Exploring ICMP Port Number with Example
Updated: Aug 19
The ICMP packet does not have source and destination port numbers because it was designed to communicate network-layer information between hosts and routers, not between application layer processes.
Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being received. Since the network software itself interprets all ICMP messages, no port numbers are needed to direct the ICMP message to an application layer process.
Today we are going to show you if ICMP has a port number with an example.
What does ICMP Stand for?
ICMP stands for Internet Control Message Protocol. The primary purpose of ICMP is for error reporting A good example is the “ping” utility which uses an ICMP request and ICMP reply message.
When a certain host is unreachable, ICMP might send an error message to the source. We will use ping command in our example.
What is the ICMP Port number?
ICMP has no concept of ports, as TCP and UDP do, but instead uses types and codes.
There is no port number associated with ICMP packets. We will use this example to demonstrate it.
Let's send an ICMP packet with ping command like below.
$ ping google.com PING google.com (184.108.40.206): 56 data bytes 64 bytes from 220.127.116.11: icmp_seq=0 ttl=111 time=49.412 ms
Capture ICMP Packet with Tcpdump Command
At the same time, we can capture packets with the following tcpdump command. Here are more details about how to capture ICMP packets with tcpdump.
# tcpdump -i utun1 -vvvv icmp -A -X -c 1 and dst google.com
This is the output of tcpdump command.
tcpdump: listening on utun1, link-type NULL (BSD loopback), capture size 262144 bytes 18:00:56.548635 IP (tos 0x0, ttl 64, id 35202, offset 0, flags [none], proto ICMP (1), length 84) 10.79.101.91 > hkg07s24-in-f14.1e100.net: ICMP echo request, id 51536, seq 0, length 64 0x0000: 4500 0054 8982 0000 4001 bb95 0a4f 655b E..T....@....Oe[ 0x0010: acd9 190e 0800 ecfc c950 0000 602b 97d8 .........P..`+.. 0x0020: 0008 5ea3 0809 0a0b 0c0d 0e0f 1011 1213 ..^............. 0x0030: 1415 1617 1819 1a1b 1c1d 1e1f 2021 2223 .............!"# 0x0040: 2425 2627 2829 2a2b 2c2d 2e2f 3031 3233 $%&'()*+,-./0123 0x0050: 3435 3637 4567 1 packet captured
Next, we can copy this packet to this online packet analysis tool to decode.
45 00 00 54 89 82 00 00 40 01 BB 95 0A 4F 65 5B AC D9 19 0E 08 00 EC FC C9 50 00 00 60 2B 97 D8 00 08 5E A3 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37
From the following chart, we can see that there are two protocols in this packet (IPv4 and ICMP). From the ICMP part, there is no port number.
Conclusion: ICMP doesn't have port numbers by design.
ICMP type is the first 8 bits in the ICMP message header. It provides a brief explanation of what the message is for so the receiving network device knows why it is getting the message and how to treat it.
ICMP does have some types. From the above example, we can see that the type for that packet is 8 which means this is an Echo request.
Here are common ICMP types :
0 Echo Reply
3 Destination Unreachable
4 Source Quench
11 Time Exceeded
ICMP doesn’t have a source or destination port number because it’s not a transport layer protocol like TCP and UDP. ICMP is part of the networking layer and is encapsulated by IP.
ICMP is assigned Protocol Number 1 in the IP suite according to IANA.org.