Open In App

Internet Control Message Protocol (ICMP)

Improve
Improve
Improve
Like Article
Like
Save Article
Save
Share
Report issue
Report

Internet Control Message Protocol is known as ICMP. The protocol is at the network layer. It is mostly utilized on network equipment like routers and is utilized for error handling at the network layer. Since there are various kinds of network layer faults, ICMP can be utilized to report and troubleshoot these errors.

Since IP does not have an inbuilt mechanism for sending error and control messages. It depends on Internet Control Message Protocol(ICMP) to provide error control. In this article, we are going to discuss ICMP in detail along with their uses, messages, etc.

What is ICMP?

ICMP is used for reporting errors and management queries. It is a supporting protocol and is used by network devices like routers for sending error messages and operations information. For example, the requested service is not available or a host or router could not be reached.

Since the IP protocol lacks an error-reporting or error-correcting mechanism, information is communicated via a message. For instance, when a message is sent to its intended recipient, it may be intercepted along the route from the sender. The sender may believe that the communication has reached its destination if no one reports the problem. If a middleman reports the mistake,

Uses of ICMP 

ICMP is used for error reporting if two devices connect over the internet and some error occurs, So, the router sends an ICMP error message to the source informing about the error. For Example, whenever a device sends any message which is large enough for the receiver, in that case, the receiver will drop the message and reply to the ICMP message to the source.

Another important use of ICMP protocol is used to perform network diagnosis by making use of traceroute and ping utility.

Traceroute: Traceroute utility is used to know the route between two devices connected over the internet. It routes the journey from one router to another, and a traceroute is performed to check network issues before data transfer. 

Ping: Ping is a simple kind of traceroute known as the echo-request message, it is used to measure the time taken by data to reach the destination and return to the source, these replies are known as echo-replies messages.

How Does ICMP Work?

ICMP is the primary and important protocol of the IP suite, but ICMP isn’t associated with any transport layer protocol (TCP or UDP) as it doesn’t need to establish a connection with the destination device before sending any message as it is a connectionless protocol.

The working of ICMP is just contrasting with TCP, as TCP is a connection-oriented protocol whereas ICMP is a connectionless protocol. Whenever a connection is established before the message sending, both devices must be ready through a TCP Handshake.

ICMP packets are transmitted in the form of datagrams that contain an IP header with ICMP data. ICMP datagram is similar to a packet, which is an independent data entity. 

ICMP Packet Format

ICMP header comes after IPv4 and IPv6 packet header. 

ICMPv4 Packet Format

ICMPv4 Packet Format

In the ICMP packet format, the first 32 bits of the packet contain three fields:

Type (8-bit): The initial 8-bit of the packet is for message type, it provides a brief description of the message so that receiving network would know what kind of message it is receiving and how to respond to it. Some common message types are as follows:

  • Type 0 – Echo reply
  • Type 3 – Destination unreachable
  • Type 5 – Redirect Message
  • Type 8 – Echo Request
  • Type 11 – Time Exceeded
  • Type 12 – Parameter problem

Code (8-bit): Code is the next 8 bits of the ICMP packet format, this field carries some additional information about the error message and type.

Checksum (16-bit): Last 16 bits are for the checksum field in the ICMP packet header. The checksum is used to check the number of bits of the complete message and enable the ICMP tool to ensure that complete data is delivered.

The next 32 bits of the ICMP Header are Extended Header which has the work of pointing out the problem in IP Message. Byte locations are identified by the pointer which causes the problem message and receiving device looks here for pointing to the problem.

The last part of the ICMP packet is Data or Payload of variable length. The bytes included in IPv4 are 576 bytes and in IPv6, 1280 bytes.

ICMP in DDoS Attacks

In Distributed DOS (DDoS) attacks, attackers provide so much extra traffic to the target, so that it cannot provide service to users. There are so many ways through which an attacker executes these attacks, which are described below.

Ping of Death Attack

Whenever an attacker sends a ping, whose size is greater than the maximum allowable size, oversized packets are broken into smaller parts. When the sender re-assembles it, the size exceeds the limit which causes a buffer overflow and makes the machine freeze. This is simply called a Ping of Death Attack. Newer devices have protection from this attack, but older devices did not have protection from this attack.

ICMP Flood Attack

Whenever the sender sends so many pings that the device on whom the target is done is unable to handle the echo request. This type of attack is called an ICMP Flood Attack. This attack is also called a ping flood attack. It stops the target computer’s resources and causes a denial of service for the target computer.

Smurf Attack

Smurf Attack is a type of attack in which the attacker sends an ICMP packet with a spoofed source IP address. These type of attacks generally works on older devices like the ping of death attack.

