Internet Control Message Protocol (ICMP)
Last Updated :
12 Sep, 2024
Internet Control Message Protocol is known as ICMP. The protocol is at the network layer. It is mostly utilized on network equipment like routers and is utilized for error handling at the network layer. Since there are various kinds of network layer faults, ICMP can be utilized to report and troubleshoot these errors.
Since IP does not have an inbuilt mechanism for sending error and control messages. It depends on Internet Control Message Protocol(ICMP) to provide error control. In this article, we are going to discuss ICMP in detail along with their uses, messages, etc.
What is ICMP?
ICMP is used for reporting errors and management queries. It is a supporting protocol and is used by network devices like routers for sending error messages and operations information. For example, the requested service is not available or a host or router could not be reached.
Since the IP protocol lacks an error-reporting or error-correcting mechanism, information is communicated via a message. For instance, when a message is sent to its intended recipient, it may be intercepted along the route from the sender. The sender may believe that the communication has reached its destination if no one reports the problem. If a middleman reports the mistake, ICMP helps in notifying the sender about the issue. For example, if a message can't reach its destination, if there's network congestion, or if packets are lost, ICMP sends back feedback about these issues. This feedback is essential for diagnosing and fixing network problems, making sure that communication can be adjusted or rerouted to keep everything running smoothly.
Uses of ICMP
ICMP is used for error reporting if two devices connect over the internet and some error occurs, So, the router sends an ICMP error message to the source informing about the error. For Example, whenever a device sends any message which is large enough for the receiver, in that case, the receiver will drop the message and reply to the ICMP message to the source.
Another important use of ICMP protocol is used to perform network diagnosis by making use of traceroute and ping utility.
Traceroute: Traceroute utility is used to know the route between two devices connected over the internet. It routes the journey from one router to another, and a traceroute is performed to check network issues before data transfer.
Ping: Ping is a simple kind of traceroute known as the echo-request message, it is used to measure the time taken by data to reach the destination and return to the source, these replies are known as echo-replies messages.
How Does ICMP Work?
ICMP is the primary and important protocol of the IP suite, but ICMP isn't associated with any transport layer protocol (TCP or UDP) as it doesn't need to establish a connection with the destination device before sending any message as it is a connectionless protocol.
The working of ICMP is just contrasting with TCP, as TCP is a connection-oriented protocol whereas ICMP is a connectionless protocol. Whenever a connection is established before the message sending, both devices must be ready through a TCP Handshake.
ICMP packets are transmitted in the form of datagrams that contain an IP header with ICMP data. ICMP datagram is similar to a packet, which is an independent data entity.
ICMP Packet Format
ICMP header comes after IPv4 and IPv6 packet header.
ICMPv4 Packet FormatIn the ICMP packet format, the first 32 bits of the packet contain three fields:
Type (8-bit): The initial 8-bit of the packet is for message type, it provides a brief description of the message so that receiving network would know what kind of message it is receiving and how to respond to it. Some common message types are as follows:
- Type 0 - Echo reply
- Type 3 - Destination unreachable
- Type 5 - Redirect Message
- Type 8 - Echo Request
- Type 11 - Time Exceeded
- Type 12 - Parameter problem
Code (8-bit): Code is the next 8 bits of the ICMP packet format, this field carries some additional information about the error message and type.
Checksum (16-bit): Last 16 bits are for the checksum field in the ICMP packet header. The checksum is used to check the number of bits of the complete message and enable the ICMP tool to ensure that complete data is delivered.
The next 32 bits of the ICMP Header are Extended Header which has the work of pointing out the problem in IP Message. Byte locations are identified by the pointer which causes the problem message and receiving device looks here for pointing to the problem.
The last part of the ICMP packet is Data or Payload of variable length. The bytes included in IPv4 are 576 bytes and in IPv6, 1280 bytes.
ICMP in DDoS Attacks
In Distributed DOS (DDoS) attacks, attackers provide so much extra traffic to the target, so that it cannot provide service to users. There are so many ways through which an attacker executes these attacks, which are described below.
Ping of Death Attack
Whenever an attacker sends a ping, whose size is greater than the maximum allowable size, oversized packets are broken into smaller parts. When the sender re-assembles it, the size exceeds the limit which causes a buffer overflow and makes the machine freeze. This is simply called a Ping of Death Attack. Newer devices have protection from this attack, but older devices did not have protection from this attack.
ICMP Flood Attack
Whenever the sender sends so many pings that the device on whom the target is done is unable to handle the echo request. This type of attack is called an ICMP Flood Attack. This attack is also called a ping flood attack. It stops the target computer's resources and causes a denial of service for the target computer.
