The Internet Control Message Protocol (ICMP) is a utility used for error reporting and diagnostic purposes in computer networks. ICMP is part of the Internet Protocol (IP) Suite, and consists of predefined messages with varying purposes. Most aspects of the Internet Control Message Protocol go unnoticed by end users, but a few network tools such as traceroute and ping rely on ICMP messages for their functionality.
At the heart of both the Internet and smaller computer networks is a collection of protocols known as the IP Suite. These protocols specify the formats for messages exchanged between networking devices, and establish rules for how those messages are sent and received. The protocols are also layered, with each layer relying on the one beneath it. The ICMP is part of the second-highest layer, the Internet layer. This layer includes the well known Internet Protocol responsible for the transmission of individual groups of data, called packets, across one or more networks.
ICMP is used to send error messages or diagnostic information between devices, or hosts, using the Internet Protocol. ICMP messages are predefined and may be referred to either by name or type number. Most of these messages are for different types of error reporting. For example, when a particular host cannot be reached, an ICMP message is often generated indicating the specific problem preventing data delivery. Other types of messages are sent if packets become corrupted or if a router or host in a network is congested.
A packet’s maximum size is not predefined, but dictated by the Maximum Transmission Unit (MTU) of a particular network link. Different links can have different MTUs, but a packet must be smaller than the smallest MTU along a given path in order to complete its journey. A technique known as Path MTU Discovery (PMTUD) uses ICMP messages to notify a sender when packets are too large for a particular path segment.
A related protocol known as the ICMP Router Discovery Protocol (IRDP) can facilitate automatic network configuration for hosts that support it. IRDP uses two types of Internet Control Message Protocol messages to announce and discover nearby routers, i.e., hosts that connect two or more networks. A router supporting IRDP will periodically broadcast an ICMP router advertisement message announcing its presence to hosts. Hosts can also send a solicitation message requesting all nearby routers to identify themselves.
Some popular network utilities also rely on the Internet Control Message Protocol. One tool, traceroute, utilizes the ICMP message generated when a packet has expired or exceeded its “time to live” (TTL). By setting an intentionally low TTL value for a packet, traceroute will receive an ICMP Time Exceeded message from the last router the packet reached before expiring. Repeating this process and increasing the TTL value will, in theory, generate a list of all hosts packets are traveling through.
Another tool called ping relies on the ICMP Echo Request message, which is responded to with an ICMP Echo Reply message. Unfortunately, ping can also be abused in a so-called a “smurf attack” when a hacker sends echo requests with falsified sender information, which are then replied to by many other machines. This can congest a network to the point where no legitimate packets can get through, a situation known as denial of service.