The Internet Control Message Protocol (ICMP) differs from TCP or UDP because it’s not associated with a transport layer protocol. This makes it connectionless.
ICMP provides feedback about the status of the network and devices. It’s used by diagnostic tools like traceroute and ping.
ICMP messages are classified into Query Messages and Error Reporting Messages. Each has a Type and Code.
A Query message is used to communicate information between two systems. For example, computer A sends a timestamp-request message to computer B to get the time on computer B. The computer then replies with a timestamp-reply message to the original computer A. The first three fields in an ICMP header are different for each message type, but the last 16 bits are the same across all messages – this is a checksum of the rest of the ICMP message. It identifies the byte location in the original IP packet that triggered the generation of this error report. Hence, the receiving device knows which portion of the original packet contains the problem.
Query messages can also be used for routing purposes. For example, suppose a network route is flooded with packets that never reach their destination. In that case, the routers along the way may detect this and generate an ICMP “Redirect Message” to point the network to a more efficient path.
Another widespread use for ICMP is to test the reachability of host devices using echo request and echo reply messages (also known as pings). Because ICMP operates at Network Layer, it does not specify ports that carry data and therefore does not need to deal with port scanning attacks that can plague TCP connections.
Error Reporting Messages
ICMP provides error reporting messages the router sends when it cannot deliver a datagram to its destination. Each ICMP message has two elements, a type, and a code. The class identifies what kind of error was detected, while the code explains what happened and gives the location of the problem within the datagram.
The most well-known errors are the Destination Unreachable messages, which report that a packet could not be delivered because the destination network, host, or port was unreachable. However, these are not the only error messages that ICMP can send. Other ICMP types include source quench, time exceeded, and parameter problems.
Any device that uses IP can generate ICMP messages, which can be used to troubleshoot network connectivity or as part of a denial-of-service (DoS) attack. Understanding ICMP helps you recognize these errors and understand how the protocol is used in a network.
ICMP acts as the messenger that relays information about the data that should arrive, like the communication between a carpenter building a house and the store that delivers the studs, floorboards, roofing materials, insulation, etc. If delivery fails or the assembly crew is slowed down by traffic, ICMP lets the manufacturer know so that the parts can be resent or sent via another method.
Time Exceeded in Transit Messages
The ICMP Time Exceeded message tells the device its Time to Live (TTL) field has expired. The sending device may have accidentally set the TTL value too low, or there could be a routing issue. This is one of the many ways ICMP provides flow control in the network layer.
A host reassembling a fragmented datagram might also send a Time exceeded message when it cannot complete the reassembly within its time limit. In addition, a gateway can send a Time exceeded message to inform the source that its TTL has reached zero or it was unable to send a Fragment Reassembly Completed message because of missing fragments.
Another ICMP message, the Redirect message, tells a host to change its routing information so that packets for the destination address are sent via a different route. This is useful when a router receives a request from a host for a specific IP address and knows the destination is on a subnet that it doesn’t manage.
The ping program and the traceroute utility use ICMP to find the path between a host and its destination. Unfortunately, these tools are often used to carry out attacks, and many administrators block all ICMP traffic from entering their networks. However, some administrators allow ICMP only for diagnostics and only if it contains specific messages that don’t allow attackers to gain information about the web.
Time Exceeded in Received Messages
The ICMP protocol ensures flow control and error control of data at layer three of an OSI network. The first part of the ICMP packet header contains the parameters that help network devices determine what type and code the message is. The ICMP message then has the data portion that corresponds to its kind.
For example, a network gateway that receives a ping request message from a host will return an echo reply message to the host. This type of message checks whether the device is active on a network. The statement also provides information such as the device’s IP address and subnet mask.
Another ICMP message is time-exceeded. This happens when a device sends a datagram to a host that is too large to be sent simultaneously. The data is then cut into smaller pieces and transmitted. The destination host then reassembles the fragments to receive the original data packet.
Each IP packet has a Time to Live field in its header that indicates how long the routers can forward the packet along its route. The TTL value decrements by one each time a packet is forwarded. If the TTL value reaches zero, the router discards the packet and notifies the source host via a time-exceeded message.