Shulou(Shulou.com)05/31 Report--

What is the working principle of ping, many novices are not very clear about this, in order to help you solve this problem, the following editor will explain for you in detail, people with this need can come to learn, I hope you can gain something.

I heard that you use 6 ping very much. Give me a diagram of how ping works!

In our daily life or work, we use ping commands to determine whether the network with each other is smooth or not.

"do you know how ping works?" Soul torture from Kobayashi

Some friends may ask strangely: "although I do not understand its work, but ping I also use the thief 6 ah!"

You use 6, but if you can get up in front of the interviewer, you won't get up. After all, they like to ask.

Therefore, we should have a "know it, know why" attitude, so that we can avoid going out and turning right during the interview.

Soul torture from the interviewer

It doesn't matter if you don't know, let's fix it and understand it today. Eliminate the question mark this time and make it a little less.

The Assistant of text IP Protocol-- ICMP Protocol

Ping works based on the ICMP protocol, so to understand the work of ping, let's first familiarize ourselves with the ICMP protocol.

What is ICMP?

The full name of ICMP is Internet Control Message Protocol, that is, Internet Control message Protocol.

There is a key word in it-control. How do you control it?

Network packets often encounter all kinds of problems in the complex network transmission environment. When you encounter problems, you can't be confused. The mindless style is not the style of the computer network. So you need to send out a message to report what the problem is, so that you can adjust the transmission policy to control the whole situation.

What are the functions of ICMP?

The main functions of ICMP include: confirming whether the IP packet is successfully delivered to the destination address, reporting the reason why the IP packet was abandoned in the process of sending, and improving network settings, etc.

In IP communication, if an IP packet fails to reach the destination address for some reason, the ICMP will be responsible for notifying the specific reason.

ICMP destination unreachable message

As shown in the figure above, host A sends a packet to host B. for some reason, router 2 fails to discover the existence of host B, and router 2 sends an ICMP destination unreachable packet to host A, indicating that the packet sent to host B is unsuccessful.

This notification message for ICMP is sent using IP.

Therefore, the ICMP packet returned from router 2 passes through router 1 and then is forwarded to host An in accordance with the usual routing control.

Host A, which received the ICMP packet, broke down the header and data domain of the ICMP and learned the specific cause of the problem.

ICMP header format

The ICMP message is encapsulated in the IP packet. It works at the network layer and is the assistant of the IP protocol.

ICMP message

The type field of ICMP packet header can be roughly divided into two categories:

One is the query message for diagnosis, that is, "query message type".

The other is an error message notifying the cause of the error, that is, the "error message type".

Common ICMP types

Query message type

Echo messages-types 0 and 8

Echo message is used between hosts or routers communicating to determine whether the packet sent has successfully reached the opposite end, and the ping command is implemented using this message.

ICMP echo message

You can send an echo request message (ICMP Echo Request Message, type 8) to the peer host, or receive an echo reply message (ICMP Echo Reply Message, type 0) sent back by the peer host.

ICMP echo request and echo reply message

Compared to the native ICMP, there are two more fields:

Identifier: used to distinguish which application sends the ICMP package, such as using the process PID as the identifier

Serial number: the serial number starts at 0, and each new echo request is added by 1, which can be used to confirm whether the network packet is lost.

In the option data, ping also stores the time value for sending the request to calculate the round trip time and indicate the length of the journey.

Error message type

Next, we will illustrate several examples of commonly used ICMP error messages:

Destination unreachable message-type 3

Origin suppression message-type 4

Redirect message-type 5

Timeout message-type 11

Destination unreachable message (Destination Unreachable Message)-type 3

When the IP router is unable to send the IP packet to the destination address, it returns an unreachable ICMP message to the sending host and shows the specific reason for the unreachability, which is recorded in the code field of the ICMP packet header.

As a result, according to the specific message that the ICMP is unreachable, the sending host can understand the specific reason why the transmission is unreachable.

Give an example of 6 common types of code that are unreachable:

Common code number of the target unreachable type

The network unreachable code is 0

Host unreachable code is 1

The protocol unreachable code is 2

Port unreachable code is 3

Sharding is required, but the non-sharding bit code is set to 4

In order to explain to you the reasons why the above goals are unattainable, Kobayashi sacrificed himself to deliver takeout five times.

Why do you want takeout? Don't ask, ask is to prepare for 35-year-old Lin.

