Internet Control Message Protocol (ICMP) is one of the fundamental systems that makes the Internet work. Network devices like routers use ICMP to generate error messages when encountering network issues. Unlike TCP and UDP, ICMP doesn’t require handshakes or formal connections. Instead, ICMP messages consist of type and code fields. ICMP uses types and codes to identify the specific notification it is sending. These message types are often seen when using popular network diagnostic tools such as ping or traceroute.
Table of Contents
Error Messages
ICMP is an important system that helps keep the Internet running smoothly by sending error messages when network issues prevent IP packets from reaching their destinations. These error messages can help administrators troubleshoot network issues. It is such as finding out why a specific host or port might not be reachable. ICMP provides crucial diagnostic information, such as the round-trip time. It takes to send an IP datagram from one host to another.
ICMP types and codes are classified into Query Messages and Error-Reporting Messages. Each ICMP type and code is defined by the Internet Assigned Numbers Authority. For example, a router can send an ICMP echo request or a reply message (Type 8 and Code 0) to see if a network device is available. The ping command also uses this mechanism to test connectivity between network devices.
However, if the destination host or network device is unreachable, a router can report this issue using different ICMP error messages. For example, the ICMP destination unreachable message (Type 4 and Code 4) can indicate that the network device or the source router is down. On the other hand, if a router finds that an incoming packet is too large for its system, it can send a message to the sender machine indicating that the message size is too big (Type 6 and Code 2). Other ICMP error messages include:
- The time-exceeded message (Type 11 and Code 0) indicates that the datagram’s time-to-live value has expired.
- The parameter problem message (Type 12 and Code 3) tells a host or a router that the parameters are incorrect.
- The redirection message (Type 5 or 137).
These error messages are vital to cybersecurity because they can help you identify security vulnerabilities in your network.
Query Messages
ICMP designed to report errors between devices connected to the Internet. It also helps to assess network performance. It does this through query messages. A query message contains two things: the type and the code. The type defines what kind of error the message is reporting, while the code breaks it down further. Query messages allow network managers to get specific information from routers and hosts. For example, if a host sends a ping command to another host, the echo-request and echo-reply messages will help network administrators see whether the other host is alive.
It is a timestamp request and a reply message can be used to synchronize the clocks of computers. A time-exceeded message is sent by a router with a destination host that doesn’t receive all datagram fragments within a specific time. This is useful for detecting routing loops in large networks.
Timestamp Request and Reply
A timestamp is an event’s current date and time that a computer records on its system. Using mechanisms like Network Time Protocol, computers can maintain accurate, current time calibrated to within minutes and fractions of a second. A network router can use ICMP timestamp requests and replies to synchronize the system clocks of devices on the same network. This is done so that when a packet is sent from one router to another, the other device can know where it came from and when. A trusted time stamp can be used with code and digital signatures to verify that the signed information existed when it was signed, even if the file has been modified since. This is accomplished by applying the timestamp to the original file and comparing it with the original hash of the signature.
The ICMP Timestamp Request and Timestamp Reply messages allow network routers to synchronize their system clocks for date and time. To do so, a router sends a Timestamp Request message to another device, which replies with a Timestamp Reply. Upon receiving the reply, the first device adjusts its clock by the time it takes for the query to travel back and forth over the network. This timing synchronization method use to help analyze network latency. ICMP has also developed other error-reporting messages for routers and hosts that don’t work as intended.
Time-to-live Messages
The TTL field is a time counter that limits how long a data packet can exist on the Internet. The datagram’s sender sets it, reduces every router it passes through on its way to the destination. The TTL reaches zero before the datagram reaches its destination. It is discarded, and an error message (type 11 – Time Exceeded) is sent back to the sender. This prevents a datagram from circulating forever in the network, which would cause a tremendous amount of congestion and decrease performance. ICMP uses its packet structure to convey errors and status information about network devices instead of inserting them inside the data-carrying IP packets. It include a 4-byte header with an 8-bit type field identifying the ICMP message and an 8-bit code field containing additional context information. ICMP offers several benefits to cybersecurity, including security event logging and alerting, device management, and more.