[clug] Re: Determining availability of a remote machine

[Robert Edwards]

On Fri, 4 Apr 2003 06:53 pm, Michael Still wrote:
...
> Note again, that ICMP sits at the IP layer, which is beneath UDP and TCP.
>
> An ICMP message is of the general form:
>
> 	[8 bit type][8 bit code][16 bit checksum]
> 	[...contents...				]
>
> You'll note that there is no TCP or UDP header specified here, because
> ICMP is a lower level protocol than these. Ping implements an ICMP echo
> request of the form [2]:
>
> 	[8][0][checksum]
> 	[optional data to return]

Actually, as a Computer Networks lecturer, I should pedantically step in here 
and point out that ICMP does NOT "sit" at the IP layer and that ICMP is not a 
"lower level protocol" than TCP or UDP. It is an equal protocol to TCP and 
UDP and all three sit on top of IP. ICMP is IP protocol number 1, TCP is IP 
protocol number 6 and UDP is IP protocol number 17. IP supports up to 254 (or 
255?) protocols and these three are amongst the most common. IPSec is another 
protocol that sits on top of IP.

The _function_ of ICMP is different to UDP and TCP (which are also different 
to each other). ICMP is rarely used by user programs, other than the "ping" 
command. Likewise, few user programs use UDP directly, it is mostly used for 
networking stuff like DNS, NTP, BootP/DHCP, TFTP etc. etc. Some network 
conferencing programs also use UDP.

"ping" implements ICMP echo request (and reply) only, not UDP echo 
request/reply or TCP echo request/reply.

Many sites do seem to block some ICMP traffic these days (especially ICMP echo 
requests). It is bad practice to block all ICMP packets and there is valuable 
information exchanged using ICMP between network hosts and routers etc.

Much of our site blocks UDP traffic almost completely (we use application 
gateways for DNS, NTP etc.). So a UDP echo request, even if enabled on our 
internal machines, would not get in from outside of our network. I imagine 
similar rules are set up at other sites.

I hope this helps.

Cheers,

Bob Edwards.