Internet protocols: ICMP, ARP, DHCP

Claudio Cicconetti <c.cicconetti@iet.unipi.it>

International Master on Communication Networks Engineering 2006/2007

 Table of Contents

ICMP
ARP
Proxy-ARP
DHCP
 ICMP

ICMP uses IP as if ICMP were a higher level

protocol (that is, ICMP messages are
encapsulated in IP datagrams). However,
ICMP is an integral part of IP and must be
implemented by every IP module.

Even though ICMP is used to report errors,

this does not make IP reliable: datagrams
may still be undelivered without any report
on their loss.
 ICMP

ICMP cannot be used to report errors with

ICMP messages. This avoids infinite
repetitions. ICMP responses are sent in
response to ICMP query messages.

For fragmented datagrams, ICMP messages

are only sent about errors with the first
fragment. That is, ICMP messages never
refer to an IP datagram with a non-zero
fragment offset field.
 ICMP

ICMP messages are never sent in response

to datagrams with a broadcast or a multicast
destination address.

ICMP messages are never sent in response

to a datagram that does not have a source
IP address representing a unique host. That
is, the source address cannot be zero, a
loopback address, a broadcast address or a
multicast address.
 ICMP messages

The IP header has a Protocol number of 1 (ICMP)

and a type of service of zero (routine).

The IP data field contains the ICMP message.

 ICMP messages
Type specifies the type of the message:

0: Echo reply
3: Destination unreachable
5: Redirect
8: Echo request
11: Time exceeded
13: Timestamp request
14: Timestamp reply
17: Address mask request
18: Address mask reply
30: Traceroute
 ICMP messages

Code contains the error code for the

datagram reported by this ICMP message.

Checksum contains the checksum for the

ICMP message starting with the ICMP Type
field.

ICMP Data contains information of the ICMP

message. Typically, a portion of the original
IP message for which the ICMP message
was generated is included.
 ICMP messages
Echo Request (8) is used to detect if another host is
active on the network, it is used by the Ping command.
The sender initializes the identifier, sequence number,
and data field.

The datagram is then sent to the destination host. The

recipient changes the type to Echo Reply (0) and returns
the datagram to the sender.
 ICMP messages

If the destination unreachable (3) message is

received from an intermediate router, it
means that the router regards the
destination IP address as unreachable.

If this message is received from the

destination host, it means that either the
protocol specified in the protocol number
field of the original datagram is not active or
the specified port is inactive.
 ICMP messages
The code field then contains one of the following:
0: Network unreachable
1: Host unreachable
2: Protocol unreachable
3: Port unreachable
4: Fragmentation needed but DF bit set
13: Communication administratively prohibited by filtering
 ICMP messages
If a router implements the Path MTU Discovery
protocol, the format of the destination unreachable
message with code 4 is changed to as to include the
MTU of the link that did not accept the datagram.
 ICMP messages

If the redirect (5) message is received from an

intermediate router, it means that the host
should send future datagrams for the
network to the router whose IP address is
specified in the ICMP message.

This preferred router will always be on the

same subnet as the host that sent the
datagram and the router that returned the IP
datagram.
 ICMP messages

The code field has one of the following values:

0: Network redirect
1: Host redirect
2: Network redirect for this type of service
3: Host redirect for this type of service
 ICMP messages

If the time exceed (7) message is received

from an intermediate router, the TTL (time to
live) field of an IP datagram has expired.

If this message is received from the

destination host, the IP fragment
reassembly time to live timer has expired
while the host is waiting for a fragment of
the datagram.
 ICMP messages

The code field will have the one of the following

values:
0: transit TTL exceeded
1: reassembly TTL exceeded
 ICMP applications

Ping uses the ICMP Echo Request and Echo

Reply messages to determine whether a
host is reachable.

Traceroute sends IP datagrams with low TTL

values so that they expire en route to a
destination. It uses the resulting ICMP Time
Exceeded messages to determine where in
the Internet the datagrams expired and
pieces together a view of the route to a host.
 ICMP applications

Ping is, perhaps, the simplest of all TCP/IP

applications. It uses the ICMP Echo and
Echo Reply messages.

It sends IP datagrams to a specified

destination host and measures the round
trip time to receive a response.