Types of ICMP Messages

Type Code        Description
0 – Echo Reply 0 Echo reply
3 – Destination Unreachable 0 Destination network unreachable
1 Destination host unreachable
2 Destination protocol unreachable
3 Destination port unreachable
4 Fragmentation is needed and the DF flag set
5 Source route failed
5 – Redirect Message 0 Redirect the datagram for the network
1 Redirect datagram for the host
2 Redirect the datagram for the Type of Service and Network
3 Redirect datagram for the Service and Host
8 – Echo Request 0 Echo request
9 – Router Advertisement 0 Use to discover the addresses of operational routers
10 – Router Solicitation 0
11 – Time Exceeded 0 Time to live exceeded in transit
1 Fragment reassembly time exceeded.
12 – Parameter Problem 0 The pointer indicates an error.
1 Missing required option
2 Bad length
13 – Timestamp 0 Used for time synchronization
14 – Timestamp Reply 0 Reply to Timestamp message

Source Quench Message

A source quench message is a request to decrease the traffic rate for messages sent to the host destination) or we can say when receiving host detects that the rate of sending packets (traffic rate) to it is too fast it sends the source quench message to the source to slow the pace down so that no packet can be lost. 

Source Quench Message

Source Quench Message

ICMP will take the source IP from the discarded packet and inform the source by sending a source quench message. The source will reduce the speed of transmission so that router will be free from congestion.  

Source Quench Message with Reduced Speed

Source Quench Message with Reduced Speed

When the congestion router is far away from the source the ICMP will send a hop-by-hop source quench message so that every router will reduce the speed of transmission.

Parameter Problem

Whenever packets come to the router then the calculated header checksum should be equal to the received header checksum then only the packet is accepted by the router. 

Parameter Problem

Parameter Problem

If there is a mismatch packet will be dropped by the router. 

ICMP will take the source IP from the discarded packet and inform the source by sending a parameter problem message. 

Time Exceeded Message

Time Exceeded Message

Time Exceeded Message

A notification with the subject line “Time Exceeded” is typically generated by routers or gateways. You need to know what an IP header is in a packet in order to comprehend this ICMP message in its entirety. The IP protocol structure is covered in great detail in the section on IP Protocol, which is freely available to our readers.

Destination Un-reachable

The destination is unreachable and is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason. 

Destination Un-reachable

Destination Un-reachable

There is no necessary condition that only the router gives the ICMP error message time the destination host sends an ICMP error message when any type of failure (link failure, hardware failure, port failure, etc) happens in the network. 

Redirection Message

Redirect requests data packets are sent on an alternate route. The message informs a host to update its routing information (to send packets on an alternate route). 

Example: If the host tries to send data through a router R1 and R1 sends data on a router R2 and there is a direct way from the host to R2. Then R1 will send a redirect message to inform the host that there is the best way to the destination directly through R2 available. The host then sends data packets for the destination directly to R2. 
The router R2 will send the original datagram to the intended destination. 
But if the datagram contains routing information then this message will not be sent even if a better route is available as redirects should only be sent by gateways and should not be sent by Internet hosts. 

Redirection Message

Redirection Message

Whenever a packet is forwarded in the wrong direction later it is re-directed in a current direction then ICMP will send a re-directed message.

For more, you can refer to Types of ICMP (Internet Control Message Protocol) Messages.

Advantages of ICMP

  • Network devices use ICMP to send error messages, and administrators can use the Ping and Tracert commands to debug the network.
  • These alerts are used by administrators to identify issues with network connectivity.
  • A prime example is when a destination or gateway host notifies the source host via an ICMP message if there is a problem or a change in network connectivity that needs to be reported. Examples include when a destination host or networking becomes unavailable, when a packet is lost during transmission, etc.
  • Furthermore, network performance and connection monitoring tools commonly employ ICMP to identify the existence of issues that the network team has to resolve.
  • One quick and simple method to test connections and find the source is to use the ICMP protocol, which consists of queries and answers.

Disadvantages of ICMP

  • If the router drops a packet, it may be due to an error; but, because to the way the IP (internet protocol) is designed, there is no way for the sender to be notified of this problem.
  • Assume, while a data packet is being transmitted over the internet, that its lifetime is over and that the value of the time to live field has dropped to zero. In this case, the data packet is destroyed.
  • Although devices frequently need to interact with one another, there isn’t a standard method for them to do so in Internet Protocol. For instance, the host needs to verify the destination’s vital signs to see if it is still operational before transmitting data.

Frequently Asked Question on ICMP – FAQs

What is ICMP used for?

Internet Control Message Protocol (ICMP) is used for error reporting. Error Reporting by ICMP works by sending messages to the sender from the receiver in the case when data is not received.

Is ICMP the same as ping?

ICMP and ping are two different things, but they are somehow related. ICMP is a protocol that manages the messages between the devices and Ping is produced using ICMP.

How does ICMP ping work?

ICMP ping is a way to check whether there is a connection established between two devices on the internet. We can check packet loss or any delay that happens within the network with the help of ICMP ping.

What is the role of ICMP in IPv6?

ICMPv6 is utilised in IPv6 for more than only fault reporting and signalling. It is utilised for: Neighbour Discovery, which functions similarly to ARP in IPv4. Multicast address management and host configuration are handled by the Router Discovery function.

ICMP is operate at which layer?

ICMP is operated at Network Layer of the OSI Model.



Last Updated : 12 Mar, 2024
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads