1 00:00:00,005 --> 00:00:02,008 - [Instructor] The Internet Control Messaging Protocol 2 00:00:02,008 --> 00:00:05,009 is the mother of all troubleshooting protocols. 3 00:00:05,009 --> 00:00:09,000 It's also heavily relied upon for message delivery 4 00:00:09,000 --> 00:00:10,005 in instances where a router 5 00:00:10,005 --> 00:00:13,002 needs to inform a host of dropped traffic 6 00:00:13,002 --> 00:00:16,002 or service adjustments that need to be made. 7 00:00:16,002 --> 00:00:18,003 It's assigned protocol number one 8 00:00:18,003 --> 00:00:21,003 which should be some indication of its importance. 9 00:00:21,003 --> 00:00:24,009 It's part of the IP suite like TCP and UDP, 10 00:00:24,009 --> 00:00:29,003 but ICMP isn't designed to carry end-user information. 11 00:00:29,003 --> 00:00:32,007 The ICMP packet header has a few interesting fields, 12 00:00:32,007 --> 00:00:35,003 namely the type and code. 13 00:00:35,003 --> 00:00:37,002 The type portion will designate 14 00:00:37,002 --> 00:00:39,003 what the ICMP packet's purpose is, 15 00:00:39,003 --> 00:00:42,005 be it destination unreachable, redirect, 16 00:00:42,005 --> 00:00:45,009 echo request, echo reply, and so on. 17 00:00:45,009 --> 00:00:48,004 The code then acts as a sub-selection 18 00:00:48,004 --> 00:00:51,006 that gives a more finite description of the cause. 19 00:00:51,006 --> 00:00:55,003 Say for example, a type 3 means destination unreachable. 20 00:00:55,003 --> 00:00:57,007 With the addition of a code of 6, 21 00:00:57,007 --> 00:01:01,000 the error becomes destination network unknown. 22 00:01:01,000 --> 00:01:03,006 ICMP can also send redirects. 23 00:01:03,006 --> 00:01:06,000 If a packet arrives on a router's interface 24 00:01:06,000 --> 00:01:07,008 and it has a preferred alternate gateway 25 00:01:07,008 --> 00:01:09,005 on that same subnet, 26 00:01:09,005 --> 00:01:13,000 it can send a redirect ICMP message back to the sender, 27 00:01:13,000 --> 00:01:15,004 informing them of the alternate gateway. 28 00:01:15,004 --> 00:01:16,009 Due to security concerns, 29 00:01:16,009 --> 00:01:20,004 most routers have the ability to ignore redirect messages. 30 00:01:20,004 --> 00:01:22,003 These can be used by a malicious user 31 00:01:22,003 --> 00:01:24,009 to initiate a man-in-the-middle attack. 32 00:01:24,009 --> 00:01:26,009 A time exceeded message is sent 33 00:01:26,009 --> 00:01:31,007 when a packet's time to live or TTL goes to zero. 34 00:01:31,007 --> 00:01:34,005 TTL is a field that is decremented by one 35 00:01:34,005 --> 00:01:36,005 each time it passes through a router. 36 00:01:36,005 --> 00:01:39,004 And if it reaches zero, the packet is dropped. 37 00:01:39,004 --> 00:01:40,009 The TTL prevents packets 38 00:01:40,009 --> 00:01:43,003 from infinitely looping between routers, 39 00:01:43,003 --> 00:01:46,001 but can also be used for troubleshooting. 40 00:01:46,001 --> 00:01:49,005 The traceroute utility will send a specialized ICMP packet 41 00:01:49,005 --> 00:01:51,001 with a TTL of one, 42 00:01:51,001 --> 00:01:54,004 so the first hop router will drop it and generate a message. 43 00:01:54,004 --> 00:01:57,000 The utility will then send the same packet 44 00:01:57,000 --> 00:01:58,006 with a TTL of two. 45 00:01:58,006 --> 00:02:02,004 It repeats this pattern until it reaches the end host. 46 00:02:02,004 --> 00:02:04,007 The majority of system monitoring packages 47 00:02:04,007 --> 00:02:08,007 and standard network testing will use ICMP echo request 48 00:02:08,007 --> 00:02:11,004 to verify equipment connectivity. 49 00:02:11,004 --> 00:02:14,009 This is generally done via the ping application. 50 00:02:14,009 --> 00:02:18,004 ICMP is used in much the same way in IPv6, 51 00:02:18,004 --> 00:02:22,005 but also supplants ARP for Layer 2 address resolution. 52 00:02:22,005 --> 00:02:26,001 It also provides other IPv6-specific functions 53 00:02:26,001 --> 00:02:29,001 like neighbor discovery and router advertisement. 54 00:02:29,001 --> 00:02:32,003 While ICMP can be filtered from your devices, 55 00:02:32,003 --> 00:02:34,008 it has become the defacto troubleshooting tool 56 00:02:34,008 --> 00:02:35,009 for admins everywhere, 57 00:02:35,009 --> 00:02:40,000 so I implore you to keep it active and use it regularly.