Network Analysis: Investigating ICMP Redirects

Here's why you should pay attention to ICMP redirects in network troubleshooting.

Tony Fortunato

September 12, 2017

2 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Many network analysts have little interest in investigating small issues if they don't think the fine-tuning will make a perceivable difference. They want the biggest bang for their troubleshooting buck. I counter that assumption with some basic logic: “How do you know what the result is if you don’t make the change?”

Internet Control Message Protocol (ICMP) redirects can be overlooked by network analysts, but investigating them often pays off. ICMP redirect packets might be the result of an intentional design, a misconfiguration problem or a security issue. A redirect packet basically informs the host that there is a better way to get to the destination host or network. ICMP redirects are ICMP Field Type 5 and include codes that provide specific information:   

   0 = Redirect datagrams for the network

   1 = Redirect datagrams for the host

   2 = Redirect datagrams for the type of service and network

   3 = Redirect datagrams for the type of service and host

In this video, you will see that while working at a client's site, I saw some ICMP redirect packets that turned out to be a simple client reconfiguration issue.

I’ve seen applications or routers silently rely on ICMP redirects or other messages for everyday operation. Then one day, someone blindly blocks all ICMP redirects and things go wonky.

If you’re lucky, the change causes an outage. I say lucky, because an outage would force you to investigate and resolve the issue. If you’re not lucky, you will get reports of what seems to be intermittent application slowdowns and disconnects. The randomness of these reports would make it difficult for an analyst to figure out the root cause.

There are a few caveats you should be aware of when capturing ICMP redirect packets;

  • Don't use packet slicing; if you need slicing, use a value that's large enough to get all the ICMP information (you will have to capture 70 to 80 bytes)

  • Be aware of physical or software firewalls that can block or alter ICMP redirect packets

  • Get familiar with your network management software and figure out if it records or alerts on the different types of ICMP packets.

 

 

About the Author

Tony Fortunato

Sr Network Performance Specialist

Tony Fortunato is a network performance expert who has been designing, implementing and troubleshooting networks since 1989. His company, The Technology Firm, provides clients of all sizes with services ranging from project management, network design, consulting, troubleshooting, designing custom-designed training courses, and assisting with equipment installation. Tony's experience in networking started with financial trading floor networks and ISPs, where he learned to integrate and support equipment from various vendors. Tony has taught and presented at numerous colleges and universities, public forums and private classes. He blogs frequently at NetworkDataPediaand has a popular YouTube channel.

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights