What is ICMP Protocol and its Message Format?

The primary purpose of ICMP is to report errors and other conditions that affect the delivery of IP packets.

In this blog, you will learn about the ICMP Protocol and see why we use it. What are the advantages and disadvantages of it, and how does the ICMP Protocol work? So let’s get started with the blog.

Introduction

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol (IP) suite. It is used for error reporting, diagnostics, and other administrative purposes.

ICMP messages are sent by network devices, such as routers, to inform other devices of errors, congestion, and other conditions that affect the delivery of IP packets.

The primary purpose of ICMP is to report errors and other conditions that affect the delivery of IP packets.

For example, if a router encounters network congestion, it may send an ICMP message to the sender of the packets, indicating that the packets could not be delivered due to congestion.

Similarly, if a router receives a packet with a TTL (Time To Live) value of zero, it may send an ICMP message to the sender, indicating that the packet has been discarded because it has exceeded its maximum hop limit.

ICMP messages are also used for other administrative purposes, such as network diagnostics. For example, the “ping” command uses ICMP echo request and echo reply messages to test the reachability of a network host.

How ICMP Works

ICMP messages are sent as IP datagrams, just like any other network traffic. When a network device generates an ICMP message, it encapsulates the message in an IP datagram and sends it to its destination. The destination may be a specific host or a broadcast address, depending on the type of message.

When a network device receives an ICMP message, it processes the message and takes appropriate action. For example, if the message indicates that a packet could not be delivered, the device may try to route the packet through a different path. If the message is an echo request, the device responds with an echo reply message.

ICMP messages can be useful for troubleshooting network problems. For example, if a host cannot communicate with another host, the “ping” command can be used to test the reachability of the remote host. If the ping fails, an ICMP message may be generated indicating the reason for the failure.

Position of ICMP

The position of ICMP resides in the network layer, as shown in the below diagram.

[Image]

Category of ICMP Messages

ICMP messages are usually divided into two categories:

  1. Error-Reporting Messages.
  2. Query Messages.

A) Error-Reporting Messages

Error-Reporting messages are used to report errors and problems that occur during the transmission of network data.

B) Query Messages

The ICMP protocol includes several message types, including query messages. ICMP query messages are used to request information from network devices, such as routers and hosts.

ICMP Message Format

The ICMP (Internet Control Message Protocol) message format is divided into two parts: the ICMP header and the ICMP data.

The ICMP header contains basic information about the message, such as its type and code, while the ICMP data contains additional information specific to the message type.

[Image]

Breakdown of the ICMP message Format:

ICMP Header:

  • Type (8 bits): Indicates the type of ICMP message. Possible values include echo request/reply, destination unreachable, time exceeded, parameter problem, redirect, and source quench.
  • Code (8 bits): Further refines the type of ICMP message. For example, for the destination unreachable message, the code indicates the specific reason why the destination is unreachable (such as network unreachable or host unreachable).
  • Checksum (16 bits): Used to ensure the integrity of the ICMP message. The checksum is calculated by the sender and verified by the recipient.
  • Rest of Header (16 bits): Varies depending on the ICMP message type. For example, for the echo request/reply message, this field contains a unique identifier and sequence number to match requests with replies.

ICMP Data:

  • Varies depending on the ICMP message type. For example, for the echo request/reply message, the data field typically contains a timestamp or arbitrary data sent by the sender.

Overall, the ICMP message format is relatively simple but provides important information for network troubleshooting and error reporting.

Types of Error Reporting Messages

There are several different types of ICMP error-reporting messages, including the following:

Destination Unreachable:

This message is sent by a router or host to indicate that the destination host or network is unreachable. This can occur for several reasons, such as a routing problem, a firewall blocking traffic, or a host being down. When a router or host receives a packet and determines that the destination is unreachable, it sends a Destination Unreachable message back to the sender.

Time Exceeded:

This message is sent by a router to indicate that a packet has exceeded its time-to-live (TTL) value. The TTL value is set by the sender of the packet and is used to prevent packets from circulating indefinitely in the network. When a router receives a packet with a TTL value of 0, it sends a time-exceeded message back to the sender. The Time Exceeded message is used to indicate that a packet has exceeded its TTL value. This can occur if the packet is stuck in a loop or if it is taking too long to reach its destination.

Parameter Problem:

This message is sent by a router or host to indicate that a packet contains an error in one or more of its header fields. This can occur if the sender of the packet has set a field to an invalid value or if there is a mismatch between the packet header and the protocol being used.

