Introduction To The ICMP Protocol
The Internet Control Message Protocol (ICMP), is a very popular protocol and actually part of an Internet Protocol (IP) implementation. Because IP wasn't designed to be absolutely reliable, ICMP came into the scene to provide feedback on problems which existed in the communication environment.
ICMP is one of the most useful protocols provided to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more, however caution must be taken because you can easily end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) from a web server when in fact its firewall is configured not to reply to 'pings' for security reasons! This usually leads most engineers to the incorrect conclusion that the remote host might be down.
Note
A few years ago there was a program released, which still circulates around the Internet, called Click (I got my hands on version 1.4). Click was designed to run on a Windows platform and work against MIRC users - Windows based program for the Internet Relay Chat (IRC) network. The program would utilise the different messages available within the ICMP protocol to send special error messages to Mirc users, making the remote user's program think it had lost connectivity with the IRC server, thus disconnecting them from the server ! The magic is not what the program can do, but how it does it!
The ICMP Protocol
ICMP is defined in RFC (Request For Comments) RFC792. Looking at its position in the OSI model we can see that it's sitting in the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above:
The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.
I am going to break down the different message descriptions as they have been defined by the RFC792.
There is a lot of information to cover in ICMP so I have broken it down to multiple pages rather than sticking everything into one huge page that would bore you!
Also, I haven't included all the messages which ICMP supports, rather I selected a few of the more common ones that you're likely to come across. You can always refer to the RFC792 to get the details on all messages.
We will start with a visual example of where the ICMP header and information are put in a packet, to help you understand better what we are dealing with :)
The structure is pretty simple, not a lot involved, but the contents of the ICMP header will change depending on the message it contains. For example, the header information for an 'echo' (ping) message (this is the correct term) is different to that of a 'destination unreachable' message, also a function of ICMP.
NOTE: If you were to run a packet sniffer on your LAN and catch a "ping" packet to see what it looks like, you would get more than I am showing here. There will be an extra header, the datalink header, which is not shown here because that header will change (or more likely be removed) as the packet moves from your LAN to the Internet, but the 2 headers you see in this picture will certainly remain the same until they reach their destination.
So, that now leaves us to analyse a few of the selected ICMP messages !
The table below shows all the ICMP messages the protocol supports. The messages that are in the green colour are the ones covered. Please click on the ICMP message you wish to read about:
