Skip to content

ICMP

Introduction

The Internet Control Message Protocol (ICMP) is an auxiliary network protocol used for exchanging control and error messages in IP networks. Although ICMP operates on top of IP, it is not a transport protocol like TCP or UDP and is not used for transmitting application data. Instead, it is mainly used for network diagnostics and troubleshooting.

OSI Model and ICMP

ICMP operates at Layer 3 (Network Layer) of the OSI model, the same layer as the Internet Protocol (IP). Since ICMP is used for error reporting and network diagnostics, it works closely with IP to ensure efficient packet delivery. 

Unlike TCP (Layer 4 - Transport Layer) or UDP (Layer 4 - Transport Layer), ICMP does not provide port numbers because it is not designed for direct communication between applications. Instead, it is used by network devices like routers and hosts to send error messages and operational information.

ICMP vs. TCP and UDP

  • ICMP is not a transport protocol, meaning it does not establish connections or handle data streams like TCP.

  • ICMP does not use ports, whereas TCP and UDP use port numbers to route traffic to specific applications.

  • ICMP messages can be triggered by TCP or UDP traffic, for example:

- If a TCP packet is sent to an unreachable host, the sender may receive an ICMP Destination Unreachable message.

- If a UDP packet’s TTL expires, the sender may receive an ICMP Time Exceeded message.

Key Functions of ICMP

ICMP performs several critical functions:

  1. Network Diagnostics
  2. Used in the ping utility, which sends ICMP requests and analyzes responses.

  3. Used in traceroute to determine the route taken by packets.

  4. Error Messaging

  5. Notifies the sender about an unreachable destination (Destination Unreachable).
  6. Reports when a packet's time-to-live (TTL) has expired (Time Exceeded), essential for traceroute.

  7. Informs about fragmentation issues (Fragmentation Needed).

  8. Traffic Flow Control

  9. ICMP messages can indicate network congestion and suggest reducing the packet sending rate.

Types of ICMP Messages

ICMP messages are divided into two categories: requests and replies. Each message has a type and a code that define its purpose.

Main ICMP Message Types:

Type Code Description
0 0 Echo Reply (response to ping)
3 0-15 Destination Unreachable (host or network unreachable)
5 0-3 Redirect (route change)
8 0 Echo Request (ping request)
11 0-1 Time Exceeded (TTL expired)

How ping Works

The ping utility uses ICMP to check the availability of a host:

  1. A computer sends an ICMP Echo Request (Type 8) to the target.
  2. If the target is reachable, it responds with an ICMP Echo Reply (Type 0).
  3. The round-trip time (RTT) is measured to assess the network latency.

Example of ping usage:

ping 8.8.8.8

Output:


64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=14.3 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=14.1 ms

How traceroute Works

The traceroute utility uses ICMP Time Exceeded (Type 11) to trace the path of packets:

  1. It sends a packet with TTL=1. The first router decrements TTL, discards the packet, and returns an ICMP Time Exceeded message.
  2. A new packet is sent with TTL=2, reaching the next router.
  3. This process repeats until the packet reaches the final destination.

Example:

traceroute 8.8.8.8

Output:

1  router.local (192.168.1.1)  1.234 ms
2  10.0.0.1  3.456 ms
3  203.0.113.1  5.678 ms

Conclusion

ICMP is a crucial protocol that helps diagnose network issues, transmit error messages, and manage traffic. It is widely used in tools like ping and traceroute and plays a role in routing and network security. However, due to the risk of DDoS attacks, some systems restrict or block ICMP traffic.