|IP Network - ICMP|
ICMP stands for Internet Control Message Protocol. To many people, ICMP would considered to be same as 'Ping', but 'Ping' is only one of ICMP functionality. A list of ICMP features (types) can be categorized as follows.
Even though ICMP would one of the simplest protocol in IP world, it would be a huge task to get full understanding and it requires a lot of experience as well. I would like you to use this page as a cheatsheet for your task. This is just beginning and the topics will (hopefully -:)) get extended gradually.
Following is the ICMP messages which is determined by Type field and Code field. In real application, it would be important to understand what is meant by each of these message. You would not understand clearly unless you experience all of these cases by yourself and try to get the practical meaning. So it would take years to understand all of these in practical sense. Be patient.
I will try to explain these messages in practical manner and with some example so that you can take this page as a quick reference for troubleshooting. However, this task would take long time.. and I will just add one by one as I get some real examples.
The description on normal ping operation will be posted later.
: This mean that the ping command (query) does not get any feedback from anywhere. What would be the cause of this case ?
Followings are several cases we can easily think of.. but there may be other cause as well.
i) External Firewall : The ping request got dropped by the external firewall in between the source and destination. So the message didn't reach the destination.
ii) Internal Firewall on destination : These days a lot of PC (most of the PC) has its own Firewall. If the firewall is configured so that it would not allow ping query. It would drop the ping query message and the ICMP message would not reach the destination.
iii) No physical connection between source and destination : It is also possible that physical connection between the source and destination does not exists. For example, LAN cable is pulled out.
When you ping from A to B and you got ping reply from B, does this mean that ping from B to A will always work ?
The answer is "Not Always". There can be some cases where ping works only in one direction. The typical case is where a firewall allows a PC to do only ping request, but does not allow ping reply.
This error happens when the packet reached a host router but the host router failed to discover the destination host. Then the remote router sent this message.
Case 1 : Before IP packets is sent to next hop, the sender would perform ARP (if the next hop is not in the arp list). If ARP fails, the sender may send back this message.
This message may be sent by host in which the specified port is not active or has some other issue with the port. It means the packet is delivered at least to the host (but failed to reach specific application/port).
Case 1 : The destination port specified in the UDP or TCP header was invalid.
Troubleshoot tip 1 : Try 'netstat' on the destination if possible to see if the destination port is active when you have this problem.
Troubleshoot tip 2 : To figure out which packet is causing this error, find the packet that contains the data in the DATA field of ICMP error packet.
Internet Control Message Protocol
Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x811b [correct]
Internet Protocol, Src: 18.104.22.168 (22.214.171.124), Dst: 192.168.1.2 (192.168.1.2)
Header length: 20 bytes
User Datagram Protocol, Src Port: 61846 (61846), Dst Port: 25660 (25660)
Source port: 61846 (61846)
Destination port: 25660 (25660)
Data (103 bytes)
Data: 64313a6164323a696432303abe916abba14b8cb8a7167ce0... <-- find the back containing this
Example 1 >
: Offical description from RFC 1812 is as follows
13 = Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering
This is the code value for an administrative denial, which indicates that a router is filtering a port and is not permitting traffic to pass. The packet is typically seen when traffic is refused to pass through a router or a firewall.
e.g 1 > a firewall or a router is blocking TCP port 53, the error indicates the reason for the failing Domain Name System (DNS) queries.
e.g 2 > a firewall or a router is blocking User Datagram Protocol (UDP) port 53, the error indicates the reason for the failing Domain Name System (DNS) queries.
Refer to Microsoft Support : Internet Control Message Protocol "Destination Unreachable" (Code = 0x0D) Packets for more details.