Exploring ICMP Protocol with Examples

Updated: Aug 11

Internet Control Message Protocol (ICMP) is a network layer protocol that serves the purpose of error reporting and network path diagnostic functions.


The Ping and Traceroute utility tools leverage ICMP messages for fault detection and isolation.


ICMP messages are sent using a basic IP header. The protocol field in IP header will be set to ICMP followed by the ICMP payload.



How does ICMP work?

ICMP is not a transport protocol that sends data between systems.


  • ICMP is not used regularly in end-user applications. It is used by network administrators to troubleshoot internet connections in diagnostic utilities including ping and traceroute.

  • ICMP is not associated with any transport layer protocol, such as Transmission Control Protocol (TCP) or User Datagram Protocol (UDP).

  • It is a connectionless protocol, meaning a device does not need to open a connection with the target device before sending a message.




ICMP Packet Structure

ICMP is part of IP, and it relies on IP to transmit its messages. ICMP contains a relatively small header that changes depending on its purpose. The ICMP header contains the following fields:


  • Type The type or classification of the ICMP message, based on the RFC specification

  • Code The subclassification of the ICMP message, based on the RFC specification

  • Checksum Used to ensure that the contents of the ICMP header and data are intact upon arrival

  • Variable A portion that varies depending on the Type and Code fields



ICMP Type

The first 8 bits are the message types. The type provides a brief explanation of what the message is for so the receiving network device knows why it is getting the message and how to treat it.


For example, a Type 8 Echo is a query a host sends to see if a potential destination system is available. Upon receiving an Echo message, the receiving device might send back an Echo Reply (Type 0), indicating it is available.


Common ICMP Types

Some common message types include the following:

Type 0 -- Echo reply

Type 3 -- Destination unreachable

Type 8 -- Echo

Type 5 -- Redirect


Internet Assigned Numbers Authority (IANA) provides a list of all message types ICMP packets use.



Generate ICMP Packet with Ping Command

We can use ping command to test the network connectivity and the speed of data relay.


It's one of the few instances where a user can interact directly with ICMP, which typically only functions to allow networked computers to communicate with one another automatically.


Let's send an ICMP packet with ping command like below.


$ ping google.com
PING google.com (172.217.25.14): 56 data bytes
64 bytes from 172.217.25.14: icmp_seq=0 ttl=111 time=49.412 ms



Capture ICMP Packet with Tcpdump Command

At the same time, we can capture packets with the following tcpdump command.


# tcpdump -i utun1 -vvvv icmp -A -X -c 1 and dst google.com

Next, we can copy this packet to this online packet analysis tool to decode.


45 00 00 54 89 82 00 00 40 01 BB 95 0A 4F 65 5B AC D9 19 0E 08 00 EC FC C9 50 00 00 60 2B 97 D8 00 08 5E A3 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F 20 21 22 23 24 25 26 27 28 29 2A 2B 2C 2D 2E 2F 30 31 32 33 34 35 36 37



Analysis of ICMP Packets

From the below chart, we can see that there are two protocols in this packet (IPv4 and ICMP).


For this packet, the type is 8 and code 0. It is an ICMP Echo request.

The length is 64 bytes.

From the ICMP part, there is no port number.




Related:

Exploring ICMP Protocol with Examples

Understanding Ping Command and ICMP with Examples

Exploring ICMP Port Number with Example

Capture ICMP Packets With Tcpdump






172 views
learn.png
cloud.png
genius.png