Monday, September 6, 2010

Introduction To Internet Control Message Protocol (ICMP)

If I say 'ICMP' most people on networking domain would recognise in case you didn't know that, now you do :).

The Internet Control Message Protocol, or ICMP is a very popular protocol and actually part of an Internet Protocol (IP) implementation. ICMP came into the scene to provide feedback on problems which existed in the network.

ICMP is one of the most useful protocol to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more. Personally, I use ICMP a lot, but you need to keep its limits in mind beause you might end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) when a webserver is configured NOT to reply or a Firewall is configured to block 'ping' for security reasons looking at its position in the OSI model we can see that it's sitting over the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above.

The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.

I am going to break down the different message descriptions as they have been defined by the RFC792.

List of control messages

0 - Echo Reply0Echo reply (used to ping)
1 and 2Reserved
3 - Destination Unreachable0Destination network unreachable
1Destination host unreachable
2Destination protocol unreachable
3Destination port unreachable
4Fragmentation required, and DF flag set
5Source route failed
6Destination network unknown
7Destination host unknown
8Source host isolated
9Network administratively prohibited
10Host administratively prohibited
11Network unreachable for TOS
12Host unreachable for TOS
13Communication administratively prohibited
4 - Source Quench0Source quench (congestion control)
5 - Redirect Message0Redirect Datagram for the Network
1Redirect Datagram for the Host
2Redirect Datagram for the TOS & network
3Redirect Datagram for the TOS & host
6Alternate Host Address
8 - Echo Request0Echo request
9 - Router Advertisement0Router Advertisement
10 - Router Solicitation0Router discovery/selection/solicitation
11 - Time Exceeded0TTL expired in transit
1Fragment reassembly time exceeded
12 - Parameter Problem: Bad IP header0Pointer indicates the error
1Missing a required option
2Bad length
13 - Timestamp0Timestamp
14 - Timestamp Reply0Timestamp reply
15 - Information Request0Information Request
16 - Information Reply0Information Reply
17 - Address Mask Request0Address Mask Request
18 - Address Mask Reply0Address Mask Reply
19Reserved for security
20 through 29Reserved for robustness experiment
30 - Traceroute0Information Request
31Datagram Conversion Error
32Mobile Host Redirect
33Where-Are-You (originally meant for IPv6)
34Here-I-Am (originally meant for IPv6)
35Mobile Registration Request
36Mobile Registration Reply
37Domain Name Request
38Domain Name Reply
39SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol
40Photuris, Security failures
41ICMP for experimental mobility protocols such as Seamoby [RFC4065]
42 through 255Reserved

The ICMP header starts after the IPv4 header.


  • Type - ICMP type as specified below.
  • Code - further specification of the ICMP type; e.g. : an ICMP Destination Unreachable might have this field set to 1 through 15 each bearing different meaning.
  • Checksum - This field contains error checking data calculated from the ICMP header+data, with value 0 for this field. The algorithm is the same as the header checksum for IPv4.
  • ID - This field contains an ID value, should be returned in case of ECHO REPLY.
  • Sequence - This field contains a sequence value, should be returned in case of ECHO REPLY.

Padding data

Padding data follows the ICMP header (in octets):
  • The Linux "ping" utility pads ICMP to a total size of 56 bytes in addition to the 8 octet header.
  • Windows "ping" pads to a total size of 32 bytes in addition to the 8 octet header.

ICMP - Echo / Echo Reply (Ping) Message

Echo is simply what most people call a 'ping'. The Echo Reply is the 'ping reply'. ICMP Echos are used mostly for troubleshooting. When there are 2 hosts which have communication problems, a few ICMP Echo requests will show if the 2 hosts have their TCP/IP stacks configured correctly and if there are any problems in network for packets in order to get to the other side.

Let's have a look at what an ICMP-Echo or Echo Reply packet looks like:

Okay, now looking at the screen shot above, you can see I 'pinged' the first thing my workstation did was to resolve that URL to an IP address. This was done using DNS. Once the DNS server returned the IP address of, the workstation generated an ICMP packet with the Type field set to 8.

ICMP - Destination Unreachable Message

The Destination Unreachable message is an ICMP message which is generated by gateway to inform the client that the destination is unreachable for some reason.

The error will not be generated if the original datagram has a multicast destination address. Reasons for this message may include: the physical connection to the host does not exist (distance is infinite); the indicated protocol or port is not active; the data must be fragmented but the 'don't fragment' flag is on..