Smurf Attack
Smurf Attack is a type of attack in which the attacker sends an ICMP packet with a spoofed source IP address. These type of attacks generally works on older devices like the ping of death attack.
Types of ICMP Messages
| Type | Code | Description |
|---|
| 0 - Echo Reply | 0 | Echo reply |
| 3 - Destination Unreachable | 0 | Destination network unreachable |
| 1 | Destination host unreachable |
| 2 | Destination protocol unreachable |
| 3 | Destination port unreachable |
| 4 | Fragmentation is needed and the DF flag set |
| 5 | Source route failed |
| 5 - Redirect Message | 0 | Redirect the datagram for the network |
| 1 | Redirect datagram for the host |
| 2 | Redirect the datagram for the Type of Service and Network |
| 3 | Redirect datagram for the Service and Host |
| 8 - Echo Request | 0 | Echo request |
| 9 - Router Advertisement | 0 | Use to discover the addresses of operational routers |
| 10 - Router Solicitation | 0 |
| 11 - Time Exceeded | 0 | Time to live exceeded in transit |
| 1 | Fragment reassembly time exceeded. |
| 12 - Parameter Problem | 0 | The pointer indicates an error. |
| 1 | Missing required option |
| 2 | Bad length |
| 13 - Timestamp | 0 | Used for time synchronization |
| 14 - Timestamp Reply | 0 | Reply to Timestamp message |
Source Quench Message
A source quench message is a request to decrease the traffic rate for messages sent to the host destination) or we can say when receiving host detects that the rate of sending packets (traffic rate) to it is too fast it sends the source quench message to the source to slow the pace down so that no packet can be lost.
Source Quench MessageICMP will take the source IP from the discarded packet and inform the source by sending a source quench message. The source will reduce the speed of transmission so that router will be free from congestion.
Source Quench Message with Reduced SpeedWhen the congestion router is far away from the source the ICMP will send a hop-by-hop source quench message so that every router will reduce the speed of transmission.
Parameter Problem
Whenever packets come to the router then the calculated header checksum should be equal to the received header checksum then only the packet is accepted by the router.
Parameter ProblemIf there is a mismatch packet will be dropped by the router.
ICMP will take the source IP from the discarded packet and inform the source by sending a parameter problem message.
Time Exceeded Message
Time Exceeded MessageA notification with the subject line "Time Exceeded" is typically generated by routers or gateways. You need to know what an IP header is in a packet in order to comprehend this ICMP message in its entirety. The IP protocol structure is covered in great detail in the section on IP Protocol, which is freely available to our readers.
Destination Un-reachable
The destination is unreachable and is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.
Destination Un-reachableThere is no necessary condition that only the router gives the ICMP error message time the destination host sends an ICMP error message when any type of failure (link failure, hardware failure, port failure, etc) happens in the network.
Redirection Message
Redirect requests data packets are sent on an alternate route. The message informs a host to update its routing information (to send packets on an alternate route).
Example: If the host tries to send data through a router R1 and R1 sends data on a router R2 and there is a direct way from the host to R2. Then R1 will send a redirect message to inform the host that there is the best way to the destination directly through R2 available. The host then sends data packets for the destination directly to R2.
The router R2 will send the original datagram to the intended destination.
But if the datagram contains routing information then this message will not be sent even if a better route is available as redirects should only be sent by gateways and should not be sent by Internet hosts.
Redirection MessageWhenever a packet is forwarded in the wrong direction later it is re-directed in a current direction then ICMP will send a re-directed message.
For more, you can refer to Types of ICMP (Internet Control Message Protocol) Messages.
Advantages of ICMP
- Network devices use ICMP to send error messages, and administrators can use the Ping and Tracert commands to debug the network.
- These alerts are used by administrators to identify issues with network connectivity.
- A prime example is when a destination or gateway host notifies the source host via an ICMP message if there is a problem or a change in network connectivity that needs to be reported. Examples include when a destination host or networking becomes unavailable, when a packet is lost during transmission, etc.
- Furthermore, network performance and connection monitoring tools commonly employ ICMP to identify the existence of issues that the network team has to resolve.
- One quick and simple method to test connections and find the source is to use the ICMP protocol, which consists of queries and answers.
Disadvantages of ICMP
- If the router drops a packet, it may be due to an error; but, because to the way the IP (internet protocol) is designed, there is no way for the sender to be notified of this problem.
- Assume, while a data packet is being transmitted over the internet, that its lifetime is over and that the value of the time to live field has dropped to zero. In this case, the data packet is destroyed.
- Although devices frequently need to interact with one another, there isn't a standard method for them to do so in Internet Protocol. For instance, the host needs to verify the destination's vital signs to see if it is still operational before transmitting data.
