In daily development, we often meet with small requirements to check whether the network is smooth and the corresponding IP address of the domain name. At this time, the most used command should be ping command. Do you know how the ping command works? Today, we will understand the ping command and its corresponding ICMP protocol.
The ICMP protocol
ICMP Internet Control Message Protocol.
The network itself is unreliable. During the transmission of data packets, many emergencies may occur and result in data transmission failure. The IP protocol of the network layer is a connectionless protocol, which will not deal with the faults of the network layer. Therefore, we need other protocols to send back the fault information when the packet transmission fails, so as to deal with relevant problems accordingly.
Just like the ancient wars seen in the TV series, the scouts are needed to transmit the battle situation to better control the battle situation. ICMP packets act as “scouts” in the network world.
ICMP packets are encapsulated in IP packets. Because when you’re transmitting instructions, you need both the source address and the destination address. The format itself is very simple, as shown below:
ICMP packets have many types and different codes. The most commonly used types are active request (code 8) and reply to active request (code 0). It can be divided into query message type and error message type.
Querying the Packet Type
We often hear this phrase in TV series: Guys, how’s the fighting going? Have the scouts returned yet? Call me as soon as you get anything.
The situation that the commander initiates and proactively checks the enemy situation corresponds to the ICMP query message type. For example, the common ping command is an ICMP command that proactively requests and receives an ICMP reply. Therefore, the ping command also sends packets in ICMP format, but it adds its own format later.
Network packet capture is called an ICMP ECHO REQUEST for an active ping REQUEST. Similarly, ICMP ECHO REPLY is an ICMP ECHO REPLY. Instead of native ICMP, there are two more fields, one for identifier and the other for sequence number. This is not difficult to understand, the general sent two groups of scouts, one is to find who, the other is to spy on the situation, need a mark to distinguish.
Scouts, on the other hand, are numbered. If 10 soldiers are dispatched and 10 come back, the situation in front will be good. If ten go out and two come back, it could be a bad sign.
In the option data, ping also stores the value of the time the request was sent to calculate the round-trip time and indicate the length of the trip.
Error message type
Error packets are used to send information about the sent error packets to the source device so that the source device can determine which failed packets are better resending.
Or take our “big handsome” for example.
When the general manager is big account to see the map, thinking of the war, the outside of the soldiers suddenly shouted: commander, not good, General Zhang was ambushed, the whole army was destroyed.
This is initiated by an exception to report that something bad has happened, corresponding to an ICMP error message.
Error packets have the following common types:
- 3: The end is unreachable
- 4: Source suppression
- 5: redirection
- 11: timeout
In the first case, the destination is unreachable. Small soldier report, commander, general Zhang’s provisions have not been delivered.
Why didn’t it get there? This corresponds to the following code in ICMP.
- Network unreachable code: 0
- Host unreachable code: 1
- Protocol unreachable: 2
- Port unreachable: 3
- Sharding is required but not sharded: 4
The scenario looks something like this:
- Network unreachable: big shuai, can not find a place
- Host cannot reach: big handsome, find a place, did not find zhang general
- Agreement cannot reach: big handsome, find a place, also found a person, but password did not pair up.
- Port cannot reach: big handsome, find a place, found a person, also to top password, but the matter did not pair top. I went to bring supplies. They said they were waiting for help.
- Need to be sharded but not set sharding: master, walk to half, narrow mountain road, want to change nonsense, but before departure you ordered strictly prohibit to change the car, there is no way to deliver.
The second is source suppression. That is, let the source station to slow down the speed of transmission (small soldier: commander, the food sent too much to eat, you can slow down to send).
The third is time out. That is, more than the survival time of the network package or did not arrive at the destination (da Shuai, the people who sent the food have eaten up the food, not to the place, has starved to death).
The fourth is route redirection. That is, the next time to send another router (da Shuai, the last time the person who sent grain and grass had only to go to Dawang Village, one kilometer to arrive, the result must detour Zhangjiajie, more than five kilometers, remember to go to Dawang Village next time).
