Internet Control Message Protocol (ICMP) Explained

Ping and traceroute explained
There are two very popular tools based on ICMP:

1. Ping: This effectively includes sending one or more ICMP echo requests to a target machine and then measuring the time taken to receive ICMP echo reply messages. The ping program contains a client interface to ICMP. It may be utilised by a user to verify that an end-to-end internet path is operational. The ping program also collects performance statistics (ie the measured round-trip time and the number of times the remote server fails to reply). Each time an ICMP echo reply message is received, the ping program displays a single line of text. The text printed by ping shows the received sequence number, and the measured round-trip time (in milliseconds). Each ICMP echo message contains a sequence number (starting at 0) that is incremented after each transmission, and a timestamp value indicating the transmission time.

2. Traceroute: This is a classic tool that helps to find the route taken by a packet while travelling from a source to a destination. It uses TTL (time-to-live counter) for its operation. The sender transmits ICMP echo requests with varying TTL values and listens to echo reply messages. Each router, afterprocessing the datagram, reduces the TTL. When TTL reaches zero, the router discards the datagram and an ‘ICMP time exceeded message’ is transmitted back. The route is determined by examining these time-exceeded messages sent by the intermediate routers. The traceroute program also contains a client interface to ICMP. Like the ping program, it may be used by a user to verify that an end-to-end internet path is operational, but also provides information on each of the intermediate systems (ie IP routers) to be found along the IP path from the sender to the receiver. Traceroute uses ICMP echo messages. These are addressed to the target IP address. The sender manipulates the TTL (hop count) value at the IP layer to force each hop in turn to return an error message.

FAQ
Why is ICMP considered such a critical protocol?
ICMP is a protocol within the TCP/IP stack that exists basically to provide control, troubleshooting and error messages. It is a network protocol that is very helpful in network management and administration. As a control protocol, it does not carry any application data, but information on the status of the network. Thus it will help in detecting the error, but will not do anything as far as the correction is concerned. It is thus regarded as an error-reporting and diagnostic utility. We need to understand that ICMP is not intended for use by applications. Ping and traceroute help the system administrator in their day-to-day activities and are regarded as the tools to count on in many situations. Apart from reporting errors in network platforms and checking the availability of remote hosts, ICMP can also be used to report whether the network is congested. ICMP messages are used by routers, intermediary devices or hosts to communicate updates or error information to other devices.

What is the relationship between IP and ICMP?
IP always focuses on core activities such as datagram packaging and routing, while ICMP provides critical support to IP in the form of ICMP messages. Various message types are defined in ICMP and these messages allow different type of information to be exchanged. ICMP messages are now used to implement a wide range of error-reporting, feedback and testing capabilities. ICMP messages can be categorised into two classes…

1. Error messages
These messages are used to provide feedback to a source device about an error that has occurred. Thus, they basically report error conditions.

2. Information messages
These messages are used to exchange information between the devices and perform testing. These messages are used for diagnostics purposes.