International Master on Communication Networks Engineering 2006/2007

Internet protocols: ICMP, ARP, DHCPClaudio Cicconetti <c.cicconetti@iet.unipi.it>

Table of Contents

ICMPARPProxy-ARPDHCP

ICMP

ICMP uses IP as if ICMP were a higher level protocol (that is, ICMP messages are encapsulated in IP datagrams). However, ICMP is an integral part of IP and must be implemented by every IP module.

Even though ICMP is used to report errors, this does not make IP reliable: datagramsmay still be undelivered without any report on their loss.

ICMP

ICMP cannot be used to report errors with ICMP messages. This avoids infinite repetitions. ICMP responses are sent in response to ICMP query messages.

For fragmented datagrams, ICMP messages are only sent about errors with the first fragment. That is, ICMP messages never refer to an IP datagram with a non-zero fragment offset field.

ICMP

ICMP messages are never sent in response to datagrams with a broadcast or a multicast destination address.

ICMP messages are never sent in response to a datagram that does not have a source IP address representing a unique host. That is, the source address cannot be zero, a loopback address, a broadcast address or a multicast address.

ICMP messages

The IP header has a Protocol number of 1 (ICMP) and a type of service of zero (routine).

The IP data field contains the ICMP message.

ICMP messages

Type specifies the type of the message:

0: Echo reply 3: Destination unreachable5: Redirect 8: Echo request11: Time exceeded 13: Timestamp request 14: Timestamp reply17: Address mask request18: Address mask reply30: Traceroute

ICMP messages

Code contains the error code for the datagram reported by this ICMP message.

Checksum contains the checksum for the ICMP message starting with the ICMP Type field.

ICMP Data contains information of the ICMP message. Typically, a portion of the original IP message for which the ICMP message was generated is included.

ICMP messages

Echo Request (8) is used to detect if another host is active on the network, it is used by the Ping command. The sender initializes the identifier, sequence number, and data field.

The datagram is then sent to the destination host. The recipient changes the type to Echo Reply (0) and returns the datagram to the sender.

ICMP messages

If the destination unreachable (3) message is received from an intermediate router, it means that the router regards the destination IP address as unreachable.

If this message is received from the destination host, it means that either the protocol specified in the protocol number field of the original datagram is not active or the specified port is inactive.

ICMP messages

The code field then contains one of the following:0: Network unreachable1: Host unreachable2: Protocol unreachable3: Port unreachable4: Fragmentation needed but DF bit set13: Communication administratively prohibited by filtering

ICMP messages

If a router implements the Path MTU Discovery protocol, the format of the destination unreachable message with code 4 is changed to as to include the MTU of the link that did not accept the datagram.

ICMP messages

If the redirect (5) message is received from an intermediate router, it means that the host should send future datagrams for the network to the router whose IP address is specified in the ICMP message.

This preferred router will always be on the same subnet as the host that sent the datagram and the router that returned the IP datagram.

ICMP messages

The code field has one of the following values:0: Network redirect 1: Host redirect 2: Network redirect for this type of service 3: Host redirect for this type of service

ICMP messages

If the time exceed (7) message is received from an intermediate router, the TTL (time to live) field of an IP datagram has expired.

If this message is received from the destination host, the IP fragment reassembly time to live timer has expired while the host is waiting for a fragment of the datagram.

ICMP messages

The code field will have the one of the following values:0: transit TTL exceeded 1: reassembly TTL exceeded

ICMP applications

Ping uses the ICMP Echo Request and Echo Reply messages to determine whether a host is reachable.

Traceroute sends IP datagrams with low TTL values so that they expire en route to a destination. It uses the resulting ICMP Time Exceeded messages to determine where in the Internet the datagrams expired and pieces together a view of the route to a host.

ICMP applications

Ping is, perhaps, the simplest of all TCP/IP applications. It uses the ICMP Echo and Echo Reply messages.

It sends IP datagrams to a specified destination host and measures the round trip time to receive a response.

