ICMP (Internet Control Message Protocol)
- Layer 3 protocol that provides error reporting and diagnostic capabilities for IP networks
- Works as IP’s “sidekick” - when IP packets encounter problems, ICMP sends error messages back to the source
- Does not carry user data - purely for network control and diagnostics
- Uses IP for transport (IP protocol number 1) but operates at the network layer alongside IP
Core Functions
- Error Reporting: Notifies sources when packets can’t be delivered or processed
- Network Diagnostics: Enables tools like ping and traceroute for troubleshooting
- Path MTU Discovery: Helps determine maximum packet size for efficient transmission
- Redirect Messages: Informs hosts of better routing paths
Common ICMP Message Types
| Type | Code | Message | Purpose |
|---|---|---|---|
| 0 | 0 | Echo Reply | Response to ping |
| 3 | 0 | Destination Net Unreachable | No route to network |
| 3 | 1 | Destination Host Unreachable | Host not responding |
| 8 | 0 | Echo Request | Ping command |
| 11 | 0 | Time Exceeded | TTL expired |
Ping Operation
- Sends ICMP Echo Request (Type 8) to destination
- Destination responds with Echo Reply (Type 0) if reachable
- Round-trip time (RTT) measured for performance analysis
Traceroute Operation
- Uses TTL manipulation to discover path to destination
- Sends packets with incrementing TTL values (1, 2, 3…)
- Each router decrements TTL and sends Time Exceeded when TTL reaches 0
- Maps the path by collecting responses from each hop
Notes
- ICMP is often blocked by firewalls and security devices
- Don’t assume network is down if ping fails - many organizations block ICMP
- Ping showing asterisks (*) indicates ICMP blocking, not necessarily path failure