ICMP Protocol
Introduction:
ICMP (Internet Control Message Protocol) is a network layer (layer 3) protocol used for troubleshooting and reporting errors. ICMP is used by IP protocol to provide error reporting as IP protocol does not have an inbuilt mechanism for error control. Any network device that uses TCP/IP has the capability to send, receive or process ICMP messages.
Reporting errors: ICMP is used to report errors to the source if the data could not reach to the destination in a way as expected. For example, sometimes packets of data may be too big for a router to manage. In that case, the router will not forward the data to destination but will discard the data packet and will transmit an ICMP message to sender informing about the issue.
Troubleshooting: Ping and traceroute are used for checking two way reachability in a network. Both ping and traceroute use ICMP for their functioning.
ICMP Packet:
Type: (ICMP type): It specifies the type of ICMP message. For example, type 8 is used for an “ICMP Echo request”, type 0 is used for an “ICMP Echo reply”, type 3 is used for “Destination unreachable” and type 11 is used for “Time exceeded message”.
Code: (ICMP subtype): Code specifies what kind of ICMP message it is. If the type does not have any codes defined, the code field is set to zero. For example, the destination unreachable message (type 3) has 16 different codes in which Code 0 means that the destination network is unreachable, code 1 means that the destination host is unreachable, code 3 means that the destination port is unreachable and so on. Similarly, time exceeded message (type 11) uses 2 different codes, code 0 and code 1. Code 0 represents TTL exceeded in transit and code 1 represents that host has not received all the fragments of the packet in the specified time interval.
Checksum: Checksum field is used to see if the ICMP header is corrupt or not.
The remaining part of the header depends on the ICMP message type being used.
Classification:
ICMP messages are mainly divided into two categories :
- Error reporting messages
- Query messages
Error reporting message: Error Reporting Messages are used to report errors encountered while processing the IP packets. Time exceeded message, source quench message, destination unreachable message are some examples of error reporting messages.
- Time Exceeded Message: The router sends this message to source when it finds TTL value to be zero. This message is also send by the host when it does not receive all the packets in the specified time interval.
- Destination Unreachable Message: This message is send by the router to source when the router is unable to route the data to the destination.
- Source Quench Message: This message is send by the router if there is congestion or when the source transmits packets at a higher rate which the router can’t handle.
Query message: Query messages are those messages that help the host to get specific information about another host. The ICMP echo request and the ICMP echo reply messages are examples of query messages.
Priority:
In order to prevent ICMP messages from flooding the network they are given no special priority (DSCP value = 0). Also ICMP messages are not sent in response to other ICMP messages since it could result in a loop formation. ICMP messages are also not sent in response to multicast , broadcast, zero and loopback addresses.
