Internet Control Message Protocol (ICMP) is an error reporting anddiagnostic utility and is considered a required part of any IPimplementation. Understanding ICMP and knowing what can possibly generatea specific type of ICMP is useful in diagnosing network problems.
ICMPs are used by routers, intermediary devices, or hosts to communicateupdates or error information to other routers, intermediary devices, orhosts.
Each ICMP message contains three fields that define its purpose andprovide a checksum. They are TYPE, CODE, and CHECKSUM fields. The TYPEfield identifies the ICMP message, the CODE field provides furtherinformation about the associated TYPE field, and the CHECKSUM provides amethod for determining the integrity of the message.
The TYPES defined are:
TYPE Description---- -----------0 Echo Reply3 Destination Unreachable4 Source Quench5 Redirect Message8 Echo Request11 Time Exceeded12 Parameter Problem13 Timestamp Request14 Timestamp Reply15 Information Request (No Longer Used)16 Information Reply (No Longer Used)17 Address Mask Request18 Address Mask Reply
Echo Request & Echo Reply
This is the ICMP most used to test IP connectivity commonly known as PING.The Echo Request ICMP will have a Type field of 8 and a Code field of 0.Echo Replies have a Type field of 0 and a Code field of 0.
When a packet is undeliverable, a Destination Unreachable, Type 3, ICMP isgenerated. Type 3 ICMPs can have a Code value of 0 to 15:
Type 3CodeValue Description----- -----------0 Network Unreachable1 Host Unreachable2 Protocol Unreachable3 Port Unreachable4 Fragmentation needed and DF (Don't Fragment) set5 Source route failed6 Destination Network unknown7 Destination Host unknown8 Source Host isolated9 Communication with Destination Network Administratively Prohibited10 Communication with Destination Host Administratively Prohibited11 Network Unreachable for Type Of Service12 Host Unreachable for Type Of Service13 Communication Administratively Prohibited by Filtering14 Host Precedence Violation15 Precedence Cutoff in Effect
An ICMP Source Quench message has a Type field of 4 and Code 0. SourceQuench messages are sent when the destination is unable to process trafficas fast as the source is sending it. The Source Quench ICMP tells thesource to cut back the rate at which it is sending data. The destinationwill continue to generate Source Quench ICMPs until the source is sendingat an acceptable speed.
An intermediary device will generate an ICMP Redirect Message when itdetermines that a route being requested can be reached either locally orthrough a better path. Redirect Message ICMPs are Type 5 and are furtherdefined by the following Code field values:
Type 5CodeValue Description----- -----------0 Redirect datagrams for the Network1 Redirect datagrams for the Host2 Redirect datagrams for the Type of Service and Network3 Redirect datagrams for the Type of Service and Host
If a router or host discards a packet due to a time-out, it will generatea Time Exceeded Type 11 ICMP. The Time Exceeded ICMP will have a Codevalue of either 0 or 1. A Code 0 is generated when the hop count of adatagram is exceeded and the packet is discarded. A Code 1 is generatedwhen the reassemble of a fragmented packet exceeds the time-out value.
When an intermediary device or host discards a datagram due to inabilityto process, an ICMP 12 is generated. Common causes of this ICMP arecorrupt header information or missing options. If the reason for the ICMPis a required missing option, the ICMP will have a Code value of 1. If theCode value is 0, the Pointer field will contain the octet of the discardeddatagram's header where the error was detected.
Timestamp Request & Timestamp Reply
Timestamp Request and Timestamp Reply is a rudimentary method forsynchronizing the time maintained on different devices. The Request has aType field of 13 and the Reply is Type 14. This method for timesynchronization is crude and unreliable. Therefore, it is not heavilyused.
Information Request & Information Reply
These ICMP types were originally designed to allow a booting host todiscover an IP address. This method is obsolete and is no longer used.Most common methods for IP address discovery are BOOTP (bootstrapprotocol) and DHCP (dynamic host configuration protocol). BOOTP is definedby RFC1542, and DHCP is defined by RFC1541. For information aboutMicrosoft's implementation of DHCP, please see the following MicrosoftKnowledge Base article:
DHCP (Dynamic Host Configuration Protocol) Basics
Address Mask Request & Address Mask Reply
A booting computer to determine the subnet mask in use on the localnetwork uses the Address Mask Request ICMP Type 17. An intermediary deviceor computer acting as an intermediary device will reply with a Type 18ICMP Address Mask Reply ICMP.
For more information about ICMP, see RFC950, RFC792, and RFC1122.
RFCs may be obtained via the Internet as follows:
Paper copies of all RFCs are available from the NIC, either individuallyor on a subscription basis (for more information, contactNIC@NIC.DDN.MIL
). Online copies are available via FTP or Kermit fromNIC.DDN.MIL as rfc/rfc####.txt or rfc/rfc####.PS (#### is the RFC numberwithout leading zeros).