Internet Control Message Protocol (ICMP) is a network layer protocol used to diagnose communication errors by performing an error control mechanism. Since IP does not have an inbuilt mechanism for sending error and control messages. It depends on Internet Control Message Protocol(ICMP) to provide error control.
ICMP is used for reporting errors and management queries. It is a supporting protocol and is used by network devices like routers for sending error messages and operations information. For example, the requested service is not available or a host or router could not be reached.
Uses of ICMP
ICMP is used for error reporting if two devices connect over the internet and some error occurs, So, the router sends an ICMP error message to the source informing about the error. For Example, whenever a device sends any message which is large enough for the receiver, in that case, the receiver will drop the message and reply back ICMP message to the source.
Another important use of ICMP protocol is used to perform network diagnosis by making use of traceroute and ping utility. We will discuss them one by one.
Traceroute: Traceroute utility is used to know the route between two devices connected over the internet. It routes the journey from one router to another, and a traceroute is performed to check network issues before data transfer.
Ping: Ping is a simple kind of traceroute known as the echo-request message, it is used to measure the time taken by data to reach the destination and return to the source, these replies are known as echo-replies messages.
How Does ICMP Work?
ICMP is the primary and important protocol of the IP suite, but ICMP isn’t associated with any transport layer protocol (TCP or UDP) as it doesn’t need to establish a connection with the destination device before sending any message as it is a connectionless protocol.
The working of ICMP is just contrasting with TCP, as TCP is a connection-oriented protocol whereas ICMP is a connectionless protocol. Whenever a connection is established before the message sending, both devices must be ready through a TCP Handshake.
ICMP packets are transmitted in the form of datagrams that contain an IP header with ICMP data. ICMP datagram is similar to a packet, which is an independent data entity.
ICMP Packet Format
ICMP header comes after IPv4 and IPv6 packet header.
ICMPv4 Packet Format
In the ICMP packet format, the first 32 bits of the packet contain three fields:
Type (8-bit): The initial 8-bit of the packet is for message type, it provides a brief description of the message so that receiving network would know what kind of message it is receiving and how to respond to it. Some common message types are as follows:
- Type 0 – Echo reply
- Type 3 – Destination unreachable
- Type 5 – Redirect Message
- Type 8 – Echo Request
- Type 11 – Time Exceeded
- Type 12 – Parameter problem
Code (8-bit): Code is the next 8 bits of the ICMP packet format, this field carries some additional information about the error message and type.
Checksum (16-bit): Last 16 bits are for the checksum field in the ICMP packet header. The checksum is used to check the number of bits of the complete message and enable the ICMP tool to ensure that complete data is delivered.
The next 32 bits of the ICMP Header are Extended Header which has the work of pointing out the problem in IP Message. Byte locations are identified by the pointer which causes the problem message and receiving device looks here for pointing to the problem.
The last part of the ICMP packet is Data or Payload of variable length. The bytes included in IPv4 are 576 bytes and in IPv6, 1280 bytes.
ICMP in DDoS Attacks
In Distributed DOS (DDoS) attacks, attackers provide so much extra traffic to the target, so that it cannot provide service to users. There are so many ways through which an attacker executes these attacks, which are described below.
Ping of Death Attack
Whenever an attacker sends a ping, whose size is greater than the maximum allowable size, oversized packets are broken into smaller parts. When the sender re-assembles it, the size exceeds the limit which causes a buffer overflow and makes the machine freeze. This is simply called a Ping of Death Attack. Newer devices have protection from this attack, but older devices did not have protection from this attack.
ICMP Flood Attack
Whenever the sender sends so many pings that the device on whom the target is done is unable to handle the echo request. This type of attack is called an ICMP Flood Attack. This attack is also called a ping flood attack. It stops the target computer’s resources and causes a denial of service for the target computer.
Smurf Attack
Smurf Attack is a type of attack in which the attacker sends an ICMP packet with a spoofed source IP address. These type of attacks generally works on older devices like the ping of death attack.
