ICMP type is the first 8 bits in the ICMP message header. It provides a brief explanation of what the message is for so the receiving network device knows why it is getting the message and how to treat it. For example, a Type 8 Echo is a query a host sends to see if a potential destination system is available. Upon receiving an Echo message, the receiving device might send back an Echo Reply (Type 0), indicating it is available.
Here are the widely used ICMP types:
- Type 0 — Echo reply
- Type 3 — Destination unreachable
- Type 8 — Echo
- Type 5 — Redirect
Internet Assigned Numbers Authority (IANA) provides a list of all message types ICMP packets use.
ICMP Type and ICMP Codes
Each ICMP Type can have 1 or more Codes related to it. For example the Type 0 has only 1 Code, but Type 3 has 16 Codes — Type 3 is Destination Unreachable, Destination could be unreachable due to any of the reasons mentioned in the 16 Codes corresponding to this Type starting from 0 to 15.
Capture ICMP Type Echo Request Packets
we can use this tcpdump command to filter all ICMP packets. We use eth0 network interface in all our examples. Please change it based on the environment.
# tcpdump -i eth0 icmp
To filter ICMP echo-requests, we can use this tcpdump command.
# tcpdump -i eth0 “icmp[0] == 8”
These are the packets we get captured with tcpdump command.
14:37:14.555295IP10.79.101.23>108.177.125.101:ICMP echo request, id 61205, seq 0, length 64
Capture ICMP Type Echo Reply Packets
To filter ICMP echo reply requests, we can use this tcpdump command.
# tcpdump -i eth0 “icmp[0] == 0”
These are the packets we get captured with tcpdump command.
21:05:51.164467 IP 66.114.168.201 > 10.79.102.71: ICMP echo reply, id 16790, seq 203, length 64
Related:
Exploring ICMP Protocol with Examples
Understanding Ping Command and ICMP with Examples