I heard that you use 6 for ping? Then give me a diagram of how ping works

Directory

foreword

text

1. The assistant of IP protocol – ICMP protocol

2. Query message type

3. Error message type

4. ping–query the use of message types

5. traceroute – use of error message type

Preface

In daily life or work, we use the ping command the most to judge whether the network is smooth with the other party.

“So do you know how ping works?“

Some friends may ask strangely: “Although I don’t understand its work, I also use Thief 6 for ping!”

You use 6, but you can’t get up to 6 if you are in front of the interviewer. After all, they also like to ask questions.

Therefore, we must have the attitude of “Knowing what it is, knowing why it is“, so that we can avoid the situation of turning right when going out during the interview.

Those who don’t know don’t need to worry about it. Today we will fix it and understand it. Eliminate the question mark this time, Let the question mark be less.

text

1. Assistant of IP protocol – ICMP protocol

Ping works based on the ICMP protocol, so to understand the work of ping, first of all, let’s get familiar with the ICMP protocol.

What are ICMPs?

The full name of ICMP is Internet Control Message Protocol, that is, Internet Control Message Protocol.

There is a keyword in it – control, how to control it?

Network packets often encounter various problems in a complex network transmission environment. When encountering a problem, you can’t be ignorant, and the style of mindlessness is not the style of computer network. So it is necessary to spread the news and report what problems have been encountered, so that the transmission strategy can be adjusted to control the whole situation.

What are the ICMP functions?

ICMP The main functions include: Confirm whether the IP packet is successfully delivered to the destination address, report the reason why the IP packet is discarded during the sending process, and improve network settings, etc.

In IP communications if a IP packet fails to reach its destination address for any reason, the specific The reason for will be notified by ICMP.

As shown in the above example, the host A sent a data packet to the host B, for some reason, the router on the way 2 failed to discover the existence of host B, at this time, router 2 code> will send an ICMP destination unreachable packet to the host A, indicating that it is sent to the host B failed.


This ICMP notification message is sent using IP .
Therefore, ICMP packets returned from router 2 will pass through router 1 and then forwarded to Host A.
The host A that received the ICMP packet decomposes the ICMP header and data field to know the specific cause of the problem.

ICMP header format

ICMP messages are encapsulated in IP packets, which work at the network layer and are the assistant of the IP protocol.

  
   ICMP message

  
The Type field of the ICMP header can be roughly divided into two categories:


One is query messages for diagnosis, that is, "Query message type"


The other is the error message that informs the cause of the error, that is, "Error message type"



  
   Common ICMP Types

  
2. Query message type

Echo messages - types 0 and 8

Echo message is a message used between communicating hosts or routers to determine whether the sent data packet has successfully reached the peer end, ping  command is implemented using this message.

  
   ICMP echo message

  
Can send Echo Request message (ICMP Echo Request Message, type 8< /strong>), or receive the Echo Reply message from the peer host (ICMP Echo Reply Message, type 0).


  
   ICMP Echo Request and Echo Reply Messages

  
Compared with the original ICMP, there are two more fields here:


Identifier: used to distinguish which application program sends ICMP packets, such as using the process PID as the identifier;


Serial number: The serial number starts from 0, and will add 1 every time a new echo request is sent , can be used to confirm whether the network packet is lost.


In option data, ping will also store the time value of sending the request to calculate the round-trip time and explain the length of the journey.
3. Error message type
Next, some examples of commonly used ICMP error messages are described:


Destination unreachable message - of type 3


Origin Suppression Message - Type 4


Redirect message - type 5


Timeout message - type 11



Destination Unreachable Message - type 3

When the IP router fails to send the IP data packet to the destination address, it will return an ICMP message of Destination Unreachable to the sending host, and display the specific reason for the unreachability in this message, which is recorded in ICMP The Code field of the header.
Therefore, according to the specific ICMP unreachable message, the sending host can also know the specific reason for the unreachable transmission.
Examples of 6 common types of unreachable codes:

  
   Common code numbers for target unreachable types

  


Network unreachable code is 0



Host unreachable code is 1


Protocol unreachable code is 2


Port unreachable code is 3


Fragmentation is required but the non-fragmentation bit is set to 4


In order to explain to everyone why the above goal is unreachable, Xiao Lin sacrificed himself to deliver 5 takeaways to everyone. 
Why do you want to deliver food? Don't ask, just ask to prepare for 35 old Lin...