Takeout worker-- Kobayashi

a. The network unreachable code is 0

Takeout version:

When Kobayashi delivered food for the first time, there were only two buildings in area An and B, but the delivery address was written in area C. Kobayashi said there were a lot of question marks on his head, and there was no such place at all.

Normal version:

The IP address is divided into the network number and the host number, so when the router table in the router does not match the network number of the receiver IP, the host is informed by the ICMP protocol because the network is unreachable (Network Unreachable).

Since there is no more network classification, the network is no longer reachable and no longer in use.

b. Host unreachable code is 1

Takeout version:

When Kobayashi delivered food for the second time, the community had a 5-story C building and found a place, but the delivery address was Room 601 of area C building, indicating that the room could not be found.

Normal version:

When there is no information about the host in the routing table, or when the host is not connected to the network, the host is informed through the ICMP protocol that the host is Host Unreachable.

c. The protocol unreachable code is 2

Takeout version:

When Kobayashi delivered takeout for the third time, this community has area C building, there is also room 601, found a place, but also found a room, but as soon as the door is a foreigner speaking English, I speak Chinese! The language is not clear, delivery of takeout failed.

Normal version:

When the host uses the TCP protocol to access the peer host, it can find the peer host, but the firewall of the peer host has prohibited TCP protocol access, so it will inform the host through the ICMP protocol that the protocol is unreachable.

d. Port unreachable code is 3

Takeout version:

When Kobayashi delivered takeout for the fourth time, this community had area C Building and Room 601. I found a place and a room. The people in the room were also Chinese speakers, but they said that what he wanted was not takeout, but express delivery.

Normal version:

When the host accesses port 8080 of the peer host, the peer host can be found this time, and there are no restrictions on the firewall, but if it is found that the peer host does not have a process to listen on port 8080, it will inform the host through the ICMP protocol of the reason why the port is unreachable.

e. Sharding is required, but the non-sharding bit code is set to 4

Takeout version:

When Kobayashi delivered food for the fifth time, this time it was a food blogger who had 100 takeouts, but the food blogger asked for all the takeout at once, and one of Kobayashi's electric cars couldn't fit, so it couldn't be delivered.

Normal version:

When the sending host sends the IP Datagram, the fragment prohibition flag bit of the IP header is set to 1. According to this bit, when a router encounters a packet larger than the size of the MTU, it will not fragment it, but will simply discard it.

Then, the sending host is informed by a message with the code 4 of the unreachable message type of ICMP.

Origin suppression message (ICMP Source Quench Message)-type 4

When using low-speed wide area lines, routers connected to WAN may encounter network congestion.

The purpose of ICMP origin suppression messages is to ease this congestion.

When a router sends data to a low-speed line, the cache of its send queue becomes zero and cannot be sent out, it can send an ICMP origin suppression message to the source address of the IP packet.

The host that receives this message can learn about the congestion somewhere on the whole line, so as to increase the transmission interval of IP packets and reduce network congestion.

However, because this kind of ICMP may cause unfair network communication, it is generally not used.

Redirect message (ICMP Redirect Message)-type 5

If the router finds that the sending host is using a "non-optimal" path to send data, it will return an ICMP redirect message to the host.

This message contains the most appropriate routing information and source data. This mainly occurs when the router has better routing information. The router notifies the sender with such an ICMP message and tells it to send it to another router next time.

For example, Kobayashi could have crossed the road, but Kobayashi didn't know, so he took a circle to get there. After Kobayashi knew, Kobayashi would not be so stupid to go around again next time.

Time-out message (ICMP Time Exceeded Message)-type 11

There is a field in the IP packet called TTL (Time To Live), whose value decreases by 1 with each pass through the router until the IP packet is discarded when it is reduced to 0.

At this point, the IP router will send an ICMP timeout message to the sending host and notify the host that the packet has been discarded.

The main purpose of setting the life cycle of IP packets is to prevent IP packets from being forwarded endlessly on the network when routing control encounters problems and loops occur.

ICMP time exceeds message

In addition, you can sometimes use TTL to control the arrival range of packets, such as setting a smaller TTL value.

Ping-query the use of message types

Next, we focus on the sending and receiving process of ping.

Host An and host B under the same subnet, after host An executes ping host B, let's see what is sent between them?

Host A ping host B

When the ping command is executed, the source host first builds an ICMP echo request message packet.

The ICMP packet contains several fields, the most important of which are two:

The first is the type, which is 8 for echo request messages

The other is the sequence number, which is mainly used to distinguish multiple packets sent out during continuous ping.

