ICMP (Internet Control Message Protocol) is located at the Network layer of the OSI model (or just above it in the Internet layer, as some argue), and is an integral part of the Internet Protocol suite ( commonly referred to as TCP/IP).
ICMP is assigned Protocol Number 1 in the IP suite according to IANA.org. Designed to act as an error reporting and query service, it plays a crucial role in the host-to-host datagram service in network communication.
It is the part of the IP service that acts as the feedback system in network IP communication, making sure that undeliverable packets are reported to the sending host, such as the router or the gateway.
Any IP network device can send ICMP datagrams, including network interface cards and other devices that are commonly used in your environment.
What is ICMP?
ICMP’s role in network communication can be likened to a team that is assembling an automobile using parts being sent from the manufacturer. The manufacturer is sending the parts one by one, assuming that they are being received by the assembly crew.
Occasionally, though, a part does not arrive as scheduled, or parts are being slowed down via their usual delivery method and a faster way of getting parts to assembly exists.
The assembly crew needs a way to notify the manufacturer to resend the missing part or to send the parts via a different, faster shipper or route. ICMP plays this role of the messenger that relays information from the receiver to the sender.
This protocol is a fairly complex. Not only does it report undeliverable packets and unreachable hosts, it also sends redirect messages, echo and echo reply messages and others discussed below. (Echo/echo reply messages are used by the well-known PING command, which allows a user to send an echo to a receiving host, which sends an echo reply if echo is received). ICMP messages provide the system with a way to notify the source host if the remote host is not receiving the transmitted packets.
ICMP does not help IP be more dependable and it does not receive or send any actual data. It simply exists as a feedback system, a resource to identify problems with lost packets and broken data routing.
One of the most well-known and useful messages in an ICMP datagram is the Destination Unreachable message. Destination Unreachable messages are generated for several reasons, including unable to reach a network, a host, a port, or a protocol.
A router sends these Destination Unreachable messages back to the host, which then usually sends it to the application that generated the original packet. The error messages let the application know to try again and, if needed, the host application can generate an error message to the user of the application, notifying them of network connectivity problems.
It is important to know that even though Destination Unreachable messages are the ones that people know best through the PING utility, they are not all that there is to ICMP. Other important messages include the Redirect message, which a gateway uses to let the host know to send traffic to a different router.
Time Exceeded is used by a router to tell the host that a packet has exceeded its Time to Live (TTL) and has been discarded; when a host starts receiving Time Exceeded packets, it may be an indication that a feedback loop exists somewhere downstream. Source Quench messages are sent from a router to a host, letting it know that its buffering capacity is full and to briefly pause transmissions to allow it to catch up. Other types of messages include Parameter Problem, Address Mask Request & Reply and Timestamp, among others.
ICMP will not send messages about ICMP messages; if this were to happen, it would create a feedback loop – a returned ICMP message would generate an ICMP message back to the other side, which would generate another message, and so on, creating a storm of ICMP packets that would quickly flood a network.
For this same reason, ICMP will not reply to broadcast or multicast addresses. Unlike other IP protocols such as TCP and UDP, ICMP does not exchange data between hosts. As a general rule, end users do not interact with this protocol except for a limited number of diagnostic tools, such as ping and traceroute, used to troubleshoot network and Internet connections.
ICMP can be exploited to attack computers with what is known as the “Ping of Death”, which is a common Cyber attack that can cause Denial of Service issues in your networks.
An IP packet designed to overflow a target computer’s buffer is sent in an attempt to crash its system. Another attack consists of floods of ping requests that prevent normal traffic from getting to the targeted computer. These attacks are relatively simple to prevent by implementing checks of IP fragments in the reassembly process.
ICMP messages are datagrams encapsulated within IP packets, and is used by both IPv4 (ICMPv4) and IPv6 (ICMPv6) protocols. These packets start with an IP header, followed by the ICMP header, type and code, checksum, and data. The data depends on the type and code fields, which identify the ICMP message being sent.
One of the most important parts of the Internet Protocol suite, ICMP serves a crucial role in IP network communication. It ensures that a transmitting host knows if its packets are not being received by the remote host, providing crucial information regarding network problems as well as helping hosts transmit data more efficiently.
Network technicians and administrators also use it as a diagnostic tool to help identify points of failure in the network. An ultimately indispensable tool in our constant, endless flow of billions and billions of IP packets sent around the world every second of every day.