ICMP (Internet Control Message Protocol) is a protocol used by networked devices to communicate error messages and operational information about network conditions.
ICMP messages are typically generated by network devices in response to error conditions, such as when a packet is unable to reach its destination. ICMP messages may also be used to perform network tests, such as with the Ping or trace route commands.
ICMP messages can be used for a variety of purposes, including:
- Error reporting: When a device encounters an error or an issue in delivering a packet, it may generate an ICMP error message to report the issue and help diagnose the problem.
- Network testing: ICMP can be used to perform basic network tests, such as the Ping command, which sends an ICMP Echo Request to a device to test its connectivity and response time.
- Network management: Network administrators can use ICMP to monitor network conditions and diagnose issues. For example, they may use ICMP messages to measure network latency or to determine the optimal route for data packets to travel.
ICMP is an essential protocol for network communication, as it enables devices to report errors and conditions that may affect network performance and reliability.
ICMP control messages
ICMP control messages are set of values transmitted inside an ICMP packet to define the purpose of the ICMP packets.
There are two parts to an ICMP control message, a type and a code.
ICMP type fields are identified by a unique number that specifies the type of message being sent. Some common types of ICMP messages include:
- Echo Request – Type 8 – Used to test network connectivity between devices
- Echo Reply – Type 0 – Used to test network connectivity between devices.
- Destination Unreachable – Type 3 – Sent by a router or firewall to indicate that a packet could not be delivered to its intended destination.
- Time Exceeded – Type 11 – Sent by a router or firewall to indicate that a packet has been discarded because it exceeded its maximum time-to-live (TTL) value.
- Redirect – Type 5 – Sent by a router to inform a device that it should send its packets to a different next-hop router.
ICMP code field are used alongside the type field, and are also identified by a unique number. There purpose is to add extra meaning to the type field. For example, the type 3 (Destination unreachable) has 16 codes, each one describing why the destination was unreachable.
Type 3, Code 0 – Destination network unreachable
Type 3, Code 1 – Destination host unreachable
Type 3, Code 2 – Destination protocol unreachable
Type 3, Code 3 – Destination port unreachable
Type 3, Code 4 – Fragmentation required, and DF flag set
Type 3, Code 5 – Source route failed
Type 3, Code 6 – Destination network unknown
Type 3, Code 7 – Destination host unknown
Type 3, Code 8 – Source host isolated
Type 3, Code 9 – Network administratively prohibited
Type 3, Code 10 – Host administratively prohibited
Type 3, Code 11 – Network unreachable for ToS
Type 3, Code 12 – Host unreachable for ToS
Type 3, Code 13 – Communication administratively prohibited
Type 3, Code 14 – Host Precedence Violation
Type 3, Code 15 – Precedence cutoff in effect
PING
The ping command is one of the most widely used ICMP utilities, and is used to test the connectivity and response time of a device on a network.
The Ping command sends an ICMP Echo Request message to a target device and waits for an ICMP Echo Reply message to be sent back. The time it takes for the Echo Reply message to be received is known as the round-trip time (RTT), and can be used to measure the network latency or response time between the two devices.
When using the ping command, you can use either the hostname, the domain name, or the IP address of the device you wish to test connectivity to.
When the Ping command is executed, it sends a series of ICMP Echo Request messages to the target device. By default, the Ping command sends four packets, but this can be changed by specifying a different number using the -n flag. Alternatively, using the -t flag will send continuous packets until you stop the command manually.
The Ping command also displays statistics about the packets sent and received, including the RTT and the percentage of packets lost.
The Ping command is a useful tool for network troubleshooting and testing, as it can be used to verify the connectivity and response time of a device on a network. However, it is important to note that some devices may be configured to ignore or block ICMP Echo Request messages, which can affect the results of the Ping command.
Trace route
The trace route command is another very useful ICMP utility which is used to trace the path that network packets take from a source device to a destination device.
When the Trace Route command is executed, it sends packets with incrementing TTL values to the target device. Each router along the path decrements the TTL value of the packet by one, and if the TTL value reaches zero, the router discards the packet and sends an ICMP Time Exceeded message back to the source device.
The Trace Route command records the IP address of the router that sent the Time Exceeded message, and repeats the process with a higher TTL value until it reaches the target device.
The Trace Route command displays the IP addresses and hostnames of the routers along the path to the target device, as well as the RTT for each hop. This information can be useful for network troubleshooting and performance optimization, as it can help identify network bottlenecks and routing issues.
On a windows device, the trace route command is tracert, on a linux device you will most likely have to install the traceroute utility.
It is important to note that the Trace Route command may not work properly if some routers along the path are configured to block or ignore ICMP Time Exceeded messages.