Internet Control Message Protocol

Internet Control Message Protocol. It is a supporting protocol within the Internet protocol suite, used by network devices like routers and hosts to send error messages and operational information. Defined in RFC 792 by the Internet Engineering Task Force, it is crucial for diagnostics and network management but is distinct from TCP and UDP as it is not typically used to exchange data between applications. The protocol operates at the Internet layer alongside IP and is integral to utilities like ping and traceroute.

Overview

The protocol was developed in the early 1980s for the ARPANET, a precursor to the modern Internet, to provide a mechanism for reporting delivery problems. It allows gateways and destination hosts to communicate with source hosts, primarily concerning datagram issues. While IP handles the routing and delivery of packets, this companion protocol handles control and error messaging, forming a fundamental feedback system for the network layer. Its design is encapsulated within standard IP datagrams, making it a core component of the TCP/IP model.

Technical details

Messages are generated in response to errors in IP datagrams or for diagnostic and routing purposes. Each message type has a specific format, beginning with a Type, Code, and Checksum field, followed by variable data that often includes the header and the first 64 bits of the offending datagram. These messages are carried as the payload of standard IPv4 or IPv6 packets, with protocol numbers 1 and 58, respectively. Notable implementations include the Echo Request and Echo Reply messages used by the ping command, and the Time Exceeded message central to traceroute.

ICMP message types

Messages are broadly categorized into error messages and query messages. Key error messages include Destination Unreachable, Source Quench (largely obsolete), Redirect, and Time Exceeded. Important query messages comprise Echo Request/Echo Reply, Timestamp, and Address Mask Request. For IPv6, a parallel protocol known as ICMPv6 was defined in RFC 4443, which incorporates additional functions like Neighbor Discovery Protocol and is essential for the operation of Stateless Address Autoconfiguration. The Internet Assigned Numbers Authority maintains the official registry of all type and code values.

Applications and uses

The most common application is the ping utility, which uses Echo messages to test reachability and measure round-trip delay time across a network. The traceroute tool leverages Time Exceeded and Destination Unreachable messages to map the path packets take. Network administrators use these tools for troubleshooting connectivity issues, measuring performance, and discovering network topology. Furthermore, protocols like Path MTU Discovery rely on specific messages to determine the maximum transmission unit size along a path, optimizing data transfer.

Security considerations

The protocol can be exploited in various network attacks due to its role in network discovery and feedback. Smurf attacks involve sending spoofed Echo Requests to a broadcast address, generating overwhelming traffic toward a victim. Ping floods are a simple form of denial-of-service attack. ICMP tunneling can be used to covertly exfiltrate data or establish unauthorized command and control channels. Many network firewalls, such as those from Cisco Systems, are configured to restrict or filter certain message types to mitigate these risks while allowing essential diagnostic traffic.

Category:Internet protocols Category:Network layer protocols Category:Internet standards