ICMP - MODULO 13 Flashcards
ICMPv4 and ICMPv6 Messages
(ICMPs), and the tools that are used to send them.
Although IP is only a best-effort protocol, the TCP/IP suite does provide for error messages
and informational messages when communicating with another IP device.
These messages are sent using the services of ICMP.
The purpose of these messages is to provide feedback about issues related to the
processing of IP packets under certain conditions, not to make IP reliable.
ICMP messages are not required and are often not allowed within a network for security
reasons.
ICMP is available for both IPv4 and IPv6.
ICMPv4 is the messaging protocol for IPv4.
ICMPv6 provides these same services for IPv6 but includes additional functionality.
In this course, the term ICMP will be used when referring to both ICMPv4 and ICMPv6.
The types of ICMP messages, and the reasons why they are sent, are extensive.
The ICMP messages common to both ICMPv4 and ICMPv6 and discussed in this module
include:
- Host reachability
- Destination or Service Unreachable
- Time exceeded
Host Reachability
An ICMP Echo Message can be used to test the reachability of a host on an IP network.
The local host sends an ICMP Echo Request to a host.
If the host is available, the destination host responds with an Echo Reply.
In the figure, click the Play button to see an animation of the ICMP Echo Request/Echo
Reply. This use of the ICMP Echo messages is the basis of the ping utility.
Destination or Service Unreachable
When a host or gateway receives a packet that it cannot deliver, it can use an ICMP
Destination Unreachable message to notify the source that the destination or service is
unreachable.
The message will include a code that indicates why the packet could not be delivered.
Some of the Destination Unreachable codes for ICMPv4 are as follows:
- 0 - Net unreachable
- 1 - Host unreachable
- 2 - Protocol unreachable
- 3 - Port unreachable
Some of the Destination Unreachable codes for ICMPv6 are as follows:
- 0 - No route to destination
- 1 - Communication with the destination is administratively prohibited (e.g., firewall)
- 2 – Beyond scope of the source address
- 3 - Address unreachable
- 4 - Port unreachable
Note: ICMPv6 has similar but slightly different codes for Destination Unreachable
messages.
Time Exceeded
An ICMPv4 Time Exceeded message is used by a router to indicate that a packet cannot
be forwarded because the Time to Live (TTL) field of the packet was decremented to 0.
If a router receives a packet and decrements the TTL field in the IPv4 packet to zero, it
discards the packet and sends a Time Exceeded message to the source host.
ICMPv6 also sends a Time Exceeded message if the router cannot forward an IPv6 packet
because the packet has expired.
Instead of the IPv4 TTL field, ICMPv6 uses the IPv6 Hop Limit field to determine if the
packet has expired.
Note: Time Exceeded messages are used by the traceroute tool.
ICMPv6 Messages
The informational and error messages found in ICMPv6 are very similar to the control and
error messages implemented by ICMPv4.
However, ICMPv6 has new features and improved functionality not found in ICMPv4.
ICMPv6 messages are encapsulated in IPv6.
ICMPv6 includes four new protocols as part of the Neighbor Discovery Protocol (ND or
NDP).
Messaging between an IPv6 router and an IPv6 device, including dynamic address
allocation are as follows:
- Router Solicitation (RS) message
- Router Advertisement (RA) message
Messaging between IPv6 devices, including duplicate address detection and address
resolution are as follows:
- Neighbor Solicitation (NS) message
- Neighbor Advertisement (NA) message
Note: ICMPv6 ND also includes the redirect message, which has a similar function to the
redirect message used in ICMPv4.
RA messages
RA messages are sent by IPv6-enabled routers every 200 seconds to provide addressing
information to IPv6-enabled hosts.
The RA message can include addressing information for the host such as the prefix, prefix
length, DNS address, and domain name.
A host using Stateless Address Autoconfiguration (SLAAC) will set its default gateway to
the link-local address of the router that sent the RA.
An IPv6-enabled router will also send out an RA message in response to an RS message.
In the figure, PC1 sends a RS message to determine how to receive its IPv6 address
information dynamically.
NOTES
If another device on the network has this address, it will respond with an NA message.
When a device is assigned a global IPv6 unicast or link-local unicast address, it may
perform duplicate address detection (DAD) to ensure that the IPv6 address is unique.
To check the uniqueness of an address, the device will send an NS message with its own
IPv6 address as the targeted IPv6 address, as shown in the figure.
This NA message will notify the sending device that the address is in use.
If a corresponding NA message is not returned within a certain amount of time, the unicast
address is unique and acceptable for use.
Note: DAD is not required, but RFC 4861 recommends that DAD is performed on unicast
addresses.
Address resolution is used when a device on the LAN knows the IPv6 unicast address of a
destination but does not know its Ethernet MAC address.
To determine the MAC address for the destination, the device will send an NS message to
the solicited node address.
The message will include the known (targeted) IPv6 address.
The device that has the targeted IPv6 address will respond with an NA message
containing its Ethernet MAC address.
In the figure, R1 sends a NS message to 2001:db8:acad:1::10 asking for its MAC address.
Ping - Test Connectivity
In the previous topic, you were introduced to the ping and traceroute (tracert) tools.
In this topic, you will learn about the situations in which each tool is used, and how to use
them.
Ping is an IPv4 and IPv6 testing utility that uses ICMP echo request and echo reply
messages to test connectivity between hosts.
To test connectivity to another host on a network, an echo request is sent to the host
address using the ping command.
If the host at the specified address receives the echo request, it responds with an echo
reply.
As each echo reply is received, ping provides feedback on the time between when the
request was sent and when the reply was received.
This can be a measure of network performance.
Ping has a timeout value for the reply.
If a reply is not received within the timeout, ping provides a message indicating that a
response was not received.
This may indicate that there is a problem, but could also indicate that security features
blocking ping messages have been enabled on the network.
It is common for the first ping to timeout if address resolution (ARP or ND) needs to be
performed before sending the ICMP Echo Request.
After all the requests are sent, the ping utility provides a summary that includes the
success rate and average round-trip time to the destination.
Type of connectivity tests performed with ping include the following:
* Pinging the local loopback
* Pinging the default gateway
* Pinging the remote host
Ping the Loopback
Ping can be used to test the internal configuration of IPv4 or IPv6 on the local host.
To perform this test, ping the local loopback address of 127.0.0.1 for IPv4 (::1 for IPv6).
A response from 127.0.0.1 for IPv4, or ::1 for IPv6, indicates that IP is properly installed on
the host.
This response comes from the network layer.
This response is not, however, an indication that the addresses, masks, or gateways are
properly configured.
Nor does it indicate anything about the status of the lower layer of the network stack.
This simply tests IP down through the network layer of IP.
An error message indicates that TCP/IP is not operational on the host.
Ping a Remote Host
Ping can also be used to test the ability of a local host to communicate across an
internetwork.
The local host can ping an operational IPv4 host of a remote network, as shown in the
figure.
The router uses its IP routing table to forward the packets.
If this ping is successful, the operation of a large piece of the internetwork can be verified.
A successful ping across the internetwork confirms communication on the local network,
the operation of the router serving as the default gateway, and the operation of all other
routers that might be in the path between the local network and the network of the remote
host.
Additionally, the functionality of the remote host can be verified.
f the remote host could not communicate outside of its local network, it would not have
responded.
Note: Many network administrators limit or prohibit the entry of ICMP messages into the
corporate network; therefore, the lack of a ping response could be due to security
restrictions.
