Protocol Theory – Where is Ping’s Round-Trip Time Stored in the IP Header?
icmppingprotocol-theory
If we use ICMP's ping, we know the TTL and round-trip time are stored in the IP header. In the below IP header map we know TTL's location, but where is the round-trip time?
Is it stored in Options?
Best Answer
The round trip time is not actually stored anywhere. The sending host remembers the time it sends each ICMP Echo Request message, using ICMP's 16-bit identifier and sequence fields. When it gets the ICMP Echo Reply, it notes the current time, finds the time it sent the matching Request packet identified by the reply, calculates the difference, and reports it.
Typically ping uses ICMP's identification field to differentiate multiple simultaneous pings, and the sequence field to differentiate individual packets.
It is up to the implementation to decide where to store the outgoing time for a given packet: instead of storing it on the host in a table, it typically sends it in the outgoing request and uses the copy in the reply to calculate the time. (Thanks commenters for pointing this out.) It's sent in whatever way is convenient for the implementation, and of course has to trust the far end, and any intervening equipment, to properly copy the data. Some systems are known to represent the time in 16 bytes with resolution of microseconds, some as 8 bytes with resolution of milliseconds.
The format inside the data portion of the IP packet is the ICMP Echo Request/Reply message, copied here from RFC 792 "Internet Control Message Format" (p14).
PS. Just to be clear, the identification field of the IP header is normally set to an arbitrary value, different for each outgoing packet, used for reassembly of any fragmentation, and doesn't have the same value as anything in the ICMP body.
Also, although there is a mechanism defined for putting timestamps into the IP header as an option, this is not the normal mechanism for ping because very many routers are configured not to pass certain IP options. See RFC 781 Specification of the Internet Protocol Timestamp Option.
Finally, although everything here was written from an IPv4 perspective, per the original question; but ping in IPv6 is extremely similar, see ICMPv6 RFC 4443.
According to RFC 6928, the SRTT is only calculated with the formula
SRTT <- (1 - alpha) * SRTT + alpha * R'
after two RTT measurements have been made. After the first measurement, SRTT is initilized to the value of this first measurement, ie. SRTT <- R'.
You were close, according to the RFC alpha SHOULD be 1/8 (= 0.125).
Note, in RFC's, SHOULD means "there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course." (RFC 2119)
Both your questions can be answered by reading RFC 791 on the Internet Protocol.
First of all, where did you get that Options field size? An IPv4 header can contain up to 40 bytes (320 bits) of options.
The length of the IP header is indicated in the Internet Header Length (IHL) field. It uses 32 bit words as the unit of length, so the total size of the header is the value of IHL times 32 bits.
Since the IHL is a 4 bit field, the maximum value is 15. This results in a maximum header size of 15 x 32, or 480 bits.
A minimal IP header without options is 160 bits (IHL = 5). This leaves 480-160, or 320 bits for options.
As for your second question, the structure of the option field is not free, it should contain an option list as defined on RFC 791, page 15. If options are present, you should add yours behind them, at the end of the list.
Best Answer
The round trip time is not actually stored anywhere. The sending host remembers the time it sends each ICMP Echo Request message, using ICMP's 16-bit identifier and sequence fields. When it gets the ICMP Echo Reply, it notes the current time, finds the time it sent the matching Request packet identified by the reply, calculates the difference, and reports it.
Typically ping uses ICMP's identification field to differentiate multiple simultaneous pings, and the sequence field to differentiate individual packets.
It is up to the implementation to decide where to store the outgoing time for a given packet: instead of storing it on the host in a table, it typically sends it in the outgoing request and uses the copy in the reply to calculate the time. (Thanks commenters for pointing this out.) It's sent in whatever way is convenient for the implementation, and of course has to trust the far end, and any intervening equipment, to properly copy the data. Some systems are known to represent the time in 16 bytes with resolution of microseconds, some as 8 bytes with resolution of milliseconds.
The format inside the
data
portion of the IP packet is the ICMP Echo Request/Reply message, copied here from RFC 792 "Internet Control Message Format" (p14).Type
is 8 for Request, 0 for Reply;Code
is 0.PS. Just to be clear, the identification field of the IP header is normally set to an arbitrary value, different for each outgoing packet, used for reassembly of any fragmentation, and doesn't have the same value as anything in the ICMP body.
Also, although there is a mechanism defined for putting timestamps into the IP header as an option, this is not the normal mechanism for ping because very many routers are configured not to pass certain IP options. See RFC 781 Specification of the Internet Protocol Timestamp Option.
Finally, although everything here was written from an IPv4 perspective, per the original question; but ping in IPv6 is extremely similar, see ICMPv6 RFC 4443.