SafekipediaInternet Control Message Protocol
Adapted from Wikipedia Β· Adventurer experience
The Internet Control Message Protocol (ICMP) is a special set of rules used in computer networks. It helps devices like routers talk to each other when something goes wrong. For example, if a computer tries to reach another one that is not there, ICMP can send a message saying, βI canβt find that computer!β This helps network devices know if a message reached its destination or if there was a problem.
ICMP is different from other types of communication protocols such as TCP and UDP, because it does not move data from one place to another. Instead, it is mostly used by network tools to check how well things are working. Two common tools are ping, which checks if a computer is online, and traceroute, which shows the path a message takes across the internet.
There is also a version of ICMP called ICMPv6 that is used with a newer kind of internet addressing system known as IPv6. This helps modern networks work in the same way older ones did.
Technical details
ICMP is part of the rules that help computers talk to each other on the internet. It sends messages when something goes wrong, like when a computer can't reach another one.
For example, when a message travels between computers, each stop counts down a number called "time to live." If this number reaches zero, the message stops, and a message goes back to the sender. Tools like ping and traceroute use these messages to see how far and how fast messages travel across the internet.
Datagram structure
The ICMP packet is wrapped inside an IPv4 packet. It has two main parts: a header and a data section.
The ICMP header comes right after the IPv4 header. Every ICMP packet has an 8-byte header and a data section that can change in size. The first four bytes of the header always look the same, but the last four bytes can change depending on the type and code of the ICMP packet.
The data section in ICMP error messages includes a copy of the IPv4 header and the first eight bytes of the data from the IPv4 packet that caused the error. The whole ICMP error message should not be longer than 576 bytes. This helps the receiving device figure out which process the message belongs to.
Sometimes, the changing size of the ICMP data section has been used in harmful ways. For example, very large or broken-up ICMP packets have been used to disrupt services.
Control messages
Control messages are chosen by the number in the type field. The code field gives more details about the message. Some messages are no longer used.
Source quench
Source Quench asks the sender to send messages more slowly. This happens if a router or computer does not have enough space to handle messages.
When many messages are sent quickly, a router might run out of space to store them. If this happens, the router tells the sender to slow down. The sender then waits or sends fewer messages, giving the router time to clear space.
Since 1995, routers no longer use ICMP Source Quench messages. They also stopped reacting to these messages in 2012.
Where:
- Type must be set to 4
- Code must be set to 0
- IP header and extra data help the sender match the reply with the request
Redirect
Redirect tells messages to take a different path. This message tells a computer to update its routing so messages go through a better path. If a computer sends messages through a router (R1), and R1 sends them to another router (R2) when a direct path exists, R1 will send a redirect message. The computer should then send messages directly to R2. The router will still send the original datagram, but if the datagram has routing information, no redirect will be sent even if a better route exists. RFC 1122 says that redirects should only come from gateways, not from Internet hosts.
Where:
- Type must be set to 5.
- Code shows the reason for the redirection.
- IP address is the address of the gateway to send the redirection to.
- IP header and extra data help match the reply with the request.
Time exceeded
Time Exceeded is sent by a gateway to tell the source that a datagram was deleted because the time to live field reached zero. It can also be sent by a computer if it cannot put together a fragmented datagram in time.
Time exceeded messages are used by the traceroute tool to find gateways between two computers.
Where:
- Type must be set to 11
- Code shows the reason for the Time Exceeded message.
- IP header and the first 64 bits of the original payload help the source match the message to the deleted datagram. For UDP and TCP, this includes the source and destination ports.
Timestamp
Timestamp is used for matching times. The originating timestamp is set to when the sender last touched the packet. The receive and transmit timestamps are not used.
Where:
- Type must be set to 13
- Code must be set to 0
- Identifier and Sequence Number help the computer match the timestamp reply with the request.
- Originate timestamp is the time since midnight Universal Time (UT). If UT is not available, a special bit can be set.
Timestamp reply
Timestamp Reply answers a Timestamp message. It includes the times from the sender, when it was received, and when the reply was sent.
Where:
- Type must be set to 14
- Code must be set to 0
- Identifier and Sequence number help match the reply with the request.
- Originate timestamp is when the sender last touched the message.
- Receive timestamp is when it was first received.
- Transmit timestamp is when the reply was sent.
All timestamps are in milliseconds since midnight UT. If not available, any time can be used with a special bit set.