Type = 3CodeHeader Checksum
EmptyNext-Hop MTU
IP Header + First 8 Bytes of Original Datagram's Data

The type field (bits 0-7) must be set to 3. The code field (bits 8-15) is used to specify the type of error, and can be any as listed on the "List of control messages table" Kindly refer above.

ICMP Source Quench

The Source Quench is an Internet Control Message Protocol message which requests the sender to decrease the traffic rate of messages to a router or host. This message may be generated if the router or host does not have sufficient buffer space to process the request, or may occur if the router or host's buffer is approaching its limit.

ICMP Redirect Message

The ICMP Redirect type is sent in a single case. Consider this, you have a network ( with several clients and hosts on it, and two gateways ( & ( One gateway ( is to route the traffic for network, and the other default gateway ( to the rest of the Internet. Now consider if one of the hosts on the network has no route set to, but it has the default gateway set. It sends a packet to the default gateway, which of course knows about the network. The default gateway can deduce that it is faster to send the packet directly to the gateway since the packet will enter and leave the gateway on the same interface. The default gateway will hence send out a single ICMP Redirect packet to the host, telling it about the real gateway, and then sending the packet on to the gateway. The host will now know about the closest gateway, and hopefully use it in the future.

Type must be set to 5. The code, which specifies the reason for the redirection, include the following:

0Redirect for Network Error.
1Redirect for Host Error.
2Redirect for Type of Service and Network Error.
3Redirect for Type of Service and Host Error.

The IP address is the 32-bit address of the gateway to which the redirection should be sent. The additional data is included to allow the host to match the reply with the request that caused the redirection reply.

ICMP Router Discovery Protocol

ICMP Internet Router Discovery Protocol (IRDP) uses Internet Control Message Protocol (ICMP) router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet.

It basically consists of 2 Message-Types (Router Advertisement & Router Solicitation) used for discovering local routers. The message type 9 is sent periodically or on request (using a message of type 10) to the local subnet from the local router(s) to propagate themselves. On boot, the client may send a ICMP-Message of type 10 to ask for local routers. When a client receives a message type 9, they are adding the router to their local routing-table.

ICMP Time Exceeded

The Time Exceeded Message is an ICMP message which is generated to inform the source of a discarded datagram due to the time to live field reaching zero If the TTL field reaches 0 during transit through the packet must be discarded. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit.

Now lets take a look @ the example. The below mentioned screenshot show the traceroute to reaches in 17 hop.

The below mentioned screenshot TTL value is set to 50 & 51 by the system when pinging

In the above traceroute we saw was reached in 17 hops. Now lets set the TTL value to 10 and you can see the "TTL expired in transit" message.

Parameter Problem: Bad IP header

The ICMP Parameter problem message is generated as a response for any error not specifically covered by another ICMP message.

The IP header plus the first 8 bytes of the original datagram's data is returned to the sender. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first 64 data bits of the original datagram's data.

ICMP Timestamp Request / Reply

The Timestamp is an ICMP message which is used for time synchronization. It consists of the originating timestamp.

The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp.

Information Request / Reply 

This message may be sent with the source network in the IP header source and destination address fields zero (which means "this" network). The replying IP module should send the reply with the addresses fully specified. This message is a way for a host to find out the number of the network it is on.

The identifier and sequence number may be used by the echo sender to aid in matching the replies with the requests. For example, the identifier might be used like a port in TCP or UDP to identify a session, and the sequence number might be incremented on each request sent. The destination returns these same values in the reply.

The Information Request/Reply pair was intended to support self-configuring systems such as diskless workstations, to allow them to discover their IP network prefixes at boot time. However, these messages are now obsolete. The RARP and BOOTP protocols provide better mechanisms for a host to discover its own IP address.

ICMP Address Mask Request / Reply

Address Mask Request is an ICMP query message, normally sent by a host to a router in order to obtain an appropriate subnet mask & Address Mask Reply is an ICMP message, used to reply to an Address Mask Request message with an appropriate subnet mask


Traceroute is a computer network tool used to show the route taken by packets across an IP network. An IPv6 variant, traceroute6, is also widely available.

The working principle of any traceroute program is based on the usage of ICMP. Traceroute uses the TTL field in the header of ICMP packets to discover the Layer 3 Network devices on the path to reach the destination.