Types of ICMP Messages
| Type | Code | Description |
|---|
| 0 – Echo Reply | 0 | Echo reply |
| 3 – Destination Unreachable | 0 | Destination network unreachable |
| 1 | Destination host unreachable |
| 2 | Destination protocol unreachable |
| 3 | Destination port unreachable |
| 4 | Fragmentation is needed and the DF flag set |
| 5 | Source route failed |
| 5 – Redirect Message | 0 | Redirect the datagram for the network |
| 1 | Redirect datagram for the host |
| 2 | Redirect the datagram for the Type of Service and Network |
| 3 | Redirect datagram for the Service and Host |
| 8 – Echo Request | 0 | Echo request |
| 9 – Router Advertisement | 0 | Use to discover the addresses of operational routers |
| 10 – Router Solicitation | 0 |
| 11 – Time Exceeded | 0 | Time to live exceeded in transit |
| 1 | Fragment reassembly time exceeded. |
| 12 – Parameter Problem | 0 | The pointer indicates an error. |
| 1 | Missing required option |
| 2 | Bad length |
| 13 – Timestamp | 0 | Used for time synchronization |
| 14 – Timestamp Reply | 0 | Reply to Timestamp message |
Source Quench Message
A source quench message is a request to decrease the traffic rate for messages sent to the host destination) or we can say when receiving host detects that the rate of sending packets (traffic rate) to it is too fast it sends the source quench message to the source to slow the pace down so that no packet can be lost.
Source Quench Message
ICMP will take the source IP from the discarded packet and inform the source by sending a source quench message. The source will reduce the speed of transmission so that router will be free from congestion.
Source Quench Message with Reduced Speed
When the congestion router is far away from the source the ICMP will send a hop-by-hop source quench message so that every router will reduce the speed of transmission.
Parameter Problem
Whenever packets come to the router then the calculated header checksum should be equal to the received header checksum then only the packet is accepted by the router.
Parameter Problem
If there is a mismatch packet will be dropped by the router.
ICMP will take the source IP from the discarded packet and inform the source by sending a parameter problem message.
Time Exceeded Message
Time Exceeded Message
When some fragments are lost in a network then the holding fragment by the router will be dropped then ICMP will take the source IP from the discarded packet and informs the source, of discarded datagram due to the time to live field reaching zero, by sending the time exceeded message.
Destination Un-reachable
The destination is unreachable and is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.
Destination Un-reachable
There is no necessary condition that only the router gives the ICMP error message time the destination host sends an ICMP error message when any type of failure (link failure, hardware failure, port failure, etc) happens in the network.
Redirection Message
Redirect requests data packets are sent on an alternate route. The message informs a host to update its routing information (to send packets on an alternate route).
Example: If the host tries to send data through a router R1 and R1 sends data on a router R2 and there is a direct way from the host to R2. Then R1 will send a redirect message to inform the host that there is the best way to the destination directly through R2 available. The host then sends data packets for the destination directly to R2.
The router R2 will send the original datagram to the intended destination.
But if the datagram contains routing information then this message will not be sent even if a better route is available as redirects should only be sent by gateways and should not be sent by Internet hosts.
Redirection Message
Whenever a packet is forwarded in the wrong direction later it is re-directed in a current direction then ICMP will send a re-directed message.
For more, you can refer to Types of ICMP (Internet Control Message Protocol) Messages.
FAQs
1. What is ICMP used for?
Internet Control Message Protocol (ICMP) is used for error reporting. Error Reporting by ICMP works by sending messages to the sender from the receiver in the case when data is not received.
2. Is ICMP the same as ping?
ICMP and ping are two different things, but they are somehow related. ICMP is a protocol that manages the messages between the devices and Ping is produced using ICMP.
3. How does ICMP ping work?
ICMP ping is a way to check whether there is a connection established between two devices on the internet. We can check packet loss or any delay that happens within the network with the help of ICMP ping.