Internet Control Message Protocol
Encyclopedia
The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite
. It is chiefly used by the operating system
s of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1.
ICMP differs from transport protocols such as TCP
and UDP
in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping
and traceroute
).
ICMP for Internet Protocol version 4
(IPv4) is also known as ICMPv4. IPv6
has a similar protocol, ICMPv6
.
as defined in RFC 792. ICMP messages are typically generated in response to errors in IP
datagram
s (as specified in RFC 1122) or for diagnostic or routing purposes. ICMP errors are always reported to the original source IP address of the originating datagram.
An example ICMP error message is the Time To Live Exceeded message. Every machine (such as an intermediate router) that forwards an IP datagram has to decrement the time to live
(TTL) field of the IP header by one. If the TTL reaches 0, an ICMP Time to live exceeded in transit
message is sent to the source of the datagram.
Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP
, ICMP is unreliable
.
Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet, the one that prompted the sending of the ICMP message.
Many commonly-used network utilities are based on ICMP messages. The tracert (traceroute
), Pathping
commands are implemented by transmitting UDP datagrams with specially set IP TTL header fields, and looking for ICMP Time to live exceeded in transit
(above) and "Destination unreachable" messages generated in response. The related ping
utility is implemented using the ICMP "Echo request" and "Echo reply" messages.
header. All ICMP packets will have an 8-byte header and variable-sized data section. The first 4 bytes of the header will be consistent. The first byte is for the ICMP type. The second byte is for the ICMP code. The third and fourth bytes are a checksum of the entire ICMP message. The contents of the remaining 4 bytes of the header will vary based on the ICMP type and code.
ICMP error messages contain a data section that includes the entire IP header
plus the first 8 bytes of data from the IP datagram that caused the error message. The ICMP datagram is then encapsulated in a new IP datagram.
):
(Sources: IANA ICMP Parameters http://freebie.fatpipe.org/~mjb/Drawings/UDP_ICMP_Headers.png and Computer Networking – A Top-Down Approach by Kurose and Ross)
//
Internet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
. It is chiefly used by the operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages. It is assigned protocol number 1.
ICMP differs from transport protocols such as TCP
Transmission Control Protocol
The Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
and UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping
Ping
Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer...
and traceroute
Traceroute
traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
).
ICMP for Internet Protocol version 4
IPv4
Internet Protocol version 4 is the fourth revision in the development of the Internet Protocol and the first version of the protocol to be widely deployed. Together with IPv6, it is at the core of standards-based internetworking methods of the Internet...
(IPv4) is also known as ICMPv4. IPv6
IPv6
Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4...
has a similar protocol, ICMPv6
ICMPv6
Internet Control Message Protocol version 6 is the implementation of the Internet Control Message Protocol for Internet Protocol version 6 defined in RFC 4443...
.
Technical details
Internet Control Message Protocol is part of the Internet Protocol SuiteInternet protocol suite
The Internet protocol suite is the set of communications protocols used for the Internet and other similar networks. It is commonly known as TCP/IP from its most important protocols: Transmission Control Protocol and Internet Protocol , which were the first networking protocols defined in this...
as defined in RFC 792. ICMP messages are typically generated in response to errors in IP
Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
datagram
Datagram
A datagram is a basic transfer unit associated with a packet-switched network in which the delivery, arrival time, and order are not guaranteed....
s (as specified in RFC 1122) or for diagnostic or routing purposes. ICMP errors are always reported to the original source IP address of the originating datagram.
An example ICMP error message is the Time To Live Exceeded message. Every machine (such as an intermediate router) that forwards an IP datagram has to decrement the time to live
Time to live
Time to live is a mechanism that limits the lifespan of data in a computer or network. TTL may be implemented as a counter or timestamp attached to or embedded in the data. Once the prescribed event count or timespan has elapsed, data is discarded. In computer networking, TTL prevents a data...
(TTL) field of the IP header by one. If the TTL reaches 0, an ICMP Time to live exceeded in transit
ICMP Time Exceeded
The Time Exceeded Message is an ICMP message which is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero...
message is sent to the source of the datagram.
Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP
User Datagram Protocol
The User Datagram Protocol is one of the core members of the Internet Protocol Suite, the set of network protocols used for the Internet. With UDP, computer applications can send messages, in this case referred to as datagrams, to other hosts on an Internet Protocol network without requiring...
, ICMP is unreliable
Reliability (computer networking)
In computer networking, a reliable protocol is one that provides reliability properties with respect to the delivery of data to the intended recipient, as opposed to an unreliable protocol, which does not provide notifications to the sender as to the delivery of transmitted data.A reliable...
.
Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case, distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application that generated the original IP packet, the one that prompted the sending of the ICMP message.