Timestamp and Timestamp Reply messages for clock synchronization are now mostly replaced by Network Time Protocol and the Precision Time Protocol.
Address mask request
Address mask request is usually sent by a host to a router to get the right subnet mask.
Recipients should answer with an Address mask reply message.
Where:
- Type must be set to 17
- Code must be set to 0
- Address mask can be set to 0
Address mask reply
Address mask reply answers an address mask request with the correct subnet mask.
Where:
- Type must be set to 18
- Code must be set to 0
- Address mask should be the subnet mask
Destination unreachable
Destination unreachable is sent by a computer or gateway to tell the sender that the destination cannot be reached. Reasons include no physical connection, an inactive protocol or port, or data that needs to be split into pieces but cannot be. Unreachable TCP ports respond with TCP RST instead of this message. Destination unreachable is not used for IP multicast.
With the following field contents:
Type: 8 bits; Type == 3
A value of 3 means 'Destination unreachable'.
Code: 8 bits
This shows the type of error and can be one of several options.
Unused: 8 - 32 bits; Unused == 0
Unused and must be set to zero. If Length or Next-hop MTU are not used, they are part of this field.
Length: 8 bits
Optional. This shows the length of the original datagram data in 32-bit words. If used, the data is padded with zeroes to the nearest 32-bit boundary.
Next-hop MTU: 16 bits
Optional. Shows the MTU of the next-hop network if a code 4 error happens.
IP header and data: 20 - 568 bytes
The IP header and up to 548 bytes of the original datagram are included. If the message is extended, at least 128 bytes of the original data are included, padded with zeroes if needed. This helps the sender match the reply with the request.
| Type | Code | Status | Description |
|---|---|---|---|
| 0 β Echo Reply:β14β | 0 | Echo reply (used to ping) | |
| 1 and 2 | unassigned | Reserved | |
| 3 β Destination Unreachable:β4β | 0 | Destination network unreachable | |
| 1 | Destination host unreachable | ||
| 2 | Destination protocol unreachable | ||
| 3 | Destination port unreachable | ||
| 4 | Fragmentation required, and DF flag set | ||
| 5 | Source route failed | ||
| 6 | Destination network unknown | ||
| 7 | Destination host unknown | ||
| 8 | Source host isolated | ||
| 9 | Network administratively prohibited | ||
| 10 | Host administratively prohibited | ||
| 11 | Network unreachable for ToS | ||
| 12 | Host unreachable for ToS | ||
| 13 | Communication administratively prohibited | ||
| 14 | Host Precedence Violation | ||
| 15 | Precedence cutoff in effect | ||
| 4 β Source Quench | 0 | deprecated | Source quench (congestion control) |
| 5 β Redirect Message | 0 | Redirect Datagram for the Network | |
| 1 | Redirect Datagram for the Host | ||
| 2 | Redirect Datagram for the ToS & network | ||
| 3 | Redirect Datagram for the ToS & host | ||
| 6 | deprecated | Alternate Host Address | |
| 7 | unassigned | Reserved | |
| 8 β Echo Request | 0 | Echo request (used to ping) | |
| 9 β Router Advertisement | 0 | Router Advertisement | |
| 10 β Router Solicitation | 0 | Router discovery/selection/solicitation | |
| 11 β Time Exceeded:β6β | 0 | Time to live (TTL) expired in transit | |
| 1 | Fragment reassembly time exceeded | ||
| 12 β Parameter Problem: Bad IP header | 0 | Pointer indicates the error | |
| 1 | Missing a required option | ||
| 2 | Bad length | ||
| 13 β Timestamp | 0 | Timestamp | |
| 14 β Timestamp Reply | 0 | Timestamp reply | |
| 15 β Information Request | 0 | deprecated | Information Request |
| 16 β Information Reply | 0 | deprecated | Information Reply |
| 17 β Address Mask Request | 0 | deprecated | Address Mask Request |
| 18 β Address Mask Reply | 0 | deprecated | Address Mask Reply |
| 19 | unassigned | Reserved for security | |
| 20 through 29 | unassigned | Reserved for robustness experiment | |
| 30 β Traceroute | 0 | deprecated | Information Request |
| 31 | deprecated | Datagram Conversion Error | |
| 32 | deprecated | Mobile Host Redirect | |
| 33 | deprecated | Where-Are-You (originally meant for IPv6) | |
| 34 | deprecated | Here-I-Am (originally meant for IPv6) | |
| 35 | deprecated | Mobile Registration Request | |
| 36 | deprecated | Mobile Registration Reply | |
