What is ICMP
ICMP (Internet Control Message Protocol) is one of the ISO/OSI network layer protocol. Its task is to operate a control function of correctness of the working network. With the help of ICMP it is possible to send different kinds of low-level messages about detected abnormalities during network connections. Practically, the whole communication between particular computers or other devices with the use of ICMP protocol is held in a way which is invisible for the final user. The only exceptions here are the ping and traceroute tools.
Communication with the use of the ICMP protocol means sending proper information about mistakes detected during the connection between two devices. A single piece of information has the suitably formed package (Datagram) which subsequently will be subjected to encapsulation in the IP protocol frame. Against a common belief, the ICMP protocol uses for its functioning neither TCP nor UDP protocols so it does not use any network ports.
Operation code field in a heading of ICMP packet defines a kind of content in a message, dependent on its type. For example, the packet of a type 3(Destination Unreachable) can contain the following operation codes in a second byte of the heading:
0 Destination network is unreachable.
1 Destination device (host) is unreachable.
2 Destination protocol is unreachable (or not supported).
3 Destination port is unreachable.
4 The packet must be subjected to fragmentation whereas a flag DF (“don’t fragment”) has been set.
5 Trace route is incorrect.
6 Unknown destination networks
7 Unknown destination devices (host)
8 Sender’s host unavailable
9 Access to network is forbidden
10 Access to device (host) is forbidden
11 Settings of the Type of Service field (in the IP heading) make an access to destination network unavailable.
12 Settings of the Type of Service field (in the IP heading) make an access to destination network unavailable.
13 Communication is forbidden
Examples of the ICMP protocol are:
· Ping – one of the tools occurring in almost every system supporting the TCP/IP protocol. With its help destination packets ICMP ECHO_REQUEST are sent to the destination computer. After receiving such message a remote device should reply with the use of ECHO_REPLY. On this basis it is possible to define whether the network configuration enables connecting with the remote machine and allows evaluating its load based on information concerning the number of lost packets or the time of reply.
· Traceroute– a tool that enables to define through which routers the packet goes on a way to a remote computer. At the beginning a local computer sends the ECHO_REQUEST packet to a remote device with the TTL (Time to Live) parameter set on 1. The first router reduces the TTL by one, in other words to zero, deletes the packet and sends back the ICMP TIME_EXCEEDED message to the receiver. The destination computer repeats sending ECHO_REQUEST but with TTL set on the value 2. First of routers reduces TTL to 1, the second does the same, setting on 0 so it will delete the packet again and will send the TIME_EXCEEDED message. This situation repeats until the packet gets to the remote computer which will send back the ECHO_REPLY message to a sender.