Internet Control Message Protocol
The Internet Control Message Protocol is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address, for example, an error is indicated when a requested service is not available or that a host or router could not be reached. ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications.
ICMP for IPv4 is defined in RFC 792.
Technical details
ICMP is part of the Internet protocol suite as defined in RFC 792. ICMP messages are typically used for diagnostic or control purposes or generated in response to errors in IP operations. ICMP errors are directed to the source IP address of the originating packet.For example, every device forwarding an IP datagram first decrements the time to live field in the IP header by one. If the resulting TTL is 0, the packet is discarded and an ICMP [|time exceeded in transit] message is sent to the datagram's source address.
Many commonly used network utilities are based on ICMP messages. The traceroute command can be implemented by transmitting IP datagrams with specially set IP TTL header fields, and looking for ICMP time exceeded in transit and Destination unreachable messages generated in response. The related ping utility is implemented using the ICMP echo request and echo reply messages.
ICMP uses the basic support of IP as if it were a higher-level protocol, however, ICMP is actually an integral part of IP. Although ICMP messages are contained within standard IP packets, ICMP messages are usually processed as a special case, distinguished from normal IP processing. In many cases, it is necessary to inspect the contents of the ICMP message and deliver the appropriate error message to the application responsible for transmitting the IP packet that prompted the ICMP message to be sent.
ICMP is a network-layer protocol. There is no TCP or UDP port number associated with ICMP packets as these numbers are associated with the transport layer above.
Datagram structure
The ICMP packet is encapsulated in an IPv4 packet. The packet consists of header and data sections.Header
The ICMP header starts after the IPv4 header and is identified by IP protocol number '1'. All ICMP packets have an 8-byte header and variable-sized data section. The first 4 bytes of the header have fixed format, while the last 4 bytes depend on the type/code of that ICMP packet.; Type : ICMP type, see [|Control messages].
; Code : ICMP subtype, see Control messages.
; Checksum : Internet checksum for error checking, calculated from the ICMP header and data with value 0 substituted for this field.
; Rest of Header : Four-bytes field, contents vary based on the ICMP type and code.
Data
ICMP error messages contain a data section that includes a copy of the entire IPv4 header, plus at least the first eight bytes of data from the IPv4 packet that caused the error message. The maximum length of ICMP error messages is 576 bytes. This data is used by the host to match the message to the appropriate process. If a higher level protocol uses port numbers, they are assumed to be in the first eight bytes of the original datagram's data.The variable size of the ICMP packet data section has been exploited. In the "Ping of death", large or fragmented ICMP packets are used for denial-of-service attacks. ICMP data can also be used to create covert channels for communication. These channels are known as ICMP tunnels.
Control messages
Control messages are identified by the value in the type field. The code field gives additional context information for the message. Some control messages have been deprecated since the protocol was first introduced.| Type | Code | Status | Description |
| 0 – Echo Reply | 0 | Echo reply | |
| 1 and 2 | Reserved | ||
| 3 – Destination Unreachable | 0 | Destination network unreachable | |
| 3 – Destination Unreachable | 1 | Destination host unreachable | |
| 3 – Destination Unreachable | 2 | Destination protocol unreachable | |
| 3 – Destination Unreachable | 3 | Destination port unreachable | |
| 3 – Destination Unreachable | 4 | Fragmentation required, and DF flag set | |
| 3 – Destination Unreachable | 5 | Source route failed | |
| 3 – Destination Unreachable | 6 | Destination network unknown | |
| 3 – Destination Unreachable | 7 | Destination host unknown | |
| 3 – Destination Unreachable | 8 | Source host isolated | |
| 3 – Destination Unreachable | 9 | Network administratively prohibited | |
| 3 – Destination Unreachable | 10 | Host administratively prohibited | |
| 3 – Destination Unreachable | 11 | Network unreachable for ToS | |
| 3 – Destination Unreachable | 12 | Host unreachable for ToS | |
| 3 – Destination Unreachable | 13 | Communication administratively prohibited | |
| 3 – Destination Unreachable | 14 | Host Precedence Violation | |
| 3 – Destination Unreachable | 15 | Precedence cutoff in effect | |
| 4 – Source Quench | 0 | Source quench | |
| 5 – Redirect Message | 0 | Redirect Datagram for the Network | |
| 5 – Redirect Message | 1 | Redirect Datagram for the Host | |
| 5 – Redirect Message | 2 | Redirect Datagram for the ToS & network | |
