From the course: CompTIA Network+ (N10-009) Cert Prep

ICMP and IGMP

From the course: CompTIA Network+ (N10-009) Cert Prep

Start my 1-month free trial Buy for my team

ICMP and IGMP

- TCP and UDP are the big heavy lifters when it comes to just about all the data we move on the internet. However, there are times where I don't really want to send data so much as as one computer I want to talk to another one just to verify status or something kind of simplistic like that. In these types of situations there's two other protocols I want to talk about. The first one's called ICMP or Internet Control Message Protocol. ICMP is a different animal than either TCP or UDP in that number one, it doesn't work at the transport layer of the TCP IP model. It works at the IP layer. The best way to explain this is, let's make ourselves a quick ICMP packet. So as we take a look here, first of all, to turn this into an ICMP packet, I got to get rid of stuff. There are no port numbers with ICMP. In fact, that's the reason most people put ICMP in the IP layer as opposed to the network layer because ICMP has nothing to do with port numbers at all. And here's the other crazy part, you ready? There really isn't any data. All you're doing with an ICMP is you're sending some amount of information and this type value, there's about 40 or 50 different types. So for example, one type would be, yes, I hear you, and then a check some just verifies that this data is good. Probably the best example of ICMP is good old ping. If you think about what ping does, ping isn't really trying to talk to any particular application on another computer. It just has an IP address and it wants whoever has that IP address to respond. So with ICMP, we just send off via ping one little message that basically says hello. And it's up to the responding device to either say I'm here or I'm not here. Now also keep in mind that ICMP has some complexity. That type field has all kinds of responses, like unable to access host, or no route to host found, and all kinds of stuff. So as that ping is worming away through the internet, all kinds of devices can respond to it to help us verify, can we ping something or not? Another great example is good old ARP. As we're resolving MAC addresses to IP addresses, ARP simply needs to be able to have somebody go, yep, here's my MAC address, that's my IP. And as a result of that, there's really nothing to respond in terms of actual data it just has handled within the type field. Now, that's ICMP, but to understand the other guy, IGMP, we need to break this down a little bit. IGMP stands for Internet Group Management Protocol. And the best place to start is let's make ourselves a packet. Now this is an IGMP packet. Now, if you take a look at this, there's a type a checksum and a group address and a source address. Let me explain what's going on here. I've got my little network here, and we're really excited because a nerdy group is about to do a video and we all want to watch this online realtime video. So what three of us are going to do is we're going to install some video client watching software so that we can watch this video. Now, you would think that everybody would have to make their own little connection to the video server to watch it. Well, there's a whole other world called multicast where we don't have to do that. In a multicast world, you have a whole set of IP addresses and the reserve just for this, they're distinct in that they always start with 224. So anytime you see an IP address that's 224 dot anything that's going to be a multicast address. So here's what happens, you ready? So we're going to install some special video watching software on three of these computers. This guy over here, he doesn't like this stuff, so he's not even loading the software. But these three machines are going to connect to the video server and what the video server's going to do, instead of having to send individual video streams to the 75,000 people who are watching this video, what he'll do instead is assign a multicast address. So what will take place is a multicast address will come from the video server. And by the way, every router between us and that video server is watching and it's because these clients are sending it out as it comes back. These guys all know that 224 dot 14 dot 27 dot 9 or whatever it is for this one video show is going to be for that video. And the routers will pass it at least as long as the video runs. So what will take place is one video stream is passed out through the internet, split it up as it needs to to get to it, but, for example, as it gets to this network, only one video stream comes into it and it's addressed to whatever that multicast address is. And only the machines that are running the client's software that are actually listening on that multicast address will receive and watch the video. That's kind of cool because in essence what you're doing with multicast is that you're giving your computer a second IP address. Sure, it's still got, its whatever IP address that you assigned it, but as long as this video runs, it gets a 224 address and it listens on that. And as that video stream comes in, it'll start picking it up and playing it on the player. So multicast is kind of unique and that's what IGMP does. Those two areas that you saw within the packet, the group address and the source address, the group address is, here's the multicast address we're all going to be using, so load it up, and then the source address is simply the IP address of the video server, so everybody knows where it came from. So ICMP and IGMP, they're not really on the transport layer, but they are kind of, in my opinion, because they're inside that, just because they don't have port numbers, to me, they're still inside of the IP packet itself. However, for the network plus, remember IGMP and ICMP on the internet layer of the TCP IP model.

Contents