Skip to main content

ICMP Protocol - Part 1: Introduction

Article Reads:50935

The Internet Control Message Protocol (ICMP), is a very popular protocol and actually part of an Internet Protocol (IP) implementation. Because IP wasn't designed to be absolutely reliable, ICMP came into the scene to provide feedback on problems which existed in the communication environment.

ICMP is one of the most useful protocols provided to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more, however caution must be taken because you can easily end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) from a web server when in fact its firewall is configured not to reply to 'pings' for security reasons! This usually leads most engineers to the incorrect conclusion that the remote host might be down.

The ICMP Protocol

ICMP is defined in RFC (Request For Comments) RFC792. Looking at its position in the OSI model we can see that it's sitting in the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above:

icmp-intro-1

 

The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.

I am going to break down the different message descriptions as they have been defined by the RFC792.

There is a lot of information to cover in ICMP so I have broken it down to multiple pages rather than sticking everything into one huge page that would bore you!

 

Also, I haven't included all the messages which ICMP supports, rather I selected a few of the more common ones that you're likely to come across. You can always refer to the RFC792 to get the details on all messages.

We will start with a visual example of where the ICMP header and information are put in a packet, to help you understand better what we are dealing with.

icmp-header

The structure is pretty simple, not a lot involved, but the contents of the ICMP header will change depending on the message it contains. For example, the header information for an 'echo' (ping) message (this is the correct term) is different to that of a 'destination unreachable' message, also a function of ICMP.

NOTE: If you were to run a packet sniffer on your LAN and catch a "ping" packet to see what it looks like, you would get more than I am showing here. There will be an extra header, the datalink header, which is not shown here because that header will change (or more likely be removed) as the packet moves from your LAN to the Internet, but the 2 headers you see in this picture will certainly remain the same until they reach their destination.

So, that now leaves us to analyse a few of the selected ICMP messages !

The table below shows all the ICMP messages the protocol supports. The messages that are in the green colour are the ones covered. Please click on the ICMP message you wish to read about:

icmp-messages

Next - ICMP Protocol - Part 2: Echo / Echo Reply (Ping) Message

Your IP address:

54.205.179.155

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Network and Server Monitoring

Network and Server Monitoring

Follow Firewall.cx

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Bandwidth Monitor

Free PatchManager

Free PatchManager

EventLog Analyzer

ManageEngine Eventlog Analyzer

Firewall Analyzer

zoho firewall analyzer