As a requirement imposed by the Internet Engineering Task Force Request For Comments (RFC) 793, an Internet Control Message Protocol (ICMP) echo server executes on all IP Version 4 (hereafter referred to simply as “IP”) end system computers and all IP-speaking intermediate systems (e.g., routers). Any system on an IP network that can form ICMP echo requests may send an echo request to any other node on that IP network and expect an echo reply. The ICMP echo protocol is used to diagnose problems with delivery of IP datagrams within an IP network. It can be used to show when a particular end system is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. It can also be used to determine the round trip time of a datagram between devices. The protocol is frequently used by Internet managers to verify correct operations of end systems and to check that routers are correctly routing packets to specified destination addresses.
A “ping” program contains a client interface to ICMP echo service. A ping may use the ICMP echo service to verify that a device is online, or that an end-to-end Internet path is operational. The ping program also collects performance statistics such as the measured round trip time and the number of times the remote server fails to reply. Each time an ICMP echo reply message is received, the ping program displays a single line of text or some other symbol representing a success or failure. The text printed by ping typically shows the received sequence number of a packet, and the measured round trip time (in milliseconds). Each ICMP echo message contains a sequence number (starting at 0) that is incremented after each transmission.
Address Resolution Protocol (ARP) is the means by which an IP address is translated into a physical Media Access Control (MAC) address on a shared network access medium such as IEEE 802.3 Ethernet. All IP addresses must be mapped to a “MAC address” in order to complete communication to a device on a shared network medium. Before a packet is delivered to a local host on a shared medium, the sending device looks up the IP address in its ARP cache, which is a table that contains mappings of the IP address to the MAC address. If it finds the MAC address associated with the IP address, the sending device constructs and sends a packet with a media (e.g. Ethernet) header containing the correct destination MAC address and an appropriate source MAC address. In the event that there is no appropriate IP to MAC address mapping in the table, the packet will be discarded and an ARP Request will be broadcast on the medium, seeking to find the MAC address associated with the desired IP address. If an ARP Reply is received, the IP address and MAC address are entered into the table, and all subsequent data packets to the IP address are delivered to the appropriate MAC address. Typically, network hosts and routers maintain their own ARP tables. All hosts in a network medium broadcast domain passively listen to broadcast ARP packets, and issue unicast replies to broadcast requests. They also record information heard in these broadcast packets as well as replies to their local ARP tables. A host actively attempts to discover a particular address using ARP only when it looks for a logical IP address it does not have in its ARP table. All devices on a network reply to an ARP request for an IP address for which they accept packets.
As illustrated in FIG. 1, requesting device 10 and replying device 12 communicate through a router device 14. Requesting device 10 sends an ICMP echo request 18 to router 14, which in turn attempts to forward that ICMP echo request (not illustrated) to replying device 12. If router device 14 does not have an entry in ARP table 30 for replying device 12 in its ARP table 30, router device 14 discards the ICMP echo request 18. After discarding ICMP echo request 18, router 14 generates ARP request broadcast 20, which will be heard by device 12. Device 12 responds to router 14 with ARP reply 22, which will be entered in to ARP table 30. When a subsequent ICMP echo request 24 is sent from device 12 through routing device 14, router device 14 can use the information in ARP table 30 to forward ICMP echo request 24 to replying device 12. In the event that replying device 12 replies to ICMP echo requests, ICMP echo request 24 causes ICMP echo reply 28 to be generated and sent to routing device 14, which can forward it back to requesting device 10.
The problem occurs when replying device 12 stops replying to ICMP echo requests, as may be done for security purposes. As shown in FIG. 2, ICMP echo request 32 triggers ARP 34 and corresponding ARP reply 36. Replying device 12 may block subsequent ICMP echo request 38 forwarded by routing device 14. In this instance, no ICMP echo reply is generated or sent back to requesting device 10 in response to ICMP echo request 38.
With the advent of Windows XP Service Pack 2 and other personal firewalls used on personal computers, it is possible to easily configure a system not to respond to ICMP echo requests, which makes remote diagnostics difficult and sometimes impossible. Even though such a configuration is a violation of RFC 793, it is becoming commonplace among misinformed system administrators. Since no communication can occur without the use of ARP, ARP replies are still reliably received no matter what the setting of a personal computer firewall. There is still a heartfelt need for a method by which a router, firewall, or any proxy device can answer ICMP echo requests in proxy for devices residing behind a firewall that refuse to answer ICMP echo requests.