Redirect:

This message is sent by a router to inform a host that it should send its packets to a different router for a particular destination network. This can occur if the original router determines that a better route exists through a different router.

[Image]

Source Quench:

This message is sent by a router to request that a host reduce the rate at which it is sending packets. This can occur if the router determines that the host is sending too much traffic and causing congestion on the network.

Echo Request and Echo Reply:

These messages are not technically error-reporting messages, but they can be used to diagnose network problems. By sending an echo request message to a host and receiving an echo reply message back, a user can determine if the host is reachable and responsive.

In conclusion, ICMP error-reporting messages are an important part of the ICMP protocol, and they are used to report errors and problems that occur during the transmission of network data.

ICMP Query Messages

Mostly, ICMP Query Message is used for Error Handling. This message is commonly used to ping a message.

There are several different types of ICMP query messages, including the following:

Echo Request and Echo Reply:

These messages are used for the “ping” command, which tests the reachability of a network host. An echo request message is sent to the host, and the host responds with an echo reply message.

The most common type of ICMP query message is the Echo Request and Echo Reply messages, which are used for the “ping” command. When a user sends a ping command, an echo request message is sent to the target host. If the host is online and reachable, it will respond with an echo reply message.

Address Mask Request and Address Mask Reply:

These messages are used by hosts to obtain information about the subnet mask of a network. When a host sends an address mask request message, it is requesting information about the subnet mask used by the network. The router or host that receives the message will respond with an address mask reply message, which contains information about the subnet mask.

Information Request and Information Reply:

These messages are used to request and receive information about a network device, such as its name or network configuration.

When a host sends an information request message, it is requesting information about the target device, such as its name or network configuration. The target device will respond with an information reply message, which contains the requested information.

Timestamp Request and Timestamp Reply:

These messages are used to synchronize the clocks of network devices.

When a host sends a timestamp request message, it is requesting the current time from the target device. The target device will respond with a timestamp reply message, which contains the current time.

Router Solicitation and Router Advertisement:

These messages are used by hosts to discover routers on a network.

When a host sends a router solicitation message, it is requesting information about the routers on the network. The routers will respond with router advertisement messages, which contain information about the router’s configuration and capabilities.

FAQ

What is ICMP Protocol for?

The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol (IP) suite. It is used for error reporting, diagnostics, and other administrative purposes.
ICMP messages are sent by network devices, such as routers, to inform other devices of errors, congestion, and other conditions that affect the delivery of IP packets.
The primary purpose of ICMP is to report errors and other conditions that affect the delivery of IP packets.
For example, if a router encounters network congestion, it may send an ICMP message to the sender of the packets, indicating that the packets could not be delivered due to congestion.

Is ICMP a TCP or UDP?

ICMP is a TCP protocol. Any TCP/IP-enabled network device has the capacity to send, receive, and process ICMP messages. There must be certain fundamental guidelines for how ICMP messages should be processed in order for them to function well in a networked setting.

Recent Articles on Computer Networks

  1. Introduction to Computer Networking | What is Computer Network
  2. What are Topology & Types of Topology in Computer Network
  3. What is FootPrinting in Cyber Security and its Types, Purpose
  4. Introduction to Cloud Computing | What is Cloud Computing
  5. Distributed Shared Memory and its advantages and Disadvantages
  6. What is VPN? How doe VPN Work? What VPN should I use?
  7. What is an Internet and How the Internet Works
  8. What is a Website and How Does a Website or web work?
  9. Introduction to Virus and different types of Viruses in Computer
  10. What is TCP and its Types and What is TCP three-way Handshake
  11. What is UDP Protocol? How does it work and what are its advantages?
  12. What is an IP and its Functions, What is IPv4 and IPv6 Address
  13. What is MAC Address and its Types and Difference MAC vs IP
  14. What is ARP and its Types? How Does it Work and ARP Format

Recent Articles on CyberSecurity

  1. Dirb Command Kali Linux | Dirb: A Web-Content Scanner
  2. Introduction to Burp Suite | How to Download Burp Suite in Linux
  3. What is Tmux? | Introduction to Tmux
  4. Introduction to Termux | Termux Introduction
  5. EyeZy: How to log in to other Emails without receiving a Notification.

By Vivek Maurya

Write blogs related to Ethical hacking, Computer networks, Linux, Penetration testing and Web3 Security.

Leave a Reply

Your email address will not be published. Required fields are marked *