  
   Delivery guy -- Kobayashi

  
a. Network unreachable code is 0
Takeaway version:
When Xiaolin delivered food for the first time, there were only two buildings in District A and District B in the community, but the food delivery address was written as a building in District C. Xiaolin said that there were many question marks on his head, and there was no such place at all.
Normal version:
The IP address is divided into a network number and a host number, so when the router table in the router cannot match the network number of the receiver's IP, it will pass the ICMP protocol as Network unreachable (Network Unreachable) to inform the host.
Since there is no longer a network classification, network unreachable has also gradually fallen out of use.
b. Host unreachable code is 1
Takeaway version:
When Kobayashi delivered food for the second time, this time there was a 5-storey Building C in the community, and he found a place, but the delivery address was written as Room 601, Building C, indicating that he could not find this room.
Normal version:
When there is no information about the host in the routing table, or the host is not connected to the network, the Host Unreachable (Host Unreachable >) to inform the host of the reason.
c. Protocol unreachable code is 2
Takeaway version:
When Kobayashi delivered food for the third time, this time the community had Building C and Room 601. I found the place and the room, but when I opened the door, it was a foreigner who spoke English, and I spoke Chinese! Language barrier, takeaway delivery failed~
Normal version:
When the host uses the TCP protocol to access the peer host, the peer host can be found, but the firewall of the peer host has prohibited TCP protocol access, then the host will be notified by the ICMP protocol with the reason of protocol unreachable .
d. Port unreachable code is 3
Takeaway version:
When Xiaolin delivered food for the fourth time, this time there was a building in Block C and room 601 in the community. I found the place and the room, and the people in the room also spoke Chinese, but people said that what he wanted was not food. But express. . .
Normal version:
When the host accesses the port 8080 of the peer host, the peer host can be found this time, and the firewall has no restrictions, but it is found that the peer host has no process listening to port 8080, then it will use the ICMP protocol as The port is unreachable Inform the host of the reason.
e. Fragmentation is required but the non-fragmentation bit code is set to 4
Takeaway version:
When Xiaolin delivered food for the fifth time, this time it was a food blogger who ordered 100 takeaways, but the food blogger asked to deliver all the food at one time, and Xiaolin’s electric car couldn’t fit, so there was no way to deliver up.
Normal version:
When the sending host sends an IP datagram, set the Fragmentation Prohibition Flag in the IP header to 1. According to this flag bit, when the router on the way encounters a data packet exceeding the size of the MTU, it will not fragment it, but discard it directly.
Then, the sender host is notified through an ICMP unreachable message type, code 4 message.

ICMP Source Quench Message - Type 4

Routers connected to the WAN may experience network congestion when using low-speed wide-area lines.
The purpose of ICMP origin suppression messages is to alleviate this congestion.
When a router sends data to a low-speed line, and its buffer in the send queue becomes zero and cannot be sent out, it can send an ICMP Origin Suppression message to the source address of the IP packet.
The host receiving this message knows that there is congestion somewhere in the entire line, thereby increasing the transmission interval of IP packets and reducing network congestion.
However, since this ICMP may cause unfair network traffic, it is generally not used.

Redirect message (ICMP Redirect Message) - type 5


If the router finds that the sending host is using a "suboptimal" path to send data, it will return an ICMP Redirect message to the host.
This message contains most suitable routing information and source data. This mostly happens when routers hold better routing information. The router will inform the sender through such an ICMP message, so that it will be sent to another router next time.
For example, Kobayashi could have crossed a road to get there, but Kobayashi didn't know, so he walked around to get there. After Kobayashi knew about it later, Kobayashi would not be so stupid next time. Circled.

ICMP Time Exceeded Message - Type 11

There is a field in the IP packet called TTL (Time To Live, lifetime), its  The value will decrease by 1 each time it passes through the router, until it reaches 0, the IP packet will be discarded. 
At this time, the IP router will send an ICMP timeout message to the sending host, and notify that the packet has been discarded.
The main purpose of setting the life cycle of IP packets is to prevent IP packets from being forwarded endlessly on the network when routing control encounters a problem and a loop occurs.

  
   ICMP time exceeded message

  
In addition, TTL can sometimes be used to control the reach of packets, such as setting a smaller TTL value.
4. ping - use of query message types
Next, let's focus on the sending and receiving process of ping .
Host A and host B under the same subnet, after host A executes ping host B, let's see what is sent during it?

  
   Host A pings Host B

  
When the ping command is executed, the source host first constructs an ICMP Echo Request message packet.
ICMP packets contain several fields, the most important being two:


The first is Type, which is 8 for Echo Request messages;


The other one is the serial number, which is mainly used to distinguish multiple data packets sent during continuous ping.


Each time a request packet is sent, the serial number will automatically add 1. In order to be able to calculate the round trip time RTT, it inserts the sending time in the data part of the message.

