, , , ,

ICMP is a network protocol useful in Internet Protocol (IP) network management and administration. ICMP is a required element of IP implementations. ICMP is a control protocol, meaning that it does not carry application data, but rather information about the status of the network itself.

The protocol is used to report problems with delivery of IP datagrams within an IP network. It can be sued to show when a particular End System (ES) is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc. The protocol is also frequently used by Internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the specified destination address.

The format of an ICMP message is shown above. The 8-bit type code identifies the types of message. This is followed by at least the first 28 bytes of the packet that resulted in generation of the error message (i.e. the network-layer header and first 8 bytes of transport header). This payload is, for instance used by a sender that receives the ICMP message to perform Path MTU Discovery so that it may determine IP destination address of the packet that resulted in the error. Longer payloads are also encouraged (which can help better identify the reason why the ICMP message was generated and which program generated the original packet).

The figure below shows the encapsulation of ICMP over an Ethernet LAN using an IP network layer header, and a MAC link layer header and trailer containing the 32-bit checksum:


The Ping Application

The “ping” program contains a client interface to ICMP. It may be used by a user to verify an end-to-end Internet Path is operational. The ping program also collects performance statistics (i.e. the measured round trip time and the number of times the remote server fails to reply. Each time an ICMP echo reply message is received, the ping program displays a single line of text. The text printed by ping shows the received sequence number, and the measured round trip time (in milliseconds). Each ICMP Echo message contains a sequence number (starting at 0) that is incremented after each transmission, and a timestamp value indicating the transmission time.


The Traceroute Application

The “traceroute” program contains a client interface to ICMP. Like the “ping” program, it may be used by a user to verify an end-to-end Internet Path is operational, but also provides information on each of the Intermediate Systems (i.e. IP routers) to be found along the IP Path from the sender to the receiver. Traceroute uses ICMP echo messages. These are addressed to the target IP address. The sender manipulates the TTL (hop count) value at the IP layer to force each hop in turn to return an error message.

  • The program starts by sending an ICMP Echo request message with an IP destination address of the system to be tested and with a Time To Live (TTL) value set to 1. The first router that receives this packet decrements the TTL and discards the message, since this now has a value of zero. Before it deletes the message, the system constructs an ICMP error message (with an ICMP message type of “TTL exceeded”) and returns this back to the sender. Receipt of this message allows the sender to identify which system is one link away along the path to the specified destination.
  • The sender repeats this two more times, each time reporting the system that received the packet. If all packets travel along the same path, each ICMP error message will be received from the same system. Where two or more alternate paths are being used, the results may vary.
  • If the system that responded was not the intended destination, the sender repeats the process by sending a set of three identical messages, but using a TTL value that is one larger than the previous attempt. The first system forwards the packet (decrementing the TTL value in the IP header), but a subsequent system that reduces the TTL value to zero, generates an ICMP error message with its own source address. In this way, the sender learns the identity of another system along the IP path to the destination.
  • This process repeats until the sender receives a response from the intended destination (or the maximum TTL value is reached).

Note: Some Routers are configured to discard ICMP messages, while others process them but do not return ICMP Error Messages. Such routers hide the “topology” of the network, but also can impact correct operation of protocols. Some routers will process the ICMP Messages, providing that they do not impose a significant load on the routers, such routers do not always respond to ICMP messages. When “traceroute” encounters a router that does not respond, it prints a “*” character.

Type Description References
0 Echo reply. RFC 792
3 Destination unreachable. RFC 792
4 Source quench. RFC 792
5 Redirect. RFC 792
6 Alternate host address.
8 Echo request. RFC 792
9 Router advertisement. RFC 1256
10 Router solicitation. RFC 1256
11 Time exceeded. RFC 792
12 Parameter problem. RFC 792
13 Timestamp request. RFC 792
14 Timestamp reply. RFC 792
15 Information request. Obsolete. RFC 792
16 Information reply. Obsolete. RFC 792
17 Address mask request. RFC 950
18 Address mask reply. RFC 950
19 reserved (for security).
20 to 29 reserved (for robustness experiment).
30 Traceroute. RFC 1393
31 Conversion error. RFC 1475
32 Mobile Host Redirect.
33 IPv6 Where-Are-You.
34 IPv6 I-Am-Here.
35 Mobile Registration Request.
36 Mobile Registration Reply.
37 Domain Name request. RFC 1788
38 Domain Name reply. RFC 1788
39 SKIP Algorithm Discovery Protocol.
40 Photuris, Security failures. RFC 2521
41 Experimental mobility protocols. RFC 4065
42 to 255 Reserved.



If you feel this article helped you to get some learning, please support by clicking below.