Traditionally, if you can successfully ping a

host, other applications such as Telnet or
 ICMP applications
% ping -c 4 131.114.9.44
PING 131.114.9.44 (131.114.9.44): 56 octets data
64 octets from 131.114.9.44: icmp_seq=0 ttl=64 time=0.5 ms
64 octets from 131.114.9.44: icmp_seq=1 ttl=64 time=0.4 ms
64 octets from 131.114.9.44: icmp_seq=2 ttl=64 time=0.4 ms
64 octets from 131.114.9.44: icmp_seq=3 ttl=64 time=0.4 ms

--- 131.114.9.44 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 0.4/0.4/0.5 ms

% ping -s 50000 -c 4 131.114.9.44

PING 131.114.9.44 (131.114.9.44): 50000 octets data
50008 octets from 131.114.9.44: icmp_seq=0 ttl=64 time=12.1 ms
50008 octets from 131.114.9.44: icmp_seq=1 ttl=64 time=12.0 ms
50008 octets from 131.114.9.44: icmp_seq=2 ttl=64 time=12.0 ms
50008 octets from 131.114.9.44: icmp_seq=3 ttl=64 time=12.0 ms

--- 131.114.9.44 ping statistics ---

4 packets transmitted, 4 packets received, 0% packet loss
round-trip min/avg/max = 12.0/12.0/12.1 ms
 ICMP applications

The Traceroute program is used to determine

the route IP datagrams follow through the
network. Traceroute is based upon ICMP
and UDP.

It sends an IP datagram with a TTL of 1 to the

destination host. The first router decrements
the TTL to 0, discards the datagram and
returns an ICMP time exceeded message to
the source.
 ICMP applications

In this way, the first router in the path is

identified. This process is repeated with
successively larger TTL values to identify
the exact series of routers in the path to the
destination host.

Traceroute sends UDP datagrams to the

destination host, these datagrams reference
a port number outside the standard range.
When an ICMP port unreachable message
is received, the source determines the
destination host has been reached.
 ICMP applications
% traceroute -n www.yahoo.com
traceroute to www.yahoo.akadns.net (216.109.117.106), 30 hops max, 38 byte packets
1 131.114.9.29 0.752 ms 0.534 ms 0.495 ms
2 131.114.186.9 30.556 ms 26.992 ms 31.902 ms
3 131.114.191.129 35.990 ms 30.880 ms 15.908 ms
4 193.206.136.13 18.925 ms 17.997 ms 6.875 ms
5 193.206.134.73 14.933 ms 14.014 ms 12.909 ms
6 193.206.134.41 20.886 ms 28.928 ms 32.985 ms
7 193.206.134.17 24.899 ms 26.006 ms 32.009 ms
8 64.214.196.241 28.836 ms 19.891 ms 9.037 ms
9 67.17.67.53 106.874 ms 109.010 ms 130.875 ms
10 208.50.13.210 162.981 ms 208.51.74.182 152.840 ms 135.902 ms
11 216.115.96.161 146.867 ms 216.115.96.167 132.982 ms 216.115.96.181 147.954 ms
12 216.109.120.201 140.808 ms 216.109.120.142 151.984 ms 216.109.120.151 141.880 ms
13 216.109.117.106 137.895 ms 130.874 ms 141.991 ms

% traceroute -n www.sssup.it
traceroute to portale.sssup.it (193.205.80.141), 30 hops max, 38 byte packets
1 131.114.9.29 0.787 ms 0.466 ms 0.542 ms
2 131.114.186.9 24.893 ms 22.934 ms 14.930 ms
3 131.114.191.129 9.961 ms 7.826 ms 1.981 ms
4 131.114.191.186 2.891 ms 2.973 ms 4.965 ms
5 131.114.191.206 3.957 ms 4.974 ms 10.890 ms
6 131.114.191.42 283.027 ms 411.901 ms *
7 193.205.80.141 41.078 ms 38.824 ms 35.875 ms
 ARP

The address resolution protocol is responsible

for converting the higher level protocol
addresses (IP addresses) to physical
network addresses.

On a single physical network, individual hosts

are known on the network by their physical
hardware address.