Traditionally, if you can successfully ping a host, other applications such as Telnet or FTP can reach that host as well.

ICMP applications% ping -c 4 131.114.9.44PING 131.114.9.44 (131.114.9.44): 56 octets data64 octets from 131.114.9.44: icmp_seq=0 ttl=64 time=0.5 ms64 octets from 131.114.9.44: icmp_seq=1 ttl=64 time=0.4 ms64 octets from 131.114.9.44: icmp_seq=2 ttl=64 time=0.4 ms64 octets from 131.114.9.44: icmp_seq=3 ttl=64 time=0.4 ms

--- 131.114.9.44 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 0.4/0.4/0.5 ms

% ping -s 50000 -c 4 131.114.9.44PING 131.114.9.44 (131.114.9.44): 50000 octets data50008 octets from 131.114.9.44: icmp_seq=0 ttl=64 time=12.1 ms50008 octets from 131.114.9.44: icmp_seq=1 ttl=64 time=12.0 ms50008 octets from 131.114.9.44: icmp_seq=2 ttl=64 time=12.0 ms50008 octets from 131.114.9.44: icmp_seq=3 ttl=64 time=12.0 ms

--- 131.114.9.44 ping statistics ---4 packets transmitted, 4 packets received, 0% packet lossround-trip min/avg/max = 12.0/12.0/12.1 ms

ICMP applications

The Traceroute program is used to determine the route IP datagrams follow through the network. Traceroute is based upon ICMP and UDP.

It sends an IP datagram with a TTL of 1 to the destination host. The first router decrements the TTL to 0, discards the datagram and returns an ICMP time exceeded message to the source.

ICMP applications

In this way, the first router in the path is identified. This process is repeated with successively larger TTL values to identify the exact series of routers in the path to the destination host.

Traceroute sends UDP datagrams to the destination host, these datagrams reference a port number outside the standard range. When an ICMP port unreachable message is received, the source determines the destination host has been reached.

ICMP applications% traceroute -n www.yahoo.comtraceroute to www.yahoo.akadns.net (216.109.117.106), 30 hops max, 38 byte packets1 131.114.9.29 0.752 ms 0.534 ms 0.495 ms2 131.114.186.9 30.556 ms 26.992 ms 31.902 ms3 131.114.191.129 35.990 ms 30.880 ms 15.908 ms4 193.206.136.13 18.925 ms 17.997 ms 6.875 ms5 193.206.134.73 14.933 ms 14.014 ms 12.909 ms6 193.206.134.41 20.886 ms 28.928 ms 32.985 ms7 193.206.134.17 24.899 ms 26.006 ms 32.009 ms8 64.214.196.241 28.836 ms 19.891 ms 9.037 ms9 67.17.67.53 106.874 ms 109.010 ms 130.875 ms10 208.50.13.210 162.981 ms 208.51.74.182 152.840 ms 135.902 ms11 216.115.96.161 146.867 ms 216.115.96.167 132.982 ms 216.115.96.181 147.954 ms12 216.109.120.201 140.808 ms 216.109.120.142 151.984 ms 216.109.120.151 141.880 ms13 216.109.117.106 137.895 ms 130.874 ms 141.991 ms

% traceroute -n www.sssup.ittraceroute to portale.sssup.it (193.205.80.141), 30 hops max, 38 byte packets1 131.114.9.29 0.787 ms 0.466 ms 0.542 ms2 131.114.186.9 24.893 ms 22.934 ms 14.930 ms3 131.114.191.129 9.961 ms 7.826 ms 1.981 ms4 131.114.191.186 2.891 ms 2.973 ms 4.965 ms5 131.114.191.206 3.957 ms 4.974 ms 10.890 ms6 131.114.191.42 283.027 ms 411.901 ms *7 193.205.80.141 41.078 ms 38.824 ms 35.875 ms

ARP

The address resolution protocol is responsible for converting the higher level protocol addresses (IP addresses) to physical network addresses.

On a single physical network, individual hosts are known on the network by their physical hardware address.

