Showing posts with label protocols. Show all posts
Showing posts with label protocols. Show all posts

Thursday, March 6, 2014

Internet Control Message Protocol

Internet Control Message Protocol (ICMP) defined by RFC 792 and RFC 1122 is used for network error reporting and generating messages that require attention. The errors reported by ICMP are generally related to datagram processing. ICMP only reports errors involving fragment 0 of any fragmented datagrams. The IP, UDP or TCP layer will usually take action based on ICMP messages. ICMP generally belongs to the IP layer of TCP/IP but relies on IP for support at the network layer. ICMP messages are encapsulated inside IP datagrams.
ICMP will report the following network information:
  •  Timeouts
  •  Network congestion
  •  Network errors such as an unreachable host or network.
The ping command is also supported by ICMP, and this can be used to debug network problems.

ICMP Messages:

The ICMP message consists of an 8 bit type, an 8 bit code, an 8 bit checksum, and contents which vary depending on code and type. The below table is a list of ICMP messages showing the type and code of the messages and their meanings.
 
Type Codes Description                                                                            Purpose
0 0 Echo reply                                                                                            Query
3 0 Network Unreachable                                                                           Error
3 1 Host Unreachable                                                                                 Error
3 2 Protocol Unreachable                                                                           Error
3 3 Protocol Unreachable                                                                           Error
3 4 Fragmentation needed with don't fragment bit set                               Error
3 5 Source route failed                                                                               Error
3 6 Destination network unknown                                                             Error
3 7 Destination host unknown                                                                    Error
3 8 Source host isolated                                                                              Error
3 9 Destination network administratively prohibited                                 Error
3 10 Destination host administratively prohibited                                      Error
3 11 Network Unreachable for TOS                                                           Error
3 12 Host Unreachable for TOS                                                                 Error
3 13 Communication administratively prohibited by filtering                   Error
3 14 Host precedence violation                                                                  Error
3 15 Precedence cutoff in effect                                                                 Error
4 0   Source quench                                                                                    Error
5 0   Redirect for network                                                                           Error
5 1   Redirect for host                                                                                 Error
5 2   Redirect for type of service and network                                           Error
5 3   Redirect for type of service and host                                                 Error
8 0   Echo request                                                                                      Query
9 0   Normal router advertisement                                                            Query
9 16 Router does not route common traffic                                              Query
10 0 Router Solicitation                                                                            Query
11 0 Time to live is zero during transit                                                      Error
11 1 Time to live is zero during reassembly                                              Error
12 0 IP header bad                                                                                     Error
12 1 Required option missing                                                                    Error
12 2 Bad length                                                                                          Error
13 0 Timestamp request                                                                            Query
14 0 Timestamp reply                                                                               Query
15 0 Information request                                                                          Query
16 0 Information reply                                                                              Query
17 0 Address mask request                                                                       Query
18 0 Address mask request                                                                       Query

ICMP is used for many different functions, the most important of which is error reporting. Some of these are "port unreachable", "host unreachable", "network unreachable", "destination network unknown", and "destination host unknown". Some not related to errors are:
  •  Timestamp request and reply allows one system to ask another one for the current time.
  •  Address mask and reply is used by a diskless workstation to get its subnet mask at boot time.
  •  Echo request and echo reply is used by the ping program to test to see if another unit will respond. 
 

Posted by at No comments:
Labels: , , , , ,

Friday, January 17, 2014

Address Resolution Protocol

ARP and RARP Address Translation

Address Resolution Protocol (ARP) provides a completely different function to the network than Reverse Address Resolution Protocol (RARP). ARP is used to resolve the ethernet address of a NIC from an IP address in order to construct an ethernet packet around an IP data packet. This must happen in order to send any data across the network. Reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network.

