What is the Internet Control Message Protocol (ICMP)?
The Internet Control Message Protocol (ICMP) is one of the foundational network protocols included in the Internet Protocol (IP) suite. Unlike the Transport Control Protocol (TCP) or the User Datagram Protocol (UDP), ICMP isn’t intended to carry data over the network.
Instead, ICMP is a messaging protocol that can be used to communicate between network devices. Common applications of ICMP are error handling or providing control messages for other protocols.
How Does ICMP Work?
ICMP is primarily used to send short messages between networking systems. Some of its main features include:
- Simple Structure: ICMP packets consist of a small header and a payload. The main features of the header are the type and code — which define the purpose of the message — and a checksum for error correction.
- IP Encapsulation: Like TCP and UDP packets, ICMP packets are typically encapsulated within an IP packet. This provides the information needed to get the packet to its intended destination.
By encapsulating its packets within IP packets and using a simple structure, ICMP reduces the footprint of these messages. It also has dedicated message types designed to accomplish particular functions. For example, there are ICMP packets for Destination Unreachable, Echo Request, and Echo Reply, which are used for various purposes.
Common Applications of ICMP Packets
ICMP packets are used for a few different purposes, including by built-in utilities and various networking tools. Some common applications of ICMP packets include:
- Ping: Ping is a utility built into Windows and Unix operating systems and is designed to see if a particular host is reachable. The ping tool will send a few ICMP messages to the target and watch for replies.
- Traceroute: Traceroute is used to determine the route that a packet travels to a particular destination. This is accomplished by sending multiple ping packets with varying time-to-live (TTL) values. By incrementing the TTL value up from zero, the ping packets will fail at different points on their route, resulting in the router at that hop sending back an ICMP error packet that reveals its IP address.
- Network Scanners: Network scanners can use ICMP packets for various purposes, including incorporating ping and traceroute functionality. They can also use ICMP to map out the architecture of a network.
ICMP and Network Security
ICMP is a useful protocol that can provide valuable information about the state of an organization’s network. Using ICMP, network administrators can diagnose issues and map out their network architectures.
However, this can also make ICMP a security threat if an attacker can use ICMP for the same purpose. For this reason, many organizations will block ICMP packets at the network border with firewall rules. This helps to conceal information and prevents certain ICMP attacks.
ICMP is a foundational network protocol designed to carry messages and help with error handling on the network. Several commonly used networking tools — such as ping and traceroute — use ICMP packets to understand the network architecture and the status of various systems.