ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) is a network protocol used for diagnostics and network management. A good example is the “ping” utility which uses an ICMP request and ICMP reply message. When a certain host of port is unreachable, ICMP might send an error message to the source. Another example of an application that uses ICMP is traceroute. 

ICMP messages are encapsulated in IP packets so most people would say that it’s a layer 4 protocol like UDP or TCP. However, since ICMP is a vital part of the IP protocol it is typically considered a layer 3 protocol.

The header that ICMP uses is really simple, here’s what it looks like:

The first byte specifies the type of ICMP message. For example, type 8 is used for an ICMP request and type 0 is used for an ICMP reply. We use type 3 for destination unreachable messages. 

The second byte called code specifies what kind of ICMP message it is. For example, the destination unreachable message has 16 different codes. When you see code 0 it means that the destination network was unreachable while code 1 means that the destination host was unreachable.

The third field are 2 bytes that are used for the checksum to see if the ICMP header is corrupt or not. What the remaining part of the header looks like depends on the ICMP message type that we are using.

If Router R1 will ping Router R2 then R1 will generate Echo request with Type code 8 and code 0(Zero) Router R2 will send Reply type 0 (Zero) and code 0 (Zero) message.

 

Some Important Message in ICMP.

1.ICMP Echo request and reply

 If Connectivity is Fine and getting Reply form Destination host then router will show like:

R1#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/21/64 ms

The Exclamation (!) Sign shown the reachability of host.

2. Destination Unreachable

In the router R2 we have implemented Access list to dent the ICMP Reply. When ping fails and we can see the U (unreachable) messages on R1. Here’s the ICMP message that R2 sends:

R1#ping 192.168.12.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
UUUUU
Success rate is 0 percent (0/5)

When we will check in the Wireshark we can see the Type 3 and code 13 is using for reply.

here 3 is for destination Unreachable and 13 is for communication administratively filtered. 

3. Traceroute

Traceroute also uses ICMP messages, to demonstrate this we will use three routers:

R1#traceroute 192.168.23.3 probe 1

Type escape sequence to abort.
Tracing the route to 192.168.23.3

  1 192.168.12.2 52 msec
  2 192.168.23.3 60 msec

Cisco IOS by default will send multiple probes. Cisco IOS uses UDP packets with a TTL value of 1 and destination port 33434. The TTL and destination port will increase for every hop. Once R2 receives this packet it will reply like this: 

Here’s where ICMP comes into play. R2 will send an ICMP type 11 (time to live exceeded) message to R1. Once R1 receives this, it will send its second probe:

Above we can see that the TTL is now 2 and the destination port number has increased to 33435.  Once R3 receives this packet it will reply like this:

R3 will reply with a type 3 destination unreachable message. Take a close look at the type and code. The type tells us the destination is unreachable. This could mean that the remote host or network is unreachable.

However, the code is number 3 which means port unreachable. R3 uses this code because nothing is listening on UDP port 33435. R3 replies to R1 and sets this code, so R1 at least now knows that R3 (192.168.23.3) is reachable, it’s just not listening in UDP port 33435.

Summary:

We  have now seen what the ICMP is used for, what the header looks like and what some of the most popular messages look like. If you have any questions, feel free to leave a comment in our forum!

The Internet Control Message Protocol (ICMP) has many messages that are identified by a "type" field, these are defined by RFCs. Many of the types of ICMP message are now obsolete and are no longer seen in the Internet. Some important ones which are widely used include:

Echo Reply (0), Echo Request (8), Redirect (5), Destination Unreachable (3), Traceroute (30), Time Exceeded (11).

More About ICMP Type Numbers.