| 5 – Redirect Message | 3 | Redirect Datagram for the ToS & host | |
| 6 | Alternate Host Address | ||
| 7 | Reserved | ||
| 8 – Echo Request | 0 | Echo request | |
| 9 – Router Advertisement | 0 | Router Advertisement | |
| 10 – Router Solicitation | 0 | Router discovery/selection/solicitation | |
| 11 – Time Exceeded | 0 | TTL expired in transit | |
| 11 – Time Exceeded | 1 | Fragment reassembly time exceeded | |
| 12 – Parameter Problem: Bad IP header | 0 | Pointer indicates the error | |
| 12 – Parameter Problem: Bad IP header | 1 | Missing a required option | |
| 12 – Parameter Problem: Bad IP header | 2 | Bad length | |
| 13 – [|Timestamp] | 0 | Timestamp | |
| 14 – Timestamp Reply | 0 | Timestamp reply | |
| 15 – Information Request | 0 | Information Request | |
| 16 – Information Reply | 0 | Information Reply | |
| 17 – Address Mask Request | 0 | Address Mask Request | |
| 18 – Address Mask Reply | 0 | Address Mask Reply | |
| 19 | reserved | Reserved for security | |
| 20 through 29 | reserved | Reserved for robustness experiment | |
| 30 – Traceroute | 0 | Information Request | |
| 31 | Datagram Conversion Error | ||
| 32 | Mobile Host Redirect | ||
| 33 | Where-Are-You | ||
| 34 | Here-I-Am | ||
| 35 | Mobile Registration Request | ||
| 36 | Mobile Registration Reply | ||
| 37 | Domain Name Request | ||
| 38 | Domain Name Reply | ||
| 39 | SKIP Algorithm Discovery Protocol, Simple Key-Management for Internet Protocol | ||
| 40 | Photuris, Security failures | ||
| 41 | ICMP for experimental mobility protocols such as Seamoby | ||
| 42 – Extended Echo Request | 0 | Request Extended Echo | |
| 43 – Extended Echo Reply | 0 | No Error | |
| 43 – Extended Echo Reply | 1 | Malformed Query | |
| 43 – Extended Echo Reply | 2 | No Such Interface | |
| 43 – Extended Echo Reply | 3 | No Such Table Entry | |
| 43 – Extended Echo Reply | 4 | Multiple Interfaces Satisfy Query | |
| 44 through 252 | Reserved | ||
| 253 | RFC3692-style Experiment 1 | ||
| 254 | RFC3692-style Experiment 2 | ||
| 255 | reserved | Reserved |
Redirect
Redirect requests data packets be sent on an alternative route. ICMP Redirect is a mechanism for routers to convey routing information to hosts. The message informs a host to update its routing information. If a host tries to send data through a router and R1 sends the data on another router and a direct path from the host to R2 is available, then R1 will send a redirect message to inform the host that the best route for the destination is via R2. The host should then send packets for the destination directly to R2. The router will still send the original datagram to the intended destination. However, if the datagram contains routing information, this message will not be sent even if a better route is available. RFC 1122 states that redirects should only be sent by gateways and should not be sent by Internet hosts.Where:
Time exceeded
Time Exceeded is generated by a gateway to inform the source of a discarded datagram due to the time to live field reaching zero. A time exceeded message may also be sent by a host if it fails to reassemble a fragmented datagram within its time limit.Time exceeded messages are used by the traceroute utility to identify gateways on the path between two hosts.
Where:
Timestamp
Timestamp is used for time synchronization. The originating timestamp is set to the time the sender last touched the packet. The receive and transmit timestamps are not used.Where:
Timestamp reply
Timestamp Reply replies to a Timestamp message. It consists of the originating timestamp sent by the sender of the Timestamp as well as a receive timestamp indicating when the Timestamp was received and a transmit timestamp indicating when the Timestamp reply was sent.Where:
Address mask request
Address mask request is normally sent by a host to a router in order to obtain an appropriate subnet mask.Recipients should reply to this message with an Address mask reply message.
Where:
ICMP Address Mask Request may be used as a part of reconnaissance attack to gather information on the target network, therefore ICMP Address Mask Reply is disabled by default on Cisco IOS.
Address mask reply
Address mask reply is used to reply to an address mask request message with an appropriate subnet mask.Where:
Destination unreachable
Destination unreachable is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason. Reasons for this message may include: the physical connection to the host does not exist ; the indicated protocol or port is not active; the data must be fragmented but the 'don't fragment' flag is on. Unreachable TCP ports notably respond with TCP RST rather than a destination unreachable type 3 as might be expected. Destination unreachable is never reported for IP Multicast transmissions.Where:
RFCs
- RFC 792, Internet Control Message Protocol
- RFC 950, Internet Standard Subnetting Procedure
- RFC 1016, Something a Host Could Do with Source Quench: The Source Quench Introduced Delay
- RFC 1122, Requirements for Internet Hosts – Communication Layers
- RFC 1716, Towards Requirements for IP Routers
- RFC 1812, Requirements for IP Version 4 Routers