ARP uses a lookup table, or cache, to perform this translation.

ARP

When the address is not found in the ARP cache, a broadcast is sent out on the network, with a special format called the ARP request.

If one of the machines on the network recognizes its own IP address in the request, it will send an ARP reply back to the requesting host. The reply will contain the physical hardware address of the host.

ARP

% ip neigh show131.114.9.61 dev eth1 lladdr 00:01:e6:8a:5d:a3 nud stale10.114.235.249 dev eth0 lladdr 00:0e:2e:52:5f:7d nud reachable10.114.235.51 dev eth0 lladdr 00:a1:b0:00:7e:a2 nud reachable131.114.9.9 dev eth1 lladdr 08:00:11:15:f0:fb nud stale10.114.235.48 dev eth0 lladdr 00:02:b3:8e:c1:4c nud stale10.114.235.32 dev eth0 lladdr 00:02:b3:8e:ba:e4 nud reachable131.114.9.44 dev eth1 lladdr 00:50:fc:85:bf:e0 nud reachable131.114.9.29 dev eth1 lladdr 00:00:24:c0:2f:38 nud reachable10.114.235.37 dev eth0 lladdr 00:0e:2e:32:ee:6f nud reachable10.114.235.135 dev eth0 lladdr 00:13:20:59:b8:c8 nud reachable

‘nud’ stands for neighbour unreachability detection

ARP

If an application wishes to send data to a certain IP destination address, the IP routing mechanism first determines the IP address of the next hop of the packet and the hardware device on which it should be sent.

% ip route show10.114.235.0/24 dev eth0 proto kernel scope link src 10.114.235.1 131.114.9.0/24 dev eth1 proto kernel scope link src 131.114.9.251 127.0.0.0/8 dev lo scope link default via 131.114.9.29 dev eth1 metric 1

‘eth’ stands for Ethernet device

ARP

The ARP module then tries to find the destination IP address in the ARP cache.

If it finds the matching pair, it gives the corresponding 48-bit physical address back to the caller, which transmits the packet.

If it doesn't find the pair in its table, it generates a network broadcast of an ARP request.

ARP

m

n

m

n

m

ARP

hw address type specifies the type of hardware (e.g., Ethernet).

proto address type specifies the type of protocol (e.g., IPv4).

hw address length specifies the length (in bytes) of the hardware addresses in this packet (e.g., Ethernet = 6).

proto address length specifies the length (in bytes) of the protocol addresses in this packet (e.g., IPv4 = 4).

ARP

operation code specifies the ARP type (request = 1, reply = 2).

sender/target hardware/proto address contains the hardware/protocol address of the sender/target.

For the ARP request packet, the target hardware address is the only undefined field in the packet.

ARP

When a host receives an ARP packet the receiving device driver passes the packet to the ARP module.

If the target protocol address is the protocol address of the physical interface on which the ARP request has been received, then an ARP reply is sent to the sender host through the same interface.

ARP

If any host on the network decodes an ARP reply, then it may use it to update its ARP cache with both the sender and the target hardware addresses, even though there are not IP datagrams buffered for those hosts.

Finally, if the IP address of a host is changed, then the host may send a gratuitous ARP message to force its neighbors to update their ARP caches.

Proxy-ARP

Proxy-ARP provides a means of setting up local subnets, without the need for a modification to the IP routing algorithm.

However, some modifications to the routers that interconnect the subnets are required.

Proxy-ARP

Consider one IP network that is divided into subnets and interconnected by routers.

We use the old IP routing algorithm, which means that no host knows about the existence of multiple physical networks.

Consider hosts A and B, which are on different physical networks within the same IP network, and a router R between the two subnetworks.

Proxy-ARP

Host AMACA, 192.168.1.66

Host BMACB, 192.168.1.130

Router RMACR0, 192.168.1.65

MACR1, 192.168.1.129

lan0: 192.168.1.64/26

lan1: 192.168.1.128/26

ARP request

Proxy-ARP

When host A wants to send an IP datagram to host B, it first has to determine the physical network address of host B through the use of the ARP protocol.

