INTERNET CONTROL MESSAGE PROTOCOL

The Diagnostic
Backbone of IP

ICMP is not a transport protocol for user data. It is the control plane of the Internet, used by network devices to send error messages and operational information.

Type (8 bits) Code (8 bits) Checksum (16 bits)

Packet Structure

Header Format (First 4 Bytes)

Type
Identifies the message (e.g., 8=Echo, 3=Dest Unreachable)
Code
Provides more granularity (e.g., Type 3, Code 0 = Net Unreachable)
Checksum
Error checking for ICMP header + data

REST OF HEADER (4 Bytes)

Content varies by type. For Echo (Ping), it contains Identifier and Sequence Number.

Common Message Types

8

Echo Request

Used by the ping utility. "Are you there?"

Type: 0x08
0

Echo Reply

Response to Echo Request. "Yes, I am here."

Type: 0x00
3

Destination Unreachable

Generated by router if protocol/stack is unreachable.

Type: 0x03
11

Time Exceeded

TTL reached zero. Used by Traceroute to map paths.

Type: 0x0B
5

Redirect

Router tells host to use a different route (rare now).

Type: 0x05

The Ping Utility

Ping is the most common use of ICMP. It measures the round-trip time (RTT) for messages sent from the originating host to a destination computer.

How it works:

  1. Source sends Type 8 (Echo Request).
  2. Destination receives it and checks integrity.
  3. Destination sends back Type 0 (Echo Reply).
  4. Source calculates time difference.

$ ping 8.8.8.8 -c 4

PING 8.8.8.8 (8.8.8.8): 56 data bytes

64 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=14.2 ms

64 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=13.9 ms

64 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=14.1 ms

--- 8.8.8.8 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss

Host A
Host B

Traceroute Mechanism

Traceroute uses ICMP Time Exceeded messages or Port Unreachable errors to map the route packets take to a network host.

1. Set TTL to 1

Source sends packet with TTL=1.

2. First Router Decrements TTL

Router 1 receives packet. TTL becomes 0. Router discards packet.

3. ICMP Error Returned

Router 1 sends Type 11 (Time Exceeded) back to Source.

4. Record & Repeat

Source records Router 1's address. Increments TTL to 2. Repeat until destination reached.

Security Implications

Ping of Death

Sending ICMP packets larger than the maximum IPv4 packet size (65,535 bytes). This caused buffer overflows in older systems.

ICMP Flood (DoS)

Overwhelming a target with ICMP Echo Request packets. The target spends all resources replying (Echo Reply), preventing legitimate traffic.

ICMP Redirect Attacks

A malicious actor sends a Type 5 message telling a host to send traffic via a compromised router (Man-in-the-Middle).

Smurf Attack

Spoofing the victim's address and sending ICMP to a broadcast address. Every machine on the network replies to the victim, amplifying traffic.

ICMP Lab Simulator

Execute network diagnostics and visualize packet flow.

Status: ONLINE
network_engineer@lab:~
# ICMP Network Diagnostic Tool v2.0
# Type 'help' for available commands.
# -----------------------------------

Packet Visualization

You
Router 1
Router 2
Target
No packet selected.