ICMP
The Internet Control Message Protocol (ICMP) [RFC792]
- The protocol is used to report problems with delivery of IP datagrams within an IP network.
- It can be sued to show when a particular End System (ES) is not responding, when an IP network is not reachable, when a node is overloaded, when an error occurs in the IP header information, etc.
- The protocol is also frequently used by Internet managers to verify correct operations of End Systems (ES) and to check that routers are correctly routing packets to the specified destination address.
The ICMP header
- Type: 8-bit field. It defines the ICMP message type. The values range from 0 to 127 are defined for ICMPv6, and the values from 128 to 255 are the informational messages.
- Code: 8-bit field that defines the subtype of the ICMP message
- Checksum: 16-bit field to detect whether the error exists in the message or not.
Minimal ICMP message classification
Some of the more common ICMP message types:
| Type | Description | Common Usage |
|---|---|---|
| 0 | Echo Reply | Ping and Traceroute |
| 3 | Destination Unreachable | Seen in ping when the end host can’t be reached |
| 5 | Redirect | Redirects a flow to a better router |
| 8 | Echo | Ping and Traceroute |
| 11 | Time Exceeded | TTL expiry messages |
| 12 | Parameter Problem | A ‘catch-all’ error |
| 13 | Timestamp | Clock Synchronization |
| 14 | Timestamp Reply | Clock Synchronization |
Wireshark
ICMP request, uses type 8 and code 0.
The ICMP echo reply type 0 and code 0 message.
Time to Live
One of the IP header fields that is best-known for provoking an ICMP-generating error is the Time to Live field (TTL). This field contains a number, which expresses the maximum number of routers that the packet can pass through. This number is decreased by one, by each router that processes the packet. If a router receives a packet with a TTL of zero, it drops that packet and sends an ICMP message back to the originator of that failed transmission.
ICMP-based tools
Ping
Ping is the most common debugging method to detect whether IPv4/IPv6 network devices are reachable.
Tracert
Tracert checks network connectivity by checking the path of packets from the source to the destination.