OECG – Chapter 5 “IP Services” – ICMP


I’m going to start breaking these up a bit more, as generally the chapters are broken up into major groups, and doing 1 or 2 part posts for each chapter is just way too much information in a single post. Without further ado, the glories of Official Exam Certification Guide, Chapter 5.

  • ICMP – internet control message protocol, RFC 792. ICMP provides IP with a means of testing for problems and communicating issues to hosts. If you’ve used ping or traceroute, then you’ve used ICMP. The key element to ICMP is that it helps determine whether or not the network can deliver packets.
  • ICMP messages have type fields and codes. Think of the type field as a classification for what kind of ICMP message it is, and the code as a subclass. You can have several different codes within a type, in other words.
  • The most common types are as follows:unreachable – a router tells the sender that “I can’t deliver this packet.” The reasons/codes could be network unreachable (I don’t know how to get there), host unreachable (The packet got to the network, but the host doesn’t respond to ARP’s), can’t fragment (the packet’s too big for my MTU, but the DF bit is set, so I couldn’t break up the packet for delivery), protocol unreachable (the packet got to the host, but the layer 4 protocol wasn’t running), or port unreachable (the L4 was up, but there was no listener on the socket you requested).time exceeded – it has taken too long to deliver the packet, and so the packet was discarded. More specifically, we’re talking about the TTL field having been decremented to zero. Traceroutes use time-exceeded messages by first sending a packet with a TTL of 1. The router gets the packets, decrements the TTL to 0, and sends the time exceeded message back to the host. That’s the first hop you see on a traceroute. Then a second packet goes out with a TTL of 2, which will give you a time exceeded message from the second router, and so on until the last host is reached.source quench – a router telling the sender that he can’t forward the traffic that fast, so please slow down the send rate.redirect – “I’m not the best router to forward this packet. This other guy is better.”echo – used by ping to verify that a host is reachable. Thing sonar in a submarine. Pi-n-n-n-g! Codes are “echo request” and “echo reply”.

    address mask request/reply – discover the correct subnet mask to be used

    router advertisement and selection – used to allow hosts to discover the addresses of routers on the local subnet

By Ethan Banks

Ethan Banks is a podcaster and writer with a BSCS and 20+ years in enterprise IT. He's operated data centers with a special focus on infrastructure — especially networking. He's been a CNE, MCSE, CEH, CCNA, CCNP, CCSP, and CCIE R&S #20655. He's the co-founder of Packet Pushers Interactive, LLC where he creates content for humans in the hot aisle.