ICMP

网络控制消息协定（英文：Internet Control Message Protocol，ICMP）是网路协议族的核心协议之一。它用于 TCP/IP 网络中发送控制消息，提供可能发生在通信环境中的各种问题反馈，通过这些信息，令管理者可以对所发生的问题作出诊断，然后采取适当的措施解决。

ICMP依靠IP来完成它的任务，它是IP的主要部分。它与传输协议，如TCP和UDP显著不同：它一般不用于在两点间传输数据。它通常不由网络程序直接使用，除了ping和traceroute这两个特别的例子。 IPv4中的ICMP被称作ICMPv4，IPv6中的ICMP则被称作ICMPv6。

技术细节：
ICMP是在RFC 792中定义的互联网协议族之一。通常用于返回的错误信息或是分析路由。ICMP错误消息总是包括了源数据并返回给发送者。 ICMP错误消息的例子之一是TTL值过期。每个路由器在转发数据报的时候都会把ip包头中的TTL值减一。如果TTL值为0，“TTL在传输中过期”的消息将会回报给源地址。 每个ICMP消息都是直接封装在一个IP数据包中的，因此，和UDP一样，ICMP是不可靠的。

虽然ICMP是包含在IP数据包中的，但是对ICMP消息通常会特殊处理，会和一般IP数据包的处理不同，而不是作为IP的一个子协议来处理。在很多时候，需要去查看ICMP消息的内容，然后发送适当的错误消息到那个原来产生IP数据包的程序，即那个导致ICMP讯息被传送的IP数据包。

很多常用的工具是基于ICMP消息的。traceroute是通过发送包含有特殊的TTL的包，然后接收ICMP超时消息和目标不可达消息来实现的。 ping则是用ICMP的"Echo request"(类别代码：8)和"Echo reply"(类别代码：0)消息来实现的。

 

Tracert

23 out of 45 rated this helpful - Rate this topic

 

Tracert is a route tracing utility that display a list of near-side router interfaces of the routers along the path between a source host and a destination. Tracert uses the IP TTL field in ICMP Echo Requests and ICMP Time Exceeded messages to determine the path from a source to a destination through an IP internetwork.

 

Note that some routers silently drop packets with expired TTLs. These routers do not appear in the Tracert display.

 

How Tracert Works

 

Tracert works by incrementing the TTL value by one for each ICMP Echo Request it sends, then waiting for an ICMP Time Exceeded message. The TTL values of the Tracert packets start with an initial value of one; the TTL of each trace after the first is incremented by one. A packet sent out by Tracert travels one hop further on each successive trip.

 

Figure 3.2 shows how Tracert works. Tracert is being run on Host A, and is following the path to Host B. At Router 1 and Router 2, the TTL is decremented to 0, causing each router to send an ICMP Time Exceeded message. When the ICMP Echo Request is received at Host B, it sends back an ICMP Echo Reply.

Figure 3.2 Step-by-Step Operation of the Tracert Tool

 

Note

 

The UNIX version of Tracert performs the same function as the Windows version except that the IP payload is a UDP packet addressed to a (presumably) unknown destination UDP port. Intermediate routers send back ICMP Time Expired messages recording the route taken and the final destination sends back an ICMP Destination Unreachable-Port Unreachable message.

 

The UDP payload from the UNIX Tracert tool can cross routers and firewalls, whereas the ICMP Echo Request messages might not due to ICMP filtering. To avoid this problem in Windows 2000, turn off packet filtering as described in "Check Packet Filtering" later in this chapter, then try using Tracert again.