The main goal of the TTL field is to avoid infinite loop of packets in meshed networks. By increasing the TTL by one each time the source system sends a packet to the destination the path are successively discovered and the time needed for a round trip is deducted.

Leave your comment below


  1. Nice Article , The way it is expalined is so simple and easy to understand .

    Thanks Much for the Article.


  2. we are living in a leap forward in pushing the nuts and bolts of web pushing our substance to more gadgets then ever known before is that truly what might break streak? Java

  3. One way of meeting the internet needs is to have a dial up connection running over analog phone lines or an Integrated Service Digital Network (ISDN) that uses digital telephone lines to send data. visit homepage

  4. This is very educational content and written well for a change. It's nice to see that some people still understand how to write a quality post!

  5. I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post.

  6. How exactly the Internet Plug could ever get pulled is a complicated question, mcafee vs norton due to the expansive infrastructure that makes up the Internet. It would probably require the shutting down of every server and local DNS around the world.

  7. PCs and correspondence innovations additionally advance more market-like types of creation and to write a blog post that converts

  8. Presently we as a whole realize that online life is HOT, HOT, HOT!! I mean smoking HOT! free webinar software

  9. Equally some in reality stay a completely New Life within the Internet like those who use Second Life.can you fax documents online

  10. The use of internet nowadays has really upstaged all the habits in the world that we used to know. In fact, it already became a part of the daily routine for most people to the point that their day is incomplete without even checking their emails, updating Facebook status, browsing for the latest news and trends, or even playing a single online game. Indeed, it has greatly influenced today's lifestyles. KickassTorrents proxy

  11. be triumphant! it can be one of the maximum beneficial blogs we have ever come upon upon the difficulty. first rate data! Im similarly to an expert in this topic consequently i can obtain your attempt tremendously quick. thank you for the massive formerly. Larby

  12. Comparable promotional principles form the basis of Internet marketing but are made simpler, quicker and less expensive with advanced technology and progressive solutions. best internet provider toronto

  13. The Internet has become an important asset in the work environment, the world's greatest reference library, web-based media focus, and erotic entertainment source is currently just a tick away.internet

  14. I think this is an informative post and it is very useful and knowledgeable. therefore, I would like to thank you for the efforts you have made in writing this article. 科学上网

  15. Your Post is very informative. If you are looking for the new vape subscription box then you must get to our company site and check out new box styles to pack your products in them.

  16. This is the least used, as well as the one of the fastest broadband Internet connections out of the four types mentioned here. The reason why it is the least used is the fact that not many areas have fiber-optic Internet connections available yet. 192.168.l.l huawei

  17. Gift Boxes, Gift Boxes Factory, Gift Boxes Wholesale, Gift Box Manufacturer Gift Boxes, Gift Boxes Factory,custom packaging uk custom packaging uk Gift Box Manufacturer Custom Printing Services is the fastest handmade service manufacturers of printed packaging box.

  18. Another problem is that many people tend to skip ads if they are not appealing. Therefore, it is better that you go for SMM panels. They can help you to achieve your goals in a short period of time while making sure you are on the safe side. have a peek here

  19. I read your blog frequently and I just thought I’d say keep up the amazing work! Salem seo

  20. thanks as a outcomes a good deal as you have been approved to share guidance deliberating us. we can completely glorify altogether you have finished right here due to the fact you have got made my comport your self as nicely-ventilated as ABC. visit this page

  21. This comment has been removed by the author.

  22. i'm incapable of reading articles online particularly frequently, however Im happy I did nowadays. it is selected adroitly written, and your points are adeptly-expressed. I demand you harmoniously, entertain, dont ever lower writing. internet providers toronto

  23. The web site loading speed is incredible. It seems that you’re doing any distinctive trick. In addition, The contents are masterpiece. you have done a great activity on this matter!personal product packaging | personal product packaging

  24. Your privacy is protected when you use such proxies. site

  25. So, this article will show you how to be fruitful in your first year in Internet marketing.

  26. Referenced before with every one of the advantages of web showcasing, individuals actually purchase magazines, announcements went out to verify their mail, sit in front of the TV, and shopping.

  27. An effective advertiser needs a dream to have the option to succeed.

  28. Contrasted and a simple video reconnaissance framework, an advanced video observation offers much better adaptability in video content handling or information transmission.

  29. The business catalog on paper structure had their prime for a long time, however the populace presently goes to the Internet for the data they look for, so most print indexes are gathering dust. personal injury attorney
    Brooklyn injury attorneys P.C.