| 37 | deprecated | Domain Name Request | |
| 38 | deprecated | Domain Name Reply | |
| 39 | deprecated | SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol | |
| 40 | Photuris, Security failures | ||
| 41 | Experimental | ICMP for experimental mobility protocols such as Seamoby. | |
| 42 β Extended Echo Request | 0 | Request Extended Echo | |
| 43 β Extended Echo Reply | 0 | No Error | |
| 1 | Malformed Query | ||
| 2 | No Such Interface | ||
| 3 | No Such Table Entry | ||
| 4 | Multiple Interfaces Satisfy Query | ||
| 44 through 252 | unassigned | Reserved | |
| 253 | Experimental | RFC3692-style Experiment 1 | |
| 254 | Experimental | RFC3692-style Experiment 2 | |
| 255 | unassigned | Reserved |
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 4 | Code = 0 | Checksum | |||||||||||||||||||||||||||||
| unused | |||||||||||||||||||||||||||||||
| IP header and first 8 bytes of original datagram's data | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 5 | Code | Checksum | |||||||||||||||||||||||||||||
| IP address | |||||||||||||||||||||||||||||||
| IP header and first 8 bytes of original datagram's data | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 11 | Code | Checksum | |||||||||||||||||||||||||||||
| unused | |||||||||||||||||||||||||||||||
| IP header and first 8 bytes of original datagram's data | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 13 | Code = 0 | Checksum | |||||||||||||||||||||||||||||
| Identifier | Sequence number | ||||||||||||||||||||||||||||||
| Originate timestamp | |||||||||||||||||||||||||||||||
| Receive timestamp | |||||||||||||||||||||||||||||||
| Transmit timestamp | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 14 | Code = 0 | Checksum | |||||||||||||||||||||||||||||
| Identifier | Sequence number | ||||||||||||||||||||||||||||||
| Originate timestamp | |||||||||||||||||||||||||||||||
| Receive timestamp | |||||||||||||||||||||||||||||||
| Transmit timestamp | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 17 | Code = 0 | Checksum | |||||||||||||||||||||||||||||
| Identifier | Sequence number | ||||||||||||||||||||||||||||||
| Address mask | |||||||||||||||||||||||||||||||
| 00 | 01 | 02 | |||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Type = 18 | Code = 0 | Checksum | |||||||||||||||||||||||||||||
| Identifier | Sequence number | ||||||||||||||||||||||||||||||
| Address mask | |||||||||||||||||||||||||||||||
| Code | Description |
|---|---|
| 0 | Network unreachable error. |
| 1 | Host unreachable error. |
| 2 | Protocol unreachable error (the designated transport protocol is not supported). |
| 3 | Port unreachable error (the designated protocol is unable to inform the host of the incoming message). |
| 4 | The datagram is too big. Packet fragmentation is required but the 'don't fragment' (DF) flag is on. |
| 5 | Source route failed error. |
| 6 | Destination network unknown error. |
| 7 | Destination host unknown error. |
| 8 | Source host isolated error. |
| 9 | The destination network is administratively prohibited. |
| 10 | The destination host is administratively prohibited. |
| 11 | The network is unreachable for Type Of Service. |
| 12 | The host is unreachable for Type Of Service. |
| 13 | Communication administratively prohibited (administrative filtering prevents packet from being forwarded). |
| 14 | Host precedence violation (indicates the requested precedence is not permitted for the combination of host or network and port). |
| 15 | Precedence cutoff in effect (precedence of datagram is below the level set by the network administrators). |
Extensions
ICMP messages can have extra parts called Extension Objects. These start with an ICMP Extension Header.
The header has a few important pieces:
- Version: This tells us which version of the extension is used.
- Reserved: This space is kept empty for future use.
- Checksum: This checks that the information is correct.
Each Extension Object also has its own structure:
- Length: How long the object is.
- Class-Num: This shows what kind of object it is.
- C-Type: This tells us the type within that kind.
- Object payload: Extra data, in chunks of 32 bits.
Related articles
This article is a child-friendly adaptation of the Wikipedia article on Internet Control Message Protocol, available under CC BY-SA 4.0.