Internet Control Message Protocol:

When data is sent from its destination to a remote computer, it goes through different devices(routers,...). 

When these machines are unable to relay your data to its destination, they send special messages called (ICMP packets) with information telling the sender that there was a problem delivering the data.

ICMP packets contain a lot of information that could be used to diagnose network problems.
The ICMP packets come in different flavors, below the most used ones:

Echo Request and Echo Reply: The ping command sends data to a destination and asks the computer to return the same data as a response.

Source Quench: when a computer sends big amounts of data, the router can send an ICMP quench message to the source
asking for a slower sending pace.

Destination Unreachable: If a router receives data it can't deliver because of network issues, it returns an ICMP message with a "Destination Unreachable" message to the sender.

Time Exceeded: Each packet of data has a time to live (TTL) counter. Every time it passes through a router, the TTL counter gets decreased by one. When the TTL reaches 0, the packet (data) gets discarded.

This could be caused by the Packet passing through too many routers (until the TTL gets to 0 and the packet gets dropped) because of a faulty routing table which might cause the packet to go through an infinite loop around the same routers until it gets discarded.

Fragmentation Needed: When a router can't handle a large packet with the "Don't Fragment" flag activated, it informs the source with the ICMP message (Fragmentation Needed) to be able to split the data packet and forward it to the next router or to the destination. 
If the source is not informed, it might continue sending large data with the "Don't Fragment" flag activated which might unnecessarily overload the network.

Example 1 (data reaches its destination):



Example 2 (Data gets discarded - TTL=0):




Example 3 (Packet with "Don't fragnent" flag):




Example 4 (Packet without "Don't fragnent" flag):





Ping Example:


RTT (Round-trip time): Ping command displays information for the minimum, the average and the maximum RTT for all the packets sent (five in total in the above example).


TTL (Time To Live):  its a counter that decreases by one every time data goes through a router, when the TTL reaches 0, the data gets discarded and a message is sent to the source with information stating that the data couldn't reach its destination.

icmp_seq : number of the icmp_sequence (icmp data packet).

Example (Data couldn't be delivered):




The message "destination host unreachable" could be caused by problems in the detonation network, or because of some firewall rules that block ICMP traffic for security reason (not wanting to disclose the details of internal networks).

Path MTU:

MTU (Maximum Transmission Unit) determines the maximum packet size we can send without the need to be split it into smaller packets to accommodate the capacity of 
some routers on the destination path.

The splitting of packets (fragmentation) involves more overhead and also more time for the packets to arrive to their destination.
Having the right Path MTU size maximizes throughput and lowers the resources needed to move big messages around.

Path MTU Discovery:

Path MTU Discovery allows us to know the maximum transmission unit (MTU). 
We could use ICMP message with the "Don't Fragment (DF) flag" set (Example above) to get an idea about the ideal MTU for the network.

All the devices on the destination path with an MTU smaller than the sent packet size will drop the packet and send back an ICMP message that says: "Fragmentation needed". 
They will also send their MTU, so the source could adjust its MTU accordingly.

Traceroute and the "Don't fragment flag": 

Traceroute helps us trace the route from the source to the destination address of our data.






-F : indicates that the "Don't fragment" flag is set on the sent data.
2000 : is the size of the sent data.



Ping and the "Don't fragment flag": 

-t : indicates the number of packets to be sent out.




After allowing fragmentation (removing the -D parameter), the packets reach their destination as we see in the example below:




Tweaking the MTU:

We could use both Ping and Traceroute with the "Don't fragment flag" to tweak the MTU until we get the right size for the network.

Packets with large MTUs waste resources and packets with too small MTUs don't use the network to its full potential.
Brando Sabatini and Ikbal C ©. Powered by Blogger.