logo

Computer Networks

ICMP (Internet Control Message Protocol)

Easy
15 min

What is ICMP?

Internet Control Message Protocol (ICMP) is a network protocol designed to provide feedback and error reporting mechanisms that can exchange important information about the network state and resolve connection issues.

ICMP message types and codes

There are different types of ICMP messages, and they are classified into different types and codes. Each message type has its own purpose and significance. Examples of common ICMP message types include:

  • Echo Request (ping)
  • Echo Reply (ping response)
  • Destination Unreachable (destination unreachable)
  • Time Exceeded (timeout).

Ping

Ping, which is already familiar to many, is a useful tool that is used to test network connections and assess accessibility.

Ping functionality is based on ICMP Echo Request and Echo Reply messages. The Ping tool sends an Echo Request message to the designated device, and the device should respond with an Echo Reply message if it is available and reachable.

  1. The sending device creates an ICMP Echo Request message, which includes a specific identifier and the sender's information.
  2. The ICMP Echo Request message is sent to the specified target device.
  3. When the target device receives an ICMP Echo Request message, it creates an ICMP Echo Reply message that contains the same identifier and responder information.
  4. ICMP Echo Reply message is sent back to the sending device.
  5. When the transmitting device receives an ICMP Echo Reply message, it checks the identifier and confirms the connectivity.

Traceroute

Traceroute is a useful tool used to track the routing path and nodes of networks. Traceroute uses UDP datagrams and ICMP Time Exceeded messages to track the routing path.

When a UDP datagram reaches a network device and its TTL value reaches zero, the node sends an ICMP Time Exceeded message back to the sender. And when the datagram finally reaches the destination without TTL expiration, if the routing path cannot reach the destination, the destination node sends an ICMP Destination Unreachable message.

  1. Traceroute starts by sending a UDP datagram to the first router with a TTL value of 1.
  2. The first router sends an ICMP Time Exceeded message indicating that the TTL has been exceeded.
  3. Traceroute sends the same UDP packet again, but this time the TTL value is 2.
  4. This time a UDP datagram goes one hop further, and another router along the way returns an ICMP Time Exceeded message.
  5. The process continues until the ICMP packet reaches the destination node, which responds with an ICMP Destination Unreachable message. The reason for this is that traceroute uses a random UDP port in the UDP datagram, which is almost certainly not open. In other words, when trying to connect to a UDP port that is not listening, the response will be an ICMP "Destination Unreachable" message.
  6. Based on these ICMP messages, Traceroute returns information about each hop and their respective round-trip times.

Test your knowledge

How does the Ping tool work?

How does the Traceroute tool work?

hakatemia pro

Ready to become an ethical hacker?
Start today.

As a member of Hakatemia you get unlimited access to Hakatemia modules, exercises and tools, and you get access to the Hakatemia Discord channel where you can ask for help from both instructors and other Hakatemia members.