The Internet Control Message Protocol, or ICMP, adds error reporting and flow control at the network layer. It also facilitates diagnostic tools like ping and traceroute, which show you what devices your data packet passes through on its way to a destination.
ICMP messages have four parts: type, code, checksum, and content. Each of these provides valuable information about the problem at hand.
Echo Request
While the ping command is the best known of ICMP messages, the protocol has many different functions. It reports errors to network devices and relays information about data that didn’t reach its destination. Unlike TCP and UDP, it does all of this without opening a connection between two devices.
ICMP is a network layer protocol that operates at the same level as IP packets. It’s encapsulated in IP packets and has a header containing the information needed for various functions. The most important field is the checksum, which protects against data corruption and enables the receiving device to compare the ICMP message with the original IP packet.
The ICMP message header also contains fields such as the type, code, checksum, identifier, sequence number, and more. The sequence number matches echo request messages with their corresponding echo reply messages, and the identifier helps distinguish between multiple requests or replies from the same device.
What are the uses of ICMP?ICMP has many uses, but error reporting is the most common. This function is a crucial part of a networking infrastructure because it helps identify data routing or transmission problems that might take time to become evident to network administrators. For example, the ICMP Destination unreachable message tells the sender it could not reach a particular network, host, or port.
Echo Reply
A network device may encounter an error in transferring a data packet. For example, if an IPv4 datagram gets too large to be managed by the router forwarding it, the router may discard it and send an ICMP error message to the sender.
Another everyday use of ICMP is to report the status of a destination device. For example, when a host at a computer wants to verify Layer 3 connectivity with another host located remotely, they can use network troubleshooting tools like ping and Traceroute/Tracert to generate and send an ICMP Echo Request message. When the other computer receives this message, it sends back an ICMP Echo Reply message to the first computer, confirming Layer 3 connectivity between the two computers/hosts.
ICMP messages are encapsulated in IP packets and identified by protocol 1 in the ICMP header. Each ICMP packet includes an 8-bit message type code and a 16-bit checksum field. The ICMP message type tells the receiving network device what kind of message it is, and the checksum ensures that the ICMP packet has not been corrupted during transmission.
The most common ICMP error messages include time exceeded, destination unreachable, and fragmentation error. These are generated when a host or network device exceeds the maximum size allowed for an IPv4 datagram, the time-to-live parameter expires, or the destination device does not receive all the data fragments in a multi-part packet.
Source Quench
While the destination unreachable and source route failed messages are perhaps the most well-known ICMP messages, they are far from the only ones. ICMP also sends various diagnostic and query messages, which provide a wealth of information about network connectivity issues. These include parameter problems, address mask requests & replies, timestamp requests, and reply messages, among others.
When a gateway (router) begins to buffer more data than it can forward, it will generate ICMP source quench messages. These messages are directed at the Internet source host of the data packet that triggered the message, asking that the sender cut back its transmission rate.
Generally, a source quench message only carries basic information; it simply tells the source that the destination device is congested and asks that it cut back on its transmission rate. The only way to receive more detailed information about the congestion is to use a tool such as traceroute, which uses ICMP to determine the path from a source host to a destination host by sending a series of packets with increasing TTL values.
To prevent the creation of feedback loops, ICMP does not allow its error messages to be sent in response to other ICMP error messages. It ensures that a single statement does not create multiple ICMP responses, which could rapidly flood a network with data.
Destination Unreachable
The destination unreachable error message is a standard response from routers when they cannot forward packets. This response includes a code that indicates what the problem is, such as protocol unreachable (code 2), host unreachable (code 3), or port unreachable (code 4). This error message indicates that the router did not find a route in its routing table for the destination network, which can mean many problems, including an outage at the remote system.
When troubleshooting network issues, it is vital to identify the symptoms that appear on the network and determine what changes occurred before the problem occurred. It will help narrow down the issue so you can quickly work through solutions to fix it.
For example, if a network is experiencing performance issues, it is likely because of firewall problems and not a routing issue. In this case, a solution is to disable the firewall briefly and ping the target host again.
If you have yet to succeed, then a possible issue is that the firewall has been configured to block all traffic from a particular IP address. In this case, a quick solution is to change the router’s default gateway to a different IP address and then ping the host again.