Each time a request packet is sent, the sequence number is automatically incremented by 1. In order to be able to calculate the round trip time RTT, it inserts the send time in the data part of the message.

ICMP echo request message of host A

The ICMP protocol then delivers the packet to the IP layer along with the address 192.168.1.2. The IP layer will use 192.168.1.2 as the destination address, the native IP address as the source address, the protocol field set to 1 to indicate the ICMP protocol, and add some other control information to build an IP packet.

IP layer packet of host A

Next, you need to add the MAC header. If the MAC address corresponding to the IP address 192.168.1.2 is found in the local ARP mapping table, it can be used directly. If not, you need to send the ARP protocol to query the MAC address. After obtaining the MAC address, a data frame is constructed by the data link layer. The destination address is the MAC address passed from the IP layer, and the source address is the local MAC address. Some control information is also attached and transmitted according to the media access rules of Ethernet.

MAC layer packet of host A

After receiving this data frame, host B first checks its destination MAC address and compares it with the local MAC address. If it matches, it receives it, otherwise it discards it.

After receiving, check the data frame, extract the IP packet from the frame and give it to the local IP layer. Similarly, after the IP layer checks, the useful information is extracted and handed over to the ICMP protocol.

Host B builds an ICMP echo response message packet with a type field of 0 and a sequence number of the received request packet, and then sends it to host A.

ICMP echo response message of host B

Within a specified period of time, if the source host does not receive an answer packet from ICMP, the target host is unreachable; if the ICMP echo response message is received, the target host is reachable.

At this point, the source host checks that the time delay of the ICMP packet is subtracted from the source host by the current moment.

In view of what happened above, it is summarized as follows:

What was sent during host A ping host B

Of course, this is the simplest situation in the same local area network. If you cross the network segment, it will also involve the forwarding of the gateway, the forwarding of the router, and so on.

But for the head of ICMP, it doesn't matter. What will affect is to choose the next hop of the route according to the destination IP address, and every time you go through a router to a new local area network, you need to change the MAC address in the MAC header.

With all that said, you can see that the ping program uses ECHO REQUEST (type 8) and ECHO REPLY (type 0) in ICMP.

Traceroute-the use of error message types

One application that takes full advantage of the ICMP error message type is called traceroute (this command is the same in UNIX and MacOS, and the equivalent command in Windows is called tracert).

1. Traceroute action one

The first function of traceroute is to deliberately set up a special TTL to track the router passing along the way to and from the destination.

The parameter of traceroute points to a destination IP address:

Traceroute 192.168.1.100

How does this function work?

Its principle is to use the lifetime of IP packets to send UDP packets while increasing sequentially from 1 to force to receive ICMP time-out messages.

For example, if you set TTL to 1, you will die when you encounter the first router, and then return the ICMP error packet network packet, which is of the type time-out.

Next, set the TTL to 2, the first router passed, the second router died, and agreed to return the ICMP error packet, and so on, until it reached the destination host.

In this process, traceroute can get all the router IP.

Of course, some routers will not return this ICMP at all, so for some public network addresses, you can't see the route in the middle.

How does the sender know if the UDP packet sent has reached the destination host?

When traceroute sends UDP packets, it fills in an impossible port number value as the UDP destination port number (greater than 3000). When the destination host receives the UDP packet, it will return an ICMP error message message, but the type of the error message message is "port unreachable".

Therefore, when the error message type is port unreachable, it means that the UDP packet sent by the sender has reached the destination host.

2. Traceroute action II

Another function of traceroute is to deliberately set non-fragmentation to determine the MTU of the path.

What are you doing this for?

The purpose of this is for path MTU discovery.

Because sometimes we do not know the MTU size of the router, the MTU on the Ethernet data link is usually 1500 bytes, but the MTU value of non-Ethernet is different, so we need to know the size of the MTU so as to control the size of the packets sent.

MTU path discovery (in the case of UDP)

It works as follows:

First of all, when the sending host sends the IP Datagram, the fragmentation prohibition flag bit of the header of the IP packet is set to 1. According to this flag bit, the router on the way will not fragment the large packet, but will discard the packet.

Then, the value of MTU on the data link is given to the sending host through an unreachable message of ICMP, and the type of unreachable message is "fragmentation is required but no fragmentation bit is set".

Each time the sending host receives the ICMP error message, it reduces the size of the packet to locate an appropriate MTU value so that it can reach the target host.

Is it helpful for you to read the above content? If you want to know more about the relevant knowledge or read more related articles, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.