packet header type fields are classified into two categories:

  • One is the diagnostic query message, which is the query message type.
  • The other type is the error message that informs the cause of the error, known as the “error message type”
Common ICMP type

Querying the Packet Type

Echo messages – types 0 and 8

Echo message A message used to check whether the packets sent by a host or router have reached the peer end. The ping command is used to implement this message.

ICMP Sends back messages

You can send an ICMP Echo Request Message (type 8) to the peer host or receive an ICMP Echo Reply Message (type 0) from the peer host.

ICMP Echo request and reply packets

There are two more fields than native ICMP:

  • identifier: Used to distinguish which application sends ICMP packets, such as using a processPIDAs an identifier;
  • The serial number: Serial number from0In the beginning, it is added each time a new echo request is sent1Can be used to confirm whether the network packet is lost.

In the option data, ping also stores the value of the time the request was sent to calculate the round-trip time and indicate the length of the trip.

Error message type

Next, several common ICMP error messages are illustrated:

  • Target unreachable message — of type3
  • Origin suppression message – type4
  • Redirect message – type5
  • Timeout message — type11

Destination Unreachable Message — type 3

When an IP router fails to send an IP packet to the destination ADDRESS, it returns an ICMP message indicating that the destination is unreachable to the sending host. In this message, the cause of unreachable is displayed. The cause is recorded in the code field of the ICMP packet header.

Based on the ICMP unreachable message, the sending host can know the cause of the unreachable message.

Examples of code for six common target unreachable types:

Common code number for a target unreachable type
  • The network unreachable code is0
  • The host unreachable code is1
  • The protocol unreachable code is2
  • The port unreachable code is3
  • Sharding is required but the non-sharding bit code is set to4

In order to make clear to everyone that the above goal is not up to the reason, Xiao Lin sacrifice himself to everyone to send 5 takeout.

Why delivery? Don’t ask, ask to prepare for 35 year old Lin…

Delivery man — Kobayashi
A. The network unreachable code is 0

Take-out version:

Xiao Lin’s first delivery, there are only A and B area two buildings in the community, but the address of the delivery is written in C area building, Xiao Lin said A lot of question marks on the head, there is no place at all.

Normal version:

IP addresses are divided into Network ids and host ids. Therefore, when the router table on the router fails to match the Network ID of the IP address of the receiver, the router notifies the host of the Network Unreachable cause through ICMP.

Since there is no longer a network classification, network unreachable is also gradually falling out of use.

B. The host unreachable code is 1

Take-out version:

When Xiao Lin delivered the food for the second time, there was a 5-story-high building in Area C in the community. He found the place, but the delivery address was room 601 in area C, indicating that he could not find the room.

Normal version:

When no information about the Host is displayed in the routing table or the Host is not connected to the network, the Host is notified of the cause of Host Unreachable through ICMP.

C. The protocol unreachable code is 2

Take-out version:

When Xiao Lin sends takeaway for the third time, this community has C area building, also has room 601, found a place, also found a room, but one opens the door somebody else is a foreigner to say is English, I say is Chinese! Language barrier, delivery failure ~

Normal version:

When the host uses TCP to access the peer host, the host can find the peer host, but the firewall of the peer host disables TCP access. In this case, the host is notified of the unreachable reason through ICMP.

D. The port unreachable code is 3

Take-out version:

When Xiao Lin delivered takeout for the fourth time, this time the community has C area building, also has room 601, found the place, also found the room, the people in the room also speak Chinese, but the other people said that he wanted is not takeout, but express…

Normal version:

When a host accesses port 8080 of the peer host, it can find the peer host this time and the firewall does not restrict it. However, if no process on the peer host listens to port 8080, the host is notified of the port unreachable reason through ICMP.

E. Fragmentation is required but the non-fragmentation bit code is set to 4

Take-out version:

Xiao Lin fifth time to send takeaways, this is a eat sow a blogger 100 takeaways, but eat sow a bo to beg for a one-time all takeaways to serve, xiao Lin’s a electric car can not fit ah, so there is no way to serve.

Normal version:

When the sending host sends AN IP packet, the fragment prohibition flag in the IP header is set to 1. According to this flag bit, a router on the way does not fragment packets that exceed the MTU size but directly discard them.

Then, an ICMP unreachable message, code 4, is sent to the sending host.

ICMP Source Quench Message — type 4

In the case of low speed wide area lines, routers connected to the WAN may experience network congestion.

ICMP origin suppression messages are intended to alleviate this congestion.

When a router sends data to a low-speed line and the cache of its sending queue becomes zero, it can send an ICMP origin suppression message to the source address of the IP packet.

The host receiving the message can know that there is congestion at a certain point in the entire line, thus increasing the transmission interval of IP packets and reducing network congestion.

However, this ICMP is generally not used because it may cause unfair network traffic.

ICMP Redirect Message — Type 5

If the router finds that the sending host is sending data over a “less-than-optimal” path, it will return an ICMP redirect message to the host.

This message contains the most appropriate routing information and source data. This mainly happens when the router holds better routing information. The router sends an ICMP message to the sender, asking it to send it to another router next time.

For example, Xiao Lin could have crossed the road to the place, but xiao Lin did not know, so he went around to get there, after xiao Lin knew, next time Xiao Lin would not be so stupid to go around again.

ICMP Time Exceeded Message – Type 11

An IP packet has a field called TTL (Time To Live), whose value decreases by 1 with each pass through the router until the packet is discarded when it reaches 0.

At this point, the IP router sends an ICMP timeout message to the sending host and notifies the sending host that the packet has been discarded.