As host A cannot differentiate between the physical networks, its IP routing algorithm thinks that host B is on the local physical network and sends out a broadcast ARP request.

Host B doesn't receive this broadcast, but router R does!

Proxy-ARP

Router R understands subnets, that is, it runs the subnet version of the IP routing algorithm and it will be able to see that the destination of the ARP request (from the target protocol address field) is on another physical network.

If router R's routing tables specify that the next hop to that other network is through a different physical device, it will reply to the ARP as if it were host B, saying that the network address of host B is that of the router R itself.

Proxy-ARP

Host A receives this ARP reply, puts it in its cache, and will send future IP packets for host B to the router R.

The router will forward such packets to the correct subnet. The result is called transparent subnetting.

DHCP

DHCP provides a framework for passing configuration information to hosts on a TCP/IP network.

DHCP is based on the BOOTP protocol, adding the capability of automatic allocation of reusable network addresses and additional configuration options.

DHCP

DHCP consists of two components:– A protocol that delivers host-specific

configuration parameters from a DHCP server to a host.

– A mechanism for the allocation of temporary or permanent network addresses to hosts.

IP requires the setting of many parameters within the protocol implementation software, because it can be used on many dissimilar kinds of network hardware.

DHCP

DHCP supports 3 mechanisms for IP address allocation:–automatic allocation: DHCP assigns a

permanent IP address to the host.–dynamic allocation: DHCP assigns an IP

address for a limited period of time, such a network address is called a lease.

–manual allocation: the host's address is assigned by a network administrator.

DHCP0 4 8 16 24 31

code hw type length hops

seconds flags

client IP address

transaction ID

your IP address

server IP address

router IP address

client hardware address

server host name

boot file name

options

16 bytes

64 bytes

128 bytes

312 bytes

DHCP

code indicates a request or a reply (e.g., request = 1, reply = 2).

hw type it the type of hardware (e.g., Ethernet = 1).

length hardware address length in bytes (e.g., Ethernet = 6).

hops is incremented by a router that relays the request to another server and is used to identify loops. It is set by the client to 0.

transaction ID is a random number used to match this boot request with the response it generates.

DHCP

seconds is set by the client. It is the elapsed time in seconds since the client started its boot process.

flags: the most significant bit of the flags field is used as a broadcast flag. All other bits must be set to zero, and are reserved for future use.

Normally, DHCP servers attempt to deliver DHCP messages directly to a client using unicastdelivery. The destination address in the IP header is set to the DHCP your IP address and the MAC address is set to the DHCP client hardware address.

DHCP

If a host is unable to receive a unicast IP datagram until it knows its IP address, then this broadcast bit must be set to indicate to the server that the DHCP reply must be sent as an IP and MAC broadcast. Otherwise this bit must be set to zero.

client IP address is set by the client to either its known IP address, or 0.0.0.0.

your IP address is set by the server if the client IP address field was 0.0.0.0.

server IP address is set by the server.

DHCP

router IP address is the address of a DHCP relay agent, not a general IP router to be used by the client. It is set by the forwarding agent when DHCP forwarding is being used.

client hardware address is set by the client. DHCP defines a client identifier option that is used for client identification. If this option is not used the client is identified by its MAC address.

server host name is an optional server host name terminated with padding of 0 bytes.

DHCP

boot file name is either left empty by the client, or filled with a name indicating the type of boot file to be used.

options: the first four bytes of the options field of the DHCP message contain the magic cookie (99.130.83.99). The remainder of the options field consists of tagged parameters that are called options.

DHCP

There are four types of DHCP messages:– DHCPDISCOVER: broadcast by a client to

find available DHCP servers.– DHCPOFFER: response from a server to a

DHCPDISCOVER and offering IP address and other parameters.

– DHCPACK: acknowledgement from server to client with parameters, including IP address.

– DHCPNACK: negative acknowledgement from server to client, indicating that the client's lease has expired or that a requested IP address is incorrect.