Many commonly-used network utilities are based on ICMP messages. The tracert (traceroute
Traceroute
traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
), Pathping
Pathping
PathPing is a network utility supplied in Windows NT and beyond that combines the functionality of ping with that of tracert.It provides details of the path between two hosts and Ping-like statistics for each node in the path based on samples taken over a time period, depending on how many nodes...
commands are implemented by transmitting UDP datagrams with specially set IP TTL header fields, and looking for ICMP Time to live exceeded in transit
ICMP Time Exceeded
The Time Exceeded Message is an ICMP message which is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero...
(above) and "Destination unreachable" messages generated in response. The related ping
Ping
Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer...
utility is implemented using the ICMP "Echo request" and "Echo reply" messages.
Header
The ICMP header starts after the IPv4Internet Protocol
The Internet Protocol is the principal communications protocol used for relaying datagrams across an internetwork using the Internet Protocol Suite...
header. All ICMP packets will have an 8-byte header and variable-sized data section. The first 4 bytes of the header will be consistent. The first byte is for the ICMP type. The second byte is for the ICMP code. The third and fourth bytes are a checksum of the entire ICMP message. The contents of the remaining 4 bytes of the header will vary based on the ICMP type and code.
ICMP error messages contain a data section that includes the entire IP header
Header (information technology)
In information technology, header refers to supplemental data placed at the beginning of a block of data being stored or transmitted. In data transmission, the data following the header are sometimes called the payload or body....
plus the first 8 bytes of data from the IP datagram that caused the error message. The ICMP datagram is then encapsulated in a new IP datagram.
| Bits | 0–7 | 8–15 | 16–23 | 24–31 |
|---|---|---|---|---|
| 0 | Type | Code | Checksum | |
| 32 | Rest of Header | |||
- Type – ICMP type as specified below.
- Code – Subtype to the given type.
- Checksum – Error checking data. Calculated from the ICMP header+data, with value 0 for this field. The checksum algorithm is specified in RFC 1071.
- Rest of Header – Four byte field. Will vary based on the ICMP type and code.
Padding data
Padding data follows the ICMP header (in octetsOctet (computing)
An octet is a unit of digital information in computing and telecommunications that consists of eight bits. The term is often used when the term byte might be ambiguous, as there is no standard for the size of the byte.-Overview:...
):
- WindowsMicrosoft WindowsMicrosoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
"ping.exe" adds, by default, 32 bytes of padding - The LinuxLinuxLinux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
"ping" utility adds, by default, 56 bytes of padding
List of permitted control messages (incomplete list)
| Type | Code | Description |
|---|---|---|
| 0 – Echo Reply Ping Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer... |
0 | Echo reply (used to ping Ping Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer... ) |
| 1 and 2 | Reserved | |
| 3 – Destination Unreachable ICMP Destination Unreachable The Destination Unreachable message is an ICMP message which is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason. A Destination Unreachable message may be generated as a result of a TCP, UDP or another ICMP transmission... |
0 | Destination network unreachable |
| 1 | Destination host unreachable | |
| 2 | Destination protocol unreachable | |
| 3 | Destination port unreachable | |
| 4 | Fragmentation required, and DF flag set | |
| 5 | Source route failed | |
| 6 | Destination network unknown | |
| 7 | Destination host unknown | |
| 8 | Source host isolated | |
| 9 | Network administratively prohibited | |
| 10 | Host administratively prohibited | |
| 11 | Network unreachable for TOS | |
| 12 | Host unreachable for TOS | |
| 13 | Communication administratively prohibited | |
| 4 – Source Quench ICMP Source Quench Source Quench is an Internet Control Message Protocol message which requests that the sender decrease the rate of messages sent to a router or host... |
0 | Source quench (congestion control) |
| 5 – Redirect Message ICMP Redirect Message The ICMP type 5 contains a redirect message to send data packets on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The Redirect Message is an ICMP message which informs a host to update its routing information... |
0 | Redirect Datagram for the Network |
| 1 | Redirect Datagram for the Host | |
| 2 | Redirect Datagram for the TOS & network | |
| 3 | Redirect Datagram for the TOS & host | |
| 6 | Alternate Host Address | |
| 7 | Reserved | |
| 8 – Echo Request Ping Ping is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer... |
0 | Echo request (used to ping) |
| 9 – Router Advertisement ICMP Router Discovery Protocol ICMP Internet Router Discovery Protocol uses Internet Control Message Protocol router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet.... |
0 | Router Advertisement |
| 10 – Router Solicitation ICMP Router Discovery Protocol ICMP Internet Router Discovery Protocol uses Internet Control Message Protocol router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet.... |
0 | Router discovery/selection/solicitation |