The purpose of setting the IP packet lifetime is to prevent IP packets from being forwarded endlessly on the network when routing control problems occur.

ICMP Time out of message

In addition, you can sometimes use TTL to control the reach of a packet, for example by setting a small TTL value.


Ping: Queries the usage of the packet type

Next, let’s focus on the sending and receiving of pings.

Host A and host B in the same subnetwork, host A ping host B, let’s see what is sent between them.

Host A ping host B

When the ping command is executed, the source host first constructs an ICMP echo request message packet.

ICMP packets contain multiple fields, the most important of which are two:

  • The first is thetypeFor the return request message, the field is8;
  • The other is the serial number, which is used to distinguish multiple packets sent during continuous ping.

Each time a request packet is sent, the serial number is automatically incremented by 1. To be able to calculate the round-trip time RTT, it inserts the sending time in the data portion of the message.

ICMP echo request packet of host A

This packet is then delivered to the IP layer by ICMP along with the address 192.168.1.2. The IP layer takes 192.168.1.2 as the destination address, the local IP address as the source address, and the protocol field is set to 1 to indicate that it is ICMP. In addition, some other control information is added to construct an IP packet.

IP layer packet of host A

Next, you need to add the MAC header. If the MAC address of IP address 192.168.1.2 is found in the local ARP mapping table, you can use the MAC address directly. If no, send ARP to query the MAC address. After obtaining the MAC address, the data link layer constructs a data frame. The destination address is the MAC address transmitted from the IP layer, and the source address is the MAC address of the local host. Some control information is also attached and sent out according to Ethernet’s media access rules.

MAC layer packet of host A

Host B checks the destination MAC address of the frame and compares it with the local MAC address. If yes, host B receives the frame. Otherwise, host B discards the frame.

After receiving, check the data frame, extract the IP packet from the frame, and hand it to the IP layer of the local machine. Similarly, the IP layer checks and extracts useful information to the ICMP protocol.

Host B constructs an ICMP reply packet. The type field of the reply packet is 0 and the serial number is the serial number of the received request packet. Host B then sends the reply packet to host A.

ICMP response packet sent by host B

If the source host does not receive an ICMP reply packet within the specified period, the destination host is unreachable. If an ICMP echo response message is received, the destination host is reachable.

In this case, the source host checks and subtracts the time when the packet was originally sent from the source host from the current time, which is the time delay of the ICMP packet.

For the above purchase and send things, summed up as the following picture:

The event sent by host A during the ping of host B

Of course, this is only the simplest, the same local area network inside the situation. If it crosses network segments, it also involves gateway forwarding, router forwarding, and so on.

For ICMP headers, however, there is no effect. The next hop of the route is selected according to the destination IP address, and the MAC address in the MAC header needs to be changed every time a router reaches a new LAN.

Ping uses ICMP ECHO REQUEST (type 8) and ECHO REPLY (type 0).

Traceroute — Use of error message types

One application that makes full use of the ICMP error message type is called Traceroute (in UNIX, MacOS, the equivalent is tracert in Windows).

1. Traceroute functions 1

The first function of traceroute is to deliberately set a special TTL to track the routers you pass along the way to your destination.

The traceroute argument points to a destination IP address:

Traceroute 192.168.1.100

Copy the code

How does this function work?

It is a method to force ICMP timeout messages to be received by sending UDP packets with the lifetime of IP packets increasing from 1.

For example, if the TTL is set to 1, the router sacrifices the first router and then returns an ICMP error packet. The type of network packet is timeout.

The TTL is then set to 2, the first router passes, the second router dies, and ICMP error packets are returned, and so on until they reach the destination host.

In this way, Traceroute can get all the router IP addresses.

Of course, some routers do not return ICMP at all, so for some public addresses, the route through the middle is not seen.

How does the sender know whether the outgoing UDP packet reaches the destination host?

When sending UDP packets, Traceroute fills in an impossible port number as the UDP target port number (greater than 3000). After receiving a UDP packet, the destination host returns an ICMP error message whose type is Port Unreachable.

Therefore, if the error packet type is port unreachable, the UDP packet sent by the sender reaches the destination host.

2. Traceroute functions 2

Another function of traceroute is to deliberately set up unsharding to determine the MTU of the path.

What’s the point?

This is done for path MTU discovery.

Sometimes we do not know the MTU size of the router. The MTU value of the Ethernet data link is usually 1500 bytes, but the MTU value of the non-external network is different. Therefore, we need to know the MTU size to control the packet size.

MTU Path Discovery (UDP)

Here’s how it works:

First, when the sending host sends IP packets, the fragment prohibition flag bit in the IP packet header is set to 1. According to this flag bit, en route routers do not fragment large packets, but discard them.

Then, an ICMP unreachable message is sent to the sending host together with the MTU value of the data link. The unreachable message type is Fragmentation required but the non-fragmentation bit is set.

Each time the sending host receives an ICMP error packet, it reduces the packet size to locate an appropriate MTU value so that it can reach the target host.


Shoulders of giants

[1] Takeshita Takashi. Illustration of TCP/IP. Posts and Telecommunications Press.

[2] Liu Chao. Interesting Discussion on network protocol. Geek time.


chatter

Kobayashi is a tool man for you. Goodbye, see you next time!


Readers question and answer

The reader asked, “I have A question: why did B automatically send A return receipt of 0 to A when A’s ICMP was sent to B? Is that the underlying design of an operating system?”

When you say “return receipt 0”, do you mean ICMP type 0? If yes, B receives an ICMP echo request (type 8) packet from A, and the protocol stack of host B finds an ICMP echo request packet. Then, the protocol stack assembles an IMCP reply (type 0) to A.