Internet Control Message Protocol – ICMP

The Internet control message protocol has a wide variety of different message types many of which are extremely useful for managing and troubleshooting an IP Network.   Most of us are familiar with the command ‘ping’ which uses at it’s core both ICMP echo and echo reply.   Another well used ICMP tool is that of traceroute which is useful for monitoring TTLs (time to live) and hop counts.

There are however quite a number of these ICMP messages, beyond the ones used by these tools and most are extremely useful for anyone managing a complex IP based network.   Here’s some of the most useful ones:

ICMP unreachable – an IP host will produce an ICMP unreachable message if there is no valid path to the requested host, network, protocol or port.  There are several of these messages which are often grouped together for convenience.  They are often generated from routers and switches, for example if local access lists are restricting access to the requested resource.   You should be careful about allowing these messages to be propagated as they contain source addresses.  Particularly if the connection is being used externally perhaps through an external connection like a BBC VPN for instance.    The messages can be blocked by using the no ip unreachables command on Cisco hardware.

ICMP redirects – a router will produce a redirect message if it receives a packet on a given interface and the route is on  the same device.   These can be used to help update local routing tables with the correct information.   There is an interesting protocol from Cisco which can be configured to help with these situations it’s called the Hot Standby Routing Protocol (HSRP).

ICMP  mask request and reply – some hosts do not have their subnet masks statically defined and have no way of learning it.  Here they can use an ICMP mask request which can be responded to by the router with an ICMP mask reply.

ICMP source quench – these messages provide an important function within ICMP that of congestion control on the network.   If a network device such as a router detects network congestion perhaps because of dropped packets or overflows in buffers and on it’s interfaces then it will send an ICMP source quench message to the source of these packets.

ICMP Fragmentation – this type of message is sent when an IP packet is received which is larger than the MTU specified within the LAN or WAN environment yet it also has the flag DF set (do not fragment). Here the packet cannot be forwarded however the ICMP message can be used to at least pass back some information on the issue.  There are actually quite a few scenarios where the DF bit is set automatically by devices as the packet is distributed.

Further Reading:

John Summer, Proxy for Netflix – video, Harvard Press, 2017

HTTP (Hypertext Transfer Protocol)

For many of us a network is either our little home setup consisting of perhaps a modem and wireless access point and a few connected devices, or perhaps that huge global wide network – the internet.  Whatever the size all networks need to allow communication between the various devices connected to them.  Just like human beings need languages to communicate so do networks only in this context we call them ‘protocols’.

The internet is built primarily using TCP/IP protocols to communicate, this is used to transport information between ‘web clients’ and ‘web servers’.   It’s not enough though to enable the media rich content delivered to our web browsers and a host of secondary protocols site above the main transport protocol – the most important one which enables the world wide web is called HTTP.

This provides a method for web browsers to access content stored on web servers, which is created using HTML (Hypertext Markup Language).  HTML documents contain text, graphics and video but also hyperlinks to other locations on the world wide web.   HTTP is responsible for processing these links and enabling the client/server communication which results.

Without HTTP the world wide web simply wouldn’t exist and if you want to see it’s origins search for RFC 1945 where you’ll find HTTP defined as an application level protocol designed with the lightness and speed necessary for distributed, collaborative, hypermedia information systems.   It is a stateless, generic and object orientated protocol which can be used for a huge variety of tasks – crucially it can be used on a variety of platforms which means it doesn’t matter whether you’re platform your computer is on (linux, Windows or Mac for instance) – you can still access the web content via HTTP.

So what happens? When someone types a web name or address into the address field of their web browser, the browser attempts to locate the address on the network it is connected to.  This can either be a local address or more commonly it will look out on to the internet looking for the designated web server.   HTTP is the command and control protocol which enables communication between the client and the web server allowing commands to be passed between the two of them.   HTML is the formatting language of the web pages which are transferred when you access a web site.

The HTTP connection between the client and server can be secured in two specific ways – using secure HTTP (SHTTP) or Secure Sockets Layer (SSL) which both allow the information transmitted to be encrypted and thus protected.  It should be noted though that the vast majority of communication is standard HTTP and is transmitted in clear text insecurely which is why so many people use proxies and VPNs like this to protect their connections.