Internet Control Message Protocol ICMP (Internet Control Message Protocol) is an error reporting mechanism, an important subprotocol in the TCP/IP protocol cluster, usually used by IP layer or higher layer protocols (TCP or UDP), belongs to the network layer protocol, mainly used to transmit control messages between IP hosts and routers, used to report whether the host is reachable, whether the route is available, etc. Although these control messages do not transmit user data, they play a crucial role in collecting various network information, diagnosing and troubleshooting various network faults, and transmitting user data.
Why do you need ICMP?
In the process of data transmission, IP provides a best-effort service, which refers to doing its best to send data packets to the destination address. It does not verify whether the destination host receives the packet or not, and cannot perform flow control and error control. Therefore, various errors are inevitable during the packet transmission process. ICMP was created to forward IP packets more efficiently and improve the chances of packet delivery success. With ICMP, when there is a problem with packet transmission in the network, the host or device will report the error situation to the upper layer protocol and provide a report on the abnormal situation, so that the upper layer protocol can judge whether the communication is correct through its own error control program for traffic control and error control, so as to ensure service quality.
What are the application scenarios of ICMP?
Error reporting
ICMP error messages report network errors such as destination unreachable, timeouts, or segmentation issues. These messages are especially important for User Datagram Protocol (UDP) with a connectionless communication model.
UDP does not provide reliable, orderly packet transmission. When sending UDP packets, packets can be lost or may fail such as checksum errors during transmission. If this happens, the receiver sends an ICMP error report message back to the sender to notify the issue.
Diagnosis
You can use ICMP for network diagnostics. It is most commonly used for ping and traceroute commands.
The ping command tests the accessibility of network devices by sending ICMP echo request packets to the target device. If the device is accessible, an ICMP echo reply is returned. It reliably checks network latency and ensures device availability.
The traceroute command traces the path taken by the packet from its source to its destination. To do this, the command sends the echo request and echo reply message to the intended destination.
Echo requests contain a time-to-live (TTL) value that is reduced by 1 for each router that the packet passes through. When a packet reaches a router with a zero TTL, the router sends an ICMP message to the source end.
The message contains information about the route taken by the packet. Traceroute shows the exact path of the packet and can provide you with details about your network performance.
Cybersecurity
You can use ICMP to detect unauthorized network traffic and only allow legitimate traffic to pass through the network. Firewalls use ICMP to allow or block certain types of traffic. Network administrators also use ICMP monitoring tools to track the status and connectivity of network devices and detect unknown devices.
You can also use it to spot unusual traffic patterns that may indicate unauthorized activity.
ICMP protocol message format
The ICMP packet format is shown in the figure, and each ICMP message contains the full IP header of the packet that originated the ICMP message, and the ICMP packet is encapsulated inside the IP packet as part of the IP packet. The three fixed fields included in the ICMP header are the main basis for the source device to determine the type of error occurring.
The Type field indicates the type of ICMP message;
The Code field represents a subtype of the ICMP message type segment;
The Checksum field represents the checksum of ICMP packets.
Different types of ICMP packets are divided into two types: error packets and query packets, as shown in the ICMP packet classification table.
ICMP Packet Classification
Type | | | | 0-Echo response | 0 | Echo responds to the message | Inquire | 3- The purpose is unattainable | 0 | The target network cannot reach the packet | Error | 1 | The target host cannot reach the packet | Error | 2 | The target agreement cannot reach the packet | Error | 3 | The destination port cannot reach the packet | Error | 4 | Segmentation and DF flag messages | Error | 5 | Source route failed packets | Error | 6 | Unknown destination network packets | Error | 7 | Unknown destination host packets | Error | 8 | The source host isolates packets | Error | 9 | Network packets that are prohibited from being accessed | Error | 10 | Host messages that are prohibited from being accessed | Error | 11 | Packets are not reachable for a specific TOS network | Error | 12 | Packets are not reachable to a specific TOS host | Error | 13 | Packets are suppressed due to filtering network traffic | Error | 14 | Host overstepping authority message | Error | 15 | Priority termination effective message | Error | 5- Redirect | 0 | Redirect network packets | Error | 1 | Redirect host packets | Error | 2 | TOS-based network redirection packets | Error | 3 | TOS-based host redirect packets | Error | 8- Echo request | 0 | Echo requests packets | Inquire | 9- Router Announcement | 0 | Routing announcement messages | Inquire | 10 - Router request | 0 | Discover/select/request packets for routers | Inquire | 11 - ICMP timeout | 0 | TTL timeout message | Error | 1 | Sharding and reorganizing timeout packets | Error | 12- Parameter problems | 0 | The first parameter error message of the IP report | Error | 1 | Missing the required option packets | Error | 2 | Unsupported length packets | Error | 13- Timestamp request | 0 | Timestamp request packets | Inquire | 14-Timestamped response | 0 | Timestamped reply packets | Inquire | 15- Request for information | 0 | Information request packets | Inquire | 16- Information response | 0 | message response packets | Inquire |
Difference between ICMP vs TCP
TCP is a connection-oriented protocol for reliable, error-checked data transmission. It is commonly used for web browsing, email, remote login, and file transfer applications. TCP requires a handshake, a series of messages that establish trust and authentication between the sender and receiver. TCP guarantees message delivery.
In contrast, Internet Control Message Protocol (ICMP) is a connectionless protocol. It does not guarantee message delivery. Since ICMP is only used for error reporting, ICMP messages are also smaller than TCP packets.
ICMP and TCP are used together to determine the cause of TCP transmission failure. |
Posted on 3/2/2026 2:44:38 PM
|
|
|
|
Landlord|
Posted on 3/3/2026 8:24:27 PM
|