ARP uses a lookup table, or cache, to perform

this translation.
 ARP

When the address is not found in the ARP

cache, a broadcast is sent out on the
network, with a special format called the
ARP request.

If one of the machines on the network

recognizes its own IP address in the
request, it will send an ARP reply back to
the requesting host. The reply will contain
the physical hardware address of the host.
 ARP
% ip neigh show
131.114.9.61 dev eth1 lladdr 00:01:e6:8a:5d:a3 nud stale
10.114.235.249 dev eth0 lladdr 00:0e:2e:52:5f:7d nud reachable
10.114.235.51 dev eth0 lladdr 00:a1:b0:00:7e:a2 nud reachable
131.114.9.9 dev eth1 lladdr 08:00:11:15:f0:fb nud stale
10.114.235.48 dev eth0 lladdr 00:02:b3:8e:c1:4c nud stale
10.114.235.32 dev eth0 lladdr 00:02:b3:8e:ba:e4 nud reachable
131.114.9.44 dev eth1 lladdr 00:50:fc:85:bf:e0 nud reachable
131.114.9.29 dev eth1 lladdr 00:00:24:c0:2f:38 nud reachable
10.114.235.37 dev eth0 lladdr 00:0e:2e:32:ee:6f nud reachable
10.114.235.135 dev eth0 lladdr 00:13:20:59:b8:c8 nud reachable

‘nud’ stands for neighbour unreachability detection

 ARP

If an application wishes to send data to a certain IP

destination address, the IP routing mechanism
first determines the IP address of the next hop of
the packet and the hardware device on which it
should be sent.

% ip route show
10.114.235.0/24 dev eth0 proto kernel scope link src 10.114.235.1
131.114.9.0/24 dev eth1 proto kernel scope link src 131.114.9.251
127.0.0.0/8 dev lo scope link
default via 131.114.9.29 dev eth1 metric 1

‘eth’ stands for Ethernet device

 ARP

The ARP module then tries to find the

destination IP address in the ARP cache.

If it finds the matching pair, it gives the

corresponding 48-bit physical address back
to the caller, which transmits the packet.

If it doesn't find the pair in its table, it

generates a network broadcast of an ARP
request.
ARP

m
 ARP
hw address type specifies the type of hardware
(e.g., Ethernet).

proto address type specifies the type of protocol

(e.g., IPv4).

hw address length specifies the length (in bytes) of

the hardware addresses in this packet (e.g.,
Ethernet = 6).

proto address length specifies the length (in bytes)

of the protocol addresses in this packet (e.g., IPv4
= 4).
 ARP

operation code specifies the ARP type

(request = 1, reply = 2).

sender/target hardware/proto address

contains the hardware/protocol address of
the sender/target.

For the ARP request packet, the target

hardware address is the only undefined field
in the packet.
 ARP

When a host receives an ARP packet the

receiving device driver passes the
packet to the ARP module.

If the target protocol address is the

protocol address of the physical
interface on which the ARP request has
been received, then an ARP reply is
sent to the sender host through the
same interface.
 ARP

If any host on the network decodes an ARP

reply, then it may use it to update its ARP
cache with both the sender and the target
hardware addresses, even though there
are not IP datagrams buffered for those
hosts.

Finally, if the IP address of a host is

changed, then the host may send a
gratuitous ARP message to force its
neighbors to update their ARP caches.
 Proxy-ARP

Proxy-ARP provides a means of setting up

local subnets, without the need for a
modification to the IP routing algorithm.

However, some modifications to the routers

that interconnect the subnets are required.
 Proxy-ARP

Consider one IP network that is divided into

subnets and interconnected by routers.

We use the old IP routing algorithm, which

means that no host knows about the
existence of multiple physical networks.

Consider hosts A and B, which are on

different physical networks within the same
IP network, and a router R between the two
subnetworks.
 Proxy-ARP

ARP request

Host A
MACA, 192.168.1.66 lan1: 192.168.1.128/26

Router R
MACR0, 192.168.1.65 Host B
MACR1, 192.168.1.129 MACB, 192.168.1.130

lan0: 192.168.1.64/26
 Proxy-ARP

When host A wants to send an IP datagram to host

B, it first has to determine the physical network
address of host B through the use of the ARP
protocol.

