ICMP
What Is ICMP?
ICMP (Internet Control Message Protocol), a crucial network layer protocol in the TCP/IP suite, facilitates control message exchange for host and router communication. It assesses reachability and route availability, playing a key role in network diagnostics and fault resolution, despite not transmitting user data directly. Despite not carrying user data, these control messages are essential for gathering network information, identifying and addressing network issues, and facilitating the transmission of user data.
Why Do We Need ICMP?
During data transmission, IP provides best-effort services, meaning it endeavors to send data packets to the destination without confirming their reception. IP lacks the capability to perform flow control and error control, leading to inevitable errors during packet transmission. In order to enhance the effectiveness of forwarding IP packets and increase the chances of successful delivery, ICMP comes into play. ICMP allows hosts or devices to report errors and exceptions to upper-layer protocols when packet transmission encounters issues on the network. Upper-layer protocols can then utilize their own error control programs to assess whether communication is normal for flow control and error control, ensuring service quality. In other words, ICMP facilitates the reporting of errors and exceptions, enabling upper-layer protocols to employ their error control procedures to determine communication status and uphold service quality.
How Does ICMP Work?
ICMP serves as an error reporting mechanism in networking. When a packet encounters an error during processing, ICMP is responsible for notifying the source device about the issue. Notably, ICMP doesn't correct errors or inform intermediate network devices; it solely reports errors to the packet source. The ICMP message is encapsulated within an IP datagram, containing information about the source and destination. If the Record Route option is set, it can record node information along the traversal path.
Despite receiving error reports, the source device cannot pinpoint which intermediate device caused the error. However, it can identify the error type through the ICMP message and decide how to retransmit the problematic data packet.
The ICMP message format includes essential fields like Type (indicating the message type), Code (specifying the specific message type), and Checksum (verifying the ICMP message). Various Type and Code values signify distinct ICMP messages, corresponding to different errors during data packet processing. ICMP messages are broadly categorized as error and query messages.
There are scenarios where ICMP does not generate error messages:
-
1. ICMP error messages won't trigger additional ICMP error messages, preventing an endless loop of message generation.
-
2. IP packets destined for broadcast or multicast addresses don't lead to ICMP error messages.
-
3. Packets broadcast at the data link layer won't result in ICMP error messages.
-
4. Non-first IP fragments do not generate ICMP error messages.
-
5. If the source address is not a single host address (e.g., an address of all 0s, loopback address, broadcast address, or multicast address), ICMP error messages are not generated.
ICMP message format
Below is the ICMP message classification:
Typical Applications of ICMP
ICMP is utilized by various network applications for communication and diagnostics. The two most prevalent applications that leverage ICMP are ping and tracert, with an additional focus on Network Quality Analysis (NQA) for network management and monitoring.
Ping:
Ping serves as a fundamental debugging method to assess the reachability of IPv4/IPv6 network devices. By utilizing ICMP echo messages, ping tests the following parameters:
- Remote device reachability
- Round-trip delay in communication with the remote host
- Packet loss
Tracert:
Tracert is employed to verify network connectivity by examining the path of packets from the source to the destination. In the event of a network fault, tracert aids in pinpointing the issue. The determination of routes from a host to other hosts relies on ICMP timeout messages and destination unreachable messages. Additionally, tracert aids in assessing the delay of each hop on the IP network, classifying it into propagation delay, transmission delay, processing delay, and queuing delay.
NQA:
NQA is a real-time network performance measurement technology that gathers statistics on network information, such as delay, jitter, and packet loss rate. This facilitates real-time assessment of network service quality and efficient diagnosis of network faults, enhancing and extending the functionalities of ping and tracert through various ICMP messages.
- ICMP Test:
In an ICMP test, ICMP Echo Request and Echo Response messages are sent to evaluate destination reachability, calculating network response time and packet loss rate. This test provides detailed output information, offering insights into network performance and connectivity.
- ICMP Jitter Test:
This test computes delay, jitter, and packet loss rate using timestamps embedded in ICMP messages. Jitter is determined by subtracting the interval for sending two consecutive messages from the interval for receiving these messages.
- Trace Test:
NQA's trace test monitors the forwarding path from source to destination, collecting statistics such as delay for each device along the path. Similar to the tracert command, the trace test provides detailed output information, including average delay, packet loss rate, and the time of the last packet reception for each hop.