The beginning of this chapter says that ICMP is mysterious because it lurks in the shadows and remains almost completely out of sight. The key word in that sentence is almost. For the most part, ICMP is invisible to network users. It is, after all, a mechanism for systems to communicate with each other, so there is little to be seen by the carbon-based life forms that infest the edge of a network.
You can use, however, a couple of tools that enable users to directly use ICMP. These tools are PING and TRACEROUTE. They are similar, but use different ICMP messages and perform different functions.
PING is an oddly named utility native to TCP/IP. The acronym derives from Packet Internet Groper. They're not made upjust passed onto you! PING allows you to see if any given IP address is on the network and reachable. Thinking back through the ICMP message types explained earlier, it should be obvious that PING is nothing more than a small program that allows you to specify an IP address for testing and then feeds that address to an ICMP Echo message. The response is received courtesy of an ICMP Echo Reply message, formatted appropriately, and dumped onto your computer's video screen.
That's a simplification, but you get the point. PING is creating a series of Echo messages so you can see if a host is reachable. If that host is reachable, you can see the average roundtrip times that it takes for packets to reach that host and receive an acknowledgment. This can be quite useful information!
If the host doesn't respond to your PINGs, you have some thinking to doand perhaps a bit more investigation. All you will know for sure is that the host didn't reply. Some reasons for not getting a response might include
It might not have replied because it is down.
Your PING packet might have hit a congested part of the network and gotten dumped before it reached its destination. The Echo Reply packet generated by the machine you PINGed met that fate.
There might be some serious trouble in the network and you just can't reach that host!
Clearly, the failure of a PING indicates something is amiss; you'll have to do more diagnosis before figuring out what happened.
|
TRACEROUTE or TRACERT, depending on which operating system you use, is a marvelous tool and diagnostic mechanism for IP networks. This utility allows you to map out the entire route that your packets will take to their destination. Along with identifying each network device in the path, you also see how long it takes to progress to each step of the way! A TRACEROUTE's cumulative results are that you know the path your packets take and the relative speed (or lack thereof) of every device in the path.
TRACEROUTE, as you might have guessed, uses ICMP Time Exceeded messages. It uses a lot of them! Unlike PING, TRACEROUTE doesn't generate an ICMP message as much as it causes one to be generated. The way it works is quite simple: TRACEROUTE creates a series of packets that get launched into the network bearing the destination IP address that you stipulate. These packets are created with a small TTL.
When the packets expire, the network device that noticed their expiration sends you an ICMP Time Exceeded message. Tallying up the values enables TRACEROUTE to show you the cumulative delays in the path and where they were incurred. This is an incredibly useful tool. With a little practice, you can use TRACEROUTE to map out how a network is constructed and see how wellor how poorlyit is performing at any given time.