| 11 – Time Exceeded ICMP Time Exceeded The Time Exceeded Message is an ICMP message which is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero... |
0 | TTL expired in transit |
| 1 | Fragment reassembly time exceeded | |
| 12 – Parameter Problem: Bad IP header | 0 | Pointer indicates the error |
| 1 | Missing a required option | |
| 2 | Bad length | |
| 13 – Timestamp ICMP Timestamp The Timestamp is an ICMP message which is used for time synchronization. It consists of the originating timestamp.Message Format: * Type must be set to 13.* Code must be set to 0.... |
0 | Timestamp |
| 14 – Timestamp Reply ICMP Timestamp Reply The Timestamp Reply is an ICMP message which replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp and a transmit timestamp.Message Format:... |
0 | Timestamp reply |
| 15 – Information Request | 0 | Information Request |
| 16 – Information Reply | 0 | Information Reply |
| 17 – Address Mask Request ICMP Address Mask Request Address Mask Request is an ICMP query message, normally sent by a host to a router in order to obtain an appropriate subnet mask.Message Format: * Type must be set to 17.* Code must be set to 0.* The Address Mask can be set to 0.... |
0 | Address Mask Request |
| 18 – Address Mask Reply ICMP Address Mask Reply Address Mask Reply is an ICMP message, used to reply to an Address Mask Request message withan appropriate subnet mask.Message Format: * Type must be set to 18.* Code must be set to 0.* The Address Mask should be set to the subnet mask.... |
0 | Address Mask Reply |
| 19 | Reserved for security | |
| 20 through 29 | Reserved for robustness experiment | |
| 30 – Traceroute Traceroute traceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems.... |
0 | Information Request |
| 31 | Datagram Conversion Error | |
| 32 | Mobile Host Redirect | |
| 33 | Where-Are-You Where-Are-You Where-Are-You and Here-I-Am are ICMPv4 message types that were meant for IPv6 but are not actually used.ICMPv6 Neighbor solicitation and Neighbor advertisement message types are used instead.... (originally meant for IPv6 IPv6 Internet Protocol version 6 is a version of the Internet Protocol . It is designed to succeed the Internet Protocol version 4... ) |
|
| 34 | Here-I-Am Where-Are-You Where-Are-You and Here-I-Am are ICMPv4 message types that were meant for IPv6 but are not actually used.ICMPv6 Neighbor solicitation and Neighbor advertisement message types are used instead.... (originally meant for IPv6) |
|
| 35 | Mobile Registration Request | |
| 36 | Mobile Registration Reply | |
| 37 | Domain Name Request | |
| 38 | Domain Name Reply | |
| 39 | SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol Simple Key-Management for Internet Protocol Simple Key-Management for Internet Protocol or SKIP was a protocol developed circa 1995 by the IETF Security Working Group for the sharing of encryption keys... |
|
| 40 | Photuris Photuris (protocol) In computer networking, Photuris is a session key management protocol defined in RFC 2522.-External links:* RFC 2522*... , Security failures |
|
| 41 | ICMP for experimental mobility protocols such as Seamoby Seamoby The Seamoby Candidate Access Router Discovery, or CARD, is an experimental protocol outlined by RFC 4065 and RFC 4066.The protocol is designed to speed up the hand over of IP devices between wireless access routers. The protocol defines a mechanism that can be used by an access router to... [RFC4065] |
|
| 42 through 255 | Reserved |
(Sources: IANA ICMP Parameters http://freebie.fatpipe.org/~mjb/Drawings/UDP_ICMP_Headers.png and Computer Networking – A Top-Down Approach by Kurose and Ross)
//
See also
- PMTUD
- ICMPv6ICMPv6Internet Control Message Protocol version 6 is the implementation of the Internet Control Message Protocol for Internet Protocol version 6 defined in RFC 4443...
- IRDPICMP Router Discovery ProtocolICMP Internet Router Discovery Protocol uses Internet Control Message Protocol router advertisements and router solicitation messages to allow a host to discover the addresses of operational routers on the subnet....
- Smurf attackSmurf attackThe Smurf attack is a way of generating significant computer network traffic on a victim network. This is a type of denial-of-service attack that floods a target system via spoofed broadcast ping messages....
- TCPTransmission Control ProtocolThe Transmission Control Protocol is one of the core protocols of the Internet Protocol Suite. TCP is one of the two original components of the suite, complementing the Internet Protocol , and therefore the entire suite is commonly referred to as TCP/IP...
- pingPingPing is a computer network administration utility used to test the reachability of a host on an Internet Protocol network and to measure the round-trip time for messages sent from the originating host to a destination computer...
- tracerouteTraceroutetraceroute is a computer network diagnostic tool for displaying the route and measuring transit delays of packets across an Internet Protocol network. Traceroute is available on most operating systems....
- ICMP tunnelICMP tunnelAn ICMP tunnel establishes a covert connection between two remote computers , using ICMP echo requests and reply packets. An example of this technique is tunneling complete TCP traffic over ping requests and replies.-Technical details:ICMP tunneling works by injecting arbitrary data into an echo...
External links
- RFCs
- RFC 792, Internet Control Message Protocol
- RFC 1122, Requirements for Internet Hosts – Communication Layers
- RFC 1716, Towards Requirements for IP Router
- IANA
- ICMP Sequence Diagram
- ICMP ping simulation
- ICMP traceroute simulation
- IANA protocol numbers