Skip to main content

ICMP Protocol - Part 7: Time Exceeded Message Analysis

Article Reads:119044

The ICMP - Time Exceeded message is one which is usually created by gateways or routers. In order to fully understand this ICMP message, you must be familiar with the IP header within a packet. Our readers can also visit the IP Protocol section which covers the IP protocol structure in great depth.

When looking at an IP header, you will see the TTL and Fragment Flag fields which play a big part in how this ICMP message works. Please make sure you check them out before attempting to continue!

The ICMP - Time exceeded message is generated when the gateway processing the datagram (or packet, depending on how you look at it) finds the Time To Live field (this field is in the IP header of all packets) is equal to zero and therefore must be discarded. The same gateway may also notify the source host via the time exceeded message.

The term 'fragment' means to 'cut to pieces'. When the data is too large to fit into one packet, it is cut into smaller pieces and sent to the destination. On the other end, the destination host will receive the fragmented pieces and put them back together to create the original large data packet which was fragmented at the source.

Analysis of the ICMP Time Exceeded Message

Let's have a look at the structure of an ICMP - Time exceeded message:

icmp-time-exceeded-1

icmp-time-exceeded-2

If a host reassembling a fragmented datagram (or packet) cannot complete the reassembly due to missing fragments within its time limit it discards the datagram and it may send an ICMP - time exceeded message.

If fragment zero is not available then no ICMP - time exceeded message is needed to be sent at all. Code 0 may be received from a gateway and Code 1 from a host.

So, summing it up, an ICMP - Time exceeded message can be generated because the Time to live field in the IP header has reached a value of zero (0) or because a host reassembling a fragmented datagram cannot complete the reassembly within its time limit because there are missing fragments (Fragment reassembly time exceeded the allocated time).

Back to the ICMP Protocol Section

Your IP address:

44.201.97.224

All-in-one protection for Microsoft 365

All-in-one protection for Microsoft 365

FREE Hyper-V & VMware Backup

FREE Hyper-V & VMware Backup

Wi-Fi Key Generator

Generate/Crack any
WEP, WPA, WPA2 Key!

Follow Firewall.cx

Network and Server Monitoring

Network and Server Monitoring

Cisco Password Crack

Decrypt Cisco Type-7 Passwords on the fly!

Decrypt Now!

Bandwidth Monitor

Bandwidth Monitor

EventLog Analyzer

ManageEngine Eventlog Analyzer

Free PatchManager

Free PatchManager

Firewall Analyzer

zoho firewall analyzer