SKOOR Documentation

ICMP (Ping)

Function	Check if a device is up or down. If it is down the result will be 100% packet loss. The round trip time gives an indication of performance and network load.
Alarming	Packet loss, Round trip time

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet protocol suite. It is chiefly used by networked computers' operating systems to send error messages indicating, for instance, that a requested service is not available or that a host or router could not be reached. ICMP relies on IP to perform its tasks, and it is an integral part of IP. It differs in purpose from transport protocols such as TCP and UDP in that it is typically not used to send and receive data between end systems. Internet control message protocol is part of the Internet protocol suite as defined in RFC 792.

ICMP messages are typically generated in response to errors in IP datagrams (as specified in RFC 1122) or for diagnostic or routing purposes. The version of ICMP for Internet Protocol version 4 is also known as ICMPv4, as it is part of IPv4. IPv6 has an equivalent protocol, ICMPv6. ICMP messages are constructed at the IP layer, usually from a normal IP datagram that has generated an ICMP response. IP encapsulates the appropriate ICMP message with a new IP header (to get the ICMP message back to the original sending host) and transmits the resulting datagram in the usual manner.

For example, every machine (such as intermediate routers) that forwards an IP datagram has to decrement the time to live (TTL) field of the IP header by one; if the TTL reaches 0, an ICMP Time to live exceeded in transit message is sent to the source of the datagram. Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP, ICMP is unreliable.

Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet, the one that prompted the sending of the ICMP message. Many commonly-used network utilities are based on ICMP messages. The traceroute command is implemented by transmitting UDP datagrams with specially set IP TTL header fields, and looking for ICMP Time to live exceeded in transit (above) and Destination unreachable messages generated in response. The related ping utility is implemented using the ICMP Echo request and Echo reply messages.

The ICMP round trip time shows the time a packet needs to travel from source to destination plus the time the application stack needs to reply plus the way back. So the reason for a large round trip time can be a slow network or overloaded network stack.

It makes sense to measure ICMP one hop in front of an application server and additionally measure ICMP to the application server itself. The difference is the network delay.

ICMP detail

ICMP parameters

Parameter	Description
Number of packets	Count of packets to be sent. One packet per second is sent.
Packet size	The default packet size is set to 56 Bytes. Because 56B packets have to be padded to 64K packets, the fragmentation of the IP stack is also tested. This is mostly used for network and internet application servers. There are applications that send larger frames (e.g. ftp, scp). To check reachability of an ftp server, preferably setup an icmp packet size of around 1k. The following sizes are available: 56 bytes 128 bytes 256 bytes 512 bytes 1024 bytes 2048 bytes 10240 bytes
Icmp id	If there is a firewall between the device and the SKOOR Engine collector, it might be necessary to set the Icmp ID to a Random value, since there could be firewall rules which prevent a device from always using the same ID.

Parameter

Description

Number of packets

Count of packets to be sent. One packet per second is sent.

Packet size

The default packet size is set to 56 Bytes. Because 56B packets have to be padded to 64K packets, the fragmentation of the IP stack is also tested. This is mostly used for network and internet application servers. There are applications that send larger frames (e.g. ftp, scp). To check reachability of an ftp server, preferably setup an icmp packet size of around 1k. The following sizes are available:

56 bytes
128 bytes
256 bytes
512 bytes
1024 bytes
2048 bytes
10240 bytes

Icmp id

If there is a firewall between the device and the SKOOR Engine collector, it might be necessary to set the Icmp ID to a Random value, since there could be firewall rules which prevent a device from always using the same ID.

ICMP values and alarm limits

Value / Alarm limit	Description
Packet loss	Packet loss percentage. If 5 packets are sent and 1 is lost, packet loss is 20%. An alarm limit for state major is created by default for a packet loss of 100%.
Round trip time	Time to transfer the packets to the destination and back
Error code	Generic job error code (see section Job error codes)

ICMP examples

Example 1

Number of packets	4
Packet size	56 bytes

Docs