As host A cannot differentiate between the physical

networks, its IP routing algorithm thinks that host
B is on the local physical network and sends out a
broadcast ARP request.

Host B doesn't receive this broadcast, but router R

does!
 Proxy-ARP
Router R understands subnets, that is, it runs
the subnet version of the IP routing
algorithm and it will be able to see that the
destination of the ARP request (from the
target protocol address field) is on another
physical network.

If router R's routing tables specify that the

next hop to that other network is through a
different physical device, it will reply to the
ARP as if it were host B, saying that the
network address of host B is that of the
router R itself.
 Proxy-ARP

Host A receives this ARP reply, puts it in its

cache, and will send future IP packets for
host B to the router R.

The router will forward such packets to the

correct subnet. The result is called
transparent subnetting.
 DHCP

DHCP provides a framework for passing

configuration information to hosts on a
TCP/IP network.

DHCP is based on the BOOTP protocol,

adding the capability of automatic allocation
of reusable network addresses and
additional configuration options.
 DHCP

DHCP consists of two components:

– A protocol that delivers host-specific
configuration parameters from a DHCP server
to a host.
– A mechanism for the allocation of temporary or
permanent network addresses to hosts.

IP requires the setting of many parameters

within the protocol implementation software,
because it can be used on many dissimilar
kinds of network hardware.
 DHCP

DHCP supports 3 mechanisms for IP

address allocation:
– automatic allocation: DHCP assigns a
permanent IP address to the host.
– dynamic allocation: DHCP assigns an IP
address for a limited period of time, such
a network address is called a lease.
– manual allocation: the host's address is
assigned by a network administrator.
DHCP
0 4 8 16 24 31
code hw type length hops

transaction ID

seconds flags

client IP address

your IP address

server IP address

router IP address

client hardware address 16 bytes

server host name 64 bytes

boot file name 128 bytes

options 312 bytes

 DHCP
code indicates a request or a reply (e.g., request = 1, reply =
2).

hw type it the type of hardware (e.g., Ethernet = 1).

length hardware address length in bytes (e.g., Ethernet = 6).

hops is incremented by a router that relays the request to

another server and is used to identify loops. It is set by the
client to 0.

transaction ID is a random number used to match this boot

request with the response it generates.
 DHCP
seconds is set by the client. It is the elapsed time in
seconds since the client started its boot process.

flags: the most significant bit of the flags field is

used as a broadcast flag. All other bits must be
set to zero, and are reserved for future use.

Normally, DHCP servers attempt to deliver DHCP

messages directly to a client using unicast
delivery. The destination address in the IP header
is set to the DHCP your IP address and the MAC
address is set to the DHCP client hardware
address.
 DHCP
If a host is unable to receive a unicast IP datagram
until it knows its IP address, then this broadcast
bit must be set to indicate to the server that the
DHCP reply must be sent as an IP and MAC
broadcast. Otherwise this bit must be set to zero.

client IP address is set by the client to either its

known IP address, or 0.0.0.0.

your IP address is set by the server if the client IP

address field was 0.0.0.0.

server IP address is set by the server.

 DHCP
router IP address is the address of a DHCP relay
agent, not a general IP router to be used by the
client. It is set by the forwarding agent when
DHCP forwarding is being used.

client hardware address is set by the client. DHCP

defines a client identifier option that is used for
client identification. If this option is not used the
client is identified by its MAC address.

server host name is an optional server host name

terminated with padding of 0 bytes.
 DHCP

boot file name is either left empty by the

client, or filled with a name indicating the
type of boot file to be used.

options: the first four bytes of the options field

of the DHCP message contain the magic
cookie (99.130.83.99). The remainder of the
options field consists of tagged parameters
that are called options.
 DHCP

There are four types of DHCP messages:

– DHCPDISCOVER: broadcast by a client to
find available DHCP servers.
– DHCPOFFER: response from a server to a
DHCPDISCOVER and offering IP address
and other parameters.
– DHCPACK: acknowledgement from server to
client with parameters, including IP address.
– DHCPNACK: negative acknowledgement
from server to client, indicating that the client's
lease has expired or that a requested IP
address is incorrect.