Address Resolution Protocol (ARP)

In an earlier section, there was an example where a chat program was written to communicate between
two servers. To send data, the user (Tom) would type text into a dialog box, hit send and the following
happened:

1. The program passed Tom's typed text in a buffer, to the socket.
2. The data was put inside a TCP data packet with a TCP header added to the data. This header
    contained a source and destination port number along with some other information and a
    checksum.
3. The TCP packet was be placed inside an IP data packet with a source and destination IP address
    along with some other data for network management.
4. The IP data packet was placed inside an ethernet data packet. This data packet includes the
    destination and source address of the network interface cards (NIC) on the two computers. The
    address here is the hardware address of the respective cards and is called the MAC address.
5. The ethernet packet was transmitted over the network line.
6. With a direct connection between the two computers, the network interface card on the intended
     machine, recognized its address and grabbed the data.
7. The IP data packet was extracted from the ethernet data packet.
8. The TCP data packet was extracted from the IP data packet.
9. The data was extracted from the TCP packet and the program displayed the retrieved data (text) in
     the text display window for the intended recipient to read.

In step 4 above, the IP data was going to be placed inside an ethernet data packet, but the computer
constructing the packet does not have the ethernet address of the recipient's computer. The computer that is sending the data, in order to create the ethernet part of the packet, must get the ethernet hardware (MAC) address of the computer with the intended IP address. This must be accomplished before the ethernet packet can be constructed. The ethernet device driver software on the receiving computer is not programmed to look at IP addresses encased in the ethernet packet. If it did, the protocols could not be independent and changes to one would affect the other. This is where address resolution protocol (ARP) is used. Tom's computer sends a network broadcast asking the computer that has the recipient's IP address to send it's ethernet address. This is done by broadcasting. The ethernet destination is set with all bits on so all ethernet cards on the network will receive the data packet. The ARP message consists of an ethernet header and ARP packet. The ethernet header contains:

1. A 6 byte ethernet destination address.
2. A 6 byte ethernet source address.
3. A 2 byte frame type. The frame type is 0806 hexadecimal for ARP and 8035 for RARP

The encapsulated ARP data packet contains the following:

1. Type of hardware address (2 bytes). 1=ethernet.
2. Type of protocol address being mapped( 2 bytes). 0800H (hexadecimal) = IP address.
3. Byte size of the hardware address (1 byte). 6
4. Byte size of the protocol address (1 byte). 4
5. Type of operation. 1 = ARP request, 2=ARP reply, 3=RARP request, 4=RARP reply.
6. The sender's ethernet address (6 bytes)
7. The sender's IP address (4 bytes)
8. The recipient's ethernet address (6 bytes)
9. The recipient's IP address (4 bytes)

When the ARP reply is sent, the recipient's ethernet address is left blank.

In order to increase the efficiency of the network and not tie up bandwidth doing ARP broadcasting, each computer keeps a table of IP addresses and matching ethernet addresses in memory. This is called ARP cache. Before sending a broadcast, the sending computer will check to see if the information is in it's ARP cache. If it is it will complete the ethernet data packet without an ARP broadcast. Each entry normally lasts 20 minutes after it is created. RFC 1122 specifies that it should be possible to configure the ARP cache timeout value on the host. To examine the cache on a Windows, UNIX, or Linux computer type "arp -a".

If the receiving host is on another network, the sending computer will go through its route table and determine the correct router (A router should be between two or more networks) to send to, and it will substitute the ethernet address of the router in the ethernet message. The encased IP address will still have the intended IP address. When the router gets the message, it looks at the IP data to tell where to send the data next. If the recipient is on a network the router is connected to, it will do the ARP resolution either using it's ARP buffer cache or broadcasting.

Reverse Address Resolution Protocol (RARP)

As mentioned earlier, reverse address resolution protocol (RARP) is used for diskless computers to determine their IP address using the network. The RARP message format is very similar to the ARP format. When the booting computer sends the broadcast ARP request, it places its own hardware address in both the sending and receiving fields in the encapsulated ARP data packet. The RARP server will fill in the correct sending and receiving IP addresses in its response to the message. This way the booting computer will know its IP address when it gets the message from the RARP server.

Posted by at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)