  
   Host A's ICMP Echo Request message

  
Then, the ICMP protocol hands this data packet to the IP layer together with the address 192.168.1.2. The IP layer will use 192.168.1.2 as the destination address, the local IP address as the source address, and the protocol field is set to  1 means ICMP protocol, add some other control information to build a IP< /strong> packets.


  
   IP layer packet of host A

  
Next, the MAC header needs to be included. If you find the MAC address corresponding to the IP address 192.168.1.2 in the local ARP mapping table, you can use it directly; if not, you need to send the ARP protocol to query the MAC address After obtaining the MAC address, a data frame is constructed by the data link layer, the destination address is the MAC address transmitted from the IP layer, and the source address is the MAC address of the machine; some control information is also added, according to the medium of the Ethernet access rules, and pass them on.

  
   Host A's MAC layer packet

  
After the host B  receives the data frame, it first checks its destination MAC address and compares it with the local MAC address. If it matches, it accepts it, otherwise it discards it.
Check the data frame after receiving it, extract the IP data packet from the frame, and hand it over to the IP layer of the machine. Similarly, after the IP layer checks, the useful information is extracted and handed over to the ICMP protocol.
Host B will construct an ICMP Echo Response packet, and the Type field of the Echo Response packet is  >0, sequence number is the sequence number in the received request packet, and then sent to host A.

  
   ICMP Echo Response from Host B

  
Within the specified time, if the source host does not receive an ICMP response packet, it means that the target host is unreachable; if it receives an ICMP echo response message, it means that the target host is reachable.
At this time, the source host will check, and subtract the time when the data packet is originally sent from the source host from the current time, which is the time delay of the ICMP data packet.
What happened above can be summarized as follows:

  
   What host A sends when it pings host B

  
Of course, this is only the simplest situation in the same LAN. If it crosses the network segment, it will also involve the forwarding of the gateway, the forwarding of the router, and so on.
But for the ICMP header, it has no effect. It will affect the selection of the next hop of the route based on the destination IP address, and the need to change the MAC address in the MAC header every time it passes through a router to reach a new LAN.
Having said so much, it can be seen that the ping program uses ECHO REQUEST (type 8) and ECHO REPLY (type 0) in ICMP.
5. traceroute - use of error message type
There is an application that takes full advantage of the ICMP Error message type called traceroute (this is the command in UNIX, MacOS, and the equivalent in Windows The command is called tracert).
1. The role of traceroute
The first function of traceroute is to deliberately set a special TTL to trace the routers along the way to the destination. 
The parameters of traceroute point to a destination IP address:
traceroute 192.168.1.100


How does this feature work?

Its principle is to use the lifetime of IP packets to send UDP packets while increasing in order from 1, A way to force the reception of ICMP timeout messages.
For example, if TTL is set to 1, then the first router encountered will be sacrificed, and then return ICMP error message network packet, the type is Timeout .
Next, set the TTL to 2, the first router passed, and the second router also sacrificed, and agreed to return the ICMP error message packet, And so on, until reaching the destination host.
In this process, traceroute can get all router IPs.
Of course, some routers will not return this ICMP at all, so for some public network addresses, the intermediate routes cannot be seen.

How does the sender know whether the UDP packet sent has reached the destination host?

When traceroute sends a UDP packet, it will fill in a impossible port number value as the UDP destination port number (greater than 3000 ). When the destination host receives the UDP packet, it will return an ICMP error message, but the type of the error message is "port unreachable".
Therefore, When the error message type is port unreachable, it means that the UDP packet sent by the sender has reached the destination host. 
2. traceroute function two
Another function of traceroute is to deliberately set non-fragmentation to determine the MTU of the path.

What is the purpose of doing this?

The purpose of this is for path MTU discovery.
Because sometimes we don't know the MTU size of the router, the MTU on the Ethernet data link Usually 1500  bytes, but non-Ethernet MTU values are different, so we need to know MTU to control the size of the packets sent.

  
   MTU path discovery (in case of UDP)

  
It works like this:
First, when the sending host sends a IP datagram, set the fragmentation prohibition flag at the header of the IP packet bit is set to 1. According to this flag, the router on the way will not fragment the large data packet, but discard the packet.
Subsequently, the value of the MTU on the data link is sent to the sending host through an ICMP unreachable message, the type of the unreachable message is "fragmentation is required but the non-fragmentation bit is set ".
The sending host will reduce the size of the packet every time it receives an ICMP error message, so as to locate an appropriate MTU value, so that can reach the target host.
References
[1] Takashi Takeshita. Graphical TCP/IP. People's Posts and Telecommunications Press.
[2] Liu Chao. Interesting talk about network protocols. Geek time.
Good article recommendation
Explore! The mental journey of a data packet in the network
Hardcore! 30 Graphical HTTP Common Interview Questions