Similar Reads
CCNA Tutorial for Beginners
This CCNA Tutorial is well-suited for the beginner as well as professionals, and It will cover all the basic to advanced concepts of CCNA like Components of Computer Networking, Transport Layer, Network Layer, CCNA training, Cisco Networking, Network Design, Routing and Switching, etc. which are req
8 min read
Basics of Computer Networking
Components of Computer Networking
NIC Full Form - Network Interface Card
NIC stands for Network Interface Card. NIC is additionally called Ethernet or physical or network card. NIC is one of the major and imperative components of associating a gadget with the network. Each gadget that must be associated with a network must have a network interface card. Even the switches
4 min read
What is a Network Switch and How Does it Work?
The Switch is a network device that is used to segment the networks into different subnetworks called subnets or LAN segments. It is responsible for filtering and forwarding the packets between LAN segments based on MAC address. Switches have many ports, and when data arrives at any port, the destin
9 min read
What is Network Hub and How it Works?
Hub in networking plays a vital role in data transmission and broadcasting. A hub is a hardware device used at the physical layer to connect multiple devices in the network. Hubs are widely used to connect LANs. A hub has multiple ports. Unlike a switch, a hub cannot filter the data, i.e. it cannot
6 min read
Introduction of a Router
Network devices are physical devices that allow hardware on a computer network to communicate and interact with one another. For example Repeater, Hub, Bridge, Switch, Routers, Gateway, Router, and NIC, etc. What is a Router?A Router is a networking device that forwards data packets between computer
12 min read
Types of Ethernet Cable
An ethernet cable allows the user to connect their devices such as computers, mobile phones, routers, etc, to a Local Area Network (LAN) that will allow a user to have internet access, and able to communicate with each other through a wired connection. It also carries broadband signals between devic
5 min read
Transport Layer
Transport Layer responsibilities
The transport Layer is the second layer in the TCP/IP model and the fourth layer in the OSI model. It is an end-to-end layer used to deliver messages to a host. It is termed an end-to-end layer because it provides a point-to-point connection rather than hop-to-hop, between the source host and destin
5 min read
Introduction of Ports in Computers
A port is basically a physical docking point which is basically used to connect the external devices to the computer, or we can say that A port act as an interface between the computer and the external devices, e.g., we can connect hard drives, printers to the computer with the help of ports. Featur
3 min read
What is TCP (Transmission Control Protocol)?
Transmission Control Protocol (TCP) is a connection-oriented protocol for communications that helps in the exchange of messages between different devices over a network. It is one of the main protocols of the TCP/IP suite. In OSI model, it operates at the transport layer(Layer 4). It lies between th
5 min read
TCP 3-Way Handshake Process
The TCP 3-Way Handshake is a fundamental process that establishes a reliable connection between two devices over a TCP/IP network. It involves three steps: SYN (Synchronize), SYN-ACK (Synchronize-Acknowledge), and ACK (Acknowledge). During the handshake, the client and server exchange initial sequen
6 min read
User Datagram Protocol (UDP)
User Datagram Protocol (UDP) is a Transport Layer protocol. UDP is a part of the Internet Protocol suite, referred to as UDP/IP suite. Unlike TCP, it is an unreliable and connectionless protocol. So, there is no need to establish a connection before data transfer. The UDP helps to establish low-late
10 min read
Cisco Networking Devices
Network Devices (Hub, Repeater, Bridge, Switch, Router, Gateways and Brouter)
Network devices are physical devices that allow hardware on a computer network to communicate and interact with each other. Network devices like hubs, repeaters, bridges, switches, routers, gateways, and brouter help manage and direct data flow in a network. They ensure efficient communication betwe
9 min read
Collision Detection in CSMA/CD
CSMA/CD (Carrier Sense Multiple Access/ Collision Detection) is a media access control method that was widely used in Early Ethernet technology/LANs when there used to be shared Bus Topology and each node ( Computers) was connected by Coaxial Cables. Nowadays Ethernet is Full Duplex and Topology is
7 min read
Collision Domain and Broadcast Domain in Computer Network
Prerequisite - Network Devices, Transmission Modes The most common network devices used are routers and switches. But we still hear people talking about hubs, repeaters, and bridges. Do you ever wonder why these former devices are preferred over the latter ones? One reason could be: 'because they ar
5 min read
Difference between layer-2 and layer-3 switches
A switch is a device that sends a data packet to a local network. What is the advantage of a hub? A hub floods the network with the packet and only the destination system receives that packet while others just drop due to which the traffic increases a lot. To solve this problem switch came into the
5 min read