LLMpediaThe first transparent, open encyclopedia generated by LLMs

Internet Control Message Protocol

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: RFC 791 Hop 4
Expansion Funnel Raw 67 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted67
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Internet Control Message Protocol
NameInternet Control Message Protocol
AcronymICMP
DeveloperJon Postel, Internet Engineering Task Force
Initial release1981
Latest specRFC 792
ClassificationInternet protocol suite
LayerInternet layer

Internet Control Message Protocol is a supporting protocol in the Internet protocol suite used by Transmission Control Protocol and User Datagram Protocol implementations to send error messages and operational information. It complements Internet Protocol by reporting problems such as unreachable hosts, network congestion, and diagnostic responses originating from routers and hosts. ICMP has been specified and updated through a series of Request for Comments documents managed by the Internet Engineering Task Force and influenced by early work by Jon Postel and the ARPANET community.

Overview

ICMP is designed to exchange control messages between devices implementing Internet Protocol to aid Transmission Control Protocol and User Datagram Protocol operations, facilitate Path MTU Discovery, and support tools like ping and traceroute. Implementations appear in hosts, routers produced by vendors such as Cisco Systems, Juniper Networks, Huawei, and in operating systems including BSD, Linux, Windows NT, and macOS. The protocol operates within the Internet layer and uses IP datagrams to encapsulate messages, interacting with standards and organizations like IETF, IAB, and ISOC.

Message Types and Formats

ICMP defines a hierarchy of message types and codes standardized in RFC 792 and subsequent RFCs; common messages include Echo Request, Echo Reply, Destination Unreachable, Source Quench, Redirect, Time Exceeded, and Parameter Problem. Packet formats include an 8‑byte header with Type, Code, and Checksum fields followed by message-specific data used by implementations in systems such as FreeBSD, OpenBSD, NetBSD, and Microsoft Windows Server. Extensions and related protocols like ICMPv6 for IPv6 and protocols referenced in RFC 1812 and RFC 1122 further detail message semantics for routers and hosts in deployments by Juniper Networks, Arista Networks, and cloud providers such as Amazon Web Services and Google Cloud Platform.

Operation and Use Cases

Operationally, ICMP is emitted by routers and end hosts when IP forwarding detects issues such as unreachable networks, unreachable ports at application servers like those running Apache HTTP Server or nginx, and when TTL expires to support utilities like traceroute. Network engineers use ICMP for diagnostics in environments managed with tools from SolarWinds, Nagios, and Zabbix and in educational settings taught at institutions such as MIT and Stanford University. ISPs including AT&T, Verizon Communications, and Deutsche Telekom monitor ICMP behavior for traffic engineering, while CDNs like Cloudflare and Akamai account for ICMP when designing resilience strategies.

Error Reporting and Diagnostics

ICMP's error reporting supplies sending hosts with information about problems such as Host Unreachable, Network Unreachable, and Fragmentation Needed (used by Path MTU Discovery). Diagnostic utilities—ping (Echo), traceroute (TTL-expired), and vendor tools from Cisco Systems and Juniper Networks—display ICMP responses to troubleshoot connectivity between systems running Oracle Database, Microsoft SQL Server, or web services hosted on Heroku. Standards bodies including IETF working groups and the IAB have analyzed ICMP’s role in diagnostic visibility and its interaction with NATs deployed by companies like Netgear and TP-Link.

Security and Vulnerabilities

ICMP has been involved in security incidents such as amplification in distributed denial-of-service attacks observed in reports from CERT Coordination Center and mitigations recommended by NIST. Tactics like ICMP-based reconnaissance are used by threat groups analyzed by Mandiant and Kaspersky Lab, while defensive strategies appear in guidance from SANS Institute and standards from IETF working groups. Network operators apply access controls in firewalls from Palo Alto Networks, Fortinet, and Checkpoint and rate-limiting on routers to mitigate floods; however, such measures can interfere with legitimate services like IPsec and VPN deployments by Cisco Systems and Fortinet.

Implementation and RFC History

The protocol was first formalized in RFC 792 and has been augmented by related documents including RFC 792 successors and clarifications across the IETF community; ICMPv6 for IPv6 is specified in RFC 4443. Early implementers in the ARPANET era influenced later work by Jon Postel and contributors from organizations such as BBN Technologies and Xerox PARC. Production implementations appear in network stacks of Berkeley Software Distribution derivatives, Microsoft Windows, and embedded systems by Cisco Systems and Juniper Networks; interoperability testing and certification occur in venues like IETF meetings and interoperability events hosted by OTN vendors.

Category:Internet protocols