The structure of error messages is relatively complex. The first eight bytes of an ICMP packet remain the same, followed by the IP header of the offending IP packet and the first eight bytes of the IP body.
And such scouts are particularly conscientious, not only returning bits of information, but also bringing back parts of the relic.
- Scout: Commander, general Zhang has been killed in battle. Here is his seal and sword.
- How did General Zhang die (check the first 8 bytes of ICMP)? Yes, this is General Zhang’s sword (IP packet header and the first 8 bytes of the body).
Ping: Queries the usage of the packet type
Next, let’s focus on the sending and receiving of the ping command.
Assume that host A’s IP address is 192.168.1.1 and host B’s IP address is 192.168.1.2, both on the same subnet. So what happens when you run “ping 192.168.1.2” on host A?
- The source host constructs the ICMP request packet. This packet contains multiple fields. The two most important are the type field, which is 8 for the request packet. The other is the serial number, which is used to distinguish multiple packets sent during continuous ping. Each time a request packet is sent, the sequence number is automatically incremented by 1. In order to calculate the round trip time RTT, it inserts the sent time in the data portion of the packet.
- The IP layer builds IP packets. ICMP sends the packet together with the destination IP address to the IP layer. The IP layer constructs an IP packet with 192.168.1.2 as the destination address, the local IP address as the source address, and other control information.
- Add the MAC header. Find the MAC address for 192.168.1.2, attach some control information, and send it out according to Ethernet media access rules.
After receiving the data frame, host B performs the following steps:
- Check MAC addresses, discard or receive data frames, and extract IP packets. Check the destination MAC address of the packet and compare it with the local MAC address. If yes, the data frame is received, otherwise it is discarded. After receiving, check the data frame, extract the IP packet from the frame, and deliver it to the IP layer of the local machine.
- The IP layer checks IP addresses. After the check, extract useful information and submit it to ICMP.
- Build an ICMP reply packet. The type field of the reply packet is 0, and the sequence number is the sequence number in the received request packet.
- Send the reply packet to host A.
If the source host does not receive an ICMP reply packet within the specified period, the destination host is unreachable.
If an should package is received, the destination host is reachable. At this point, the source master detects the time delay. Is the current time minus the time when the packet was sent from the source host.
Of course, this is just the simplest case of the same LAN. If it crosses network segments, it also involves gateway forwarding and router forwarding.
The ping command uses the ECHO REQUEST and ECHO REPLY types of ICMP.
What about other types? Is it only received when an error is actually encountered? The answer is no. There is a Traceroute command that uses ICMP rules to deliberately create error scenarios.
Traceroute: indicates the use of error packet types
The Traceroute command has two common functions.
The first feature:
By setting a special TTL, you can track which router you pass on the way to your destination
Traceroute sends a UDP packet to a destination IP address.
When the TTL is set to 1, the packet’s MP is 1, it dies at the first “block” (usually a router or some other type of checkpoint), and returns an ICMP packet, a network error packet of type timeout.
The error packet tells us how long it took for the packet to get to the first level and the IP address of each level (some hosts don’t respond to ICMP, so they get all * requests).
How do you know if the UDP has reached the destination host? The Traceroute program sends a UDP packet to the destination host, but it selects an impossible value for the UDP port number (greater than 30,000). When the data packet reaches the destination host, an error message indicating that the port is unreachable is returned because the corresponding port number cannot be found. In this way, we know whether the UDP has reached the host.
Second function:
The MTU of the path is determined
Send groups and set the “No sharding” flag. The length of the first packet sent is exactly the same as the MTU on the exit. If there is a narrow checkpoint in the middle, it will be blocked and return ICMP network error packet with type “Sharding required but not sharded”. In this way, the packet length is reduced each time an ICMP “Do not fragment” error is received to determine the MTU in the entire path.
conclusion
- ICMP is the cyber world’s equivalent of a scout. There are two commonly used types: active probe query messages and error messages reporting exceptions.
- The ping command uses query packets, and the Traceroute command uses error packets.
Reference:
- Liu Chao – Interesting Talk about Network Protocol series;