Internet Control Message Protocol (ICMP) is a network layer protocol that is primarily concerned with routing issues. With the help of this protocol, routers are able to send error or control information to their hosts. This protocol is of great help for system administrators, as it helps in testing for the connectivity and searching for the configuration errors in a network. Let us see an example of how ICMP facilitates the same.

When a router is not able to forward a datagram, it informs the original source about this error, and does not specify what action needs to be taken to overcome the error. It is up to the source to take necessary action in order to correct the problem. It is important to notice here that ICMP cannot be used to inform the intermediate routers when a problem occurs. This is basically because a datagram contains fields that specify the original source and the ultimate destination.

So when a router gets a datagram, it does not know the path taken by the datagram to arrive there. Instead of discarding a datagram when an error occurs, it informs the source from which the datagram originated. Hence the connectivity and configuration of network is easily tested.

ICMP packets are handled in the same way as any other data packet. However, ICMP packets do not include source and destination ports. A special signature called 'type of message' is included in these packets and this message type indicates the purpose of the ICMP packet. In fact, ICMP is essentially just a collection of predefined messages, each of which provide very specific functionality.

Let us have a look at some of ICMP messages.

ICMP echo request and echo reply messages: With the help of these two messages, one can determine whether a particular destination is reachable and responding. A host/router sends the echo request to a destination and the target machine formats a reply and sends it back to the sender. On many systems, the command users invoke to send ICMP echo request is Ping. These two messages serve as debugging tool for the networks.

Destination unreachable message: When a router fails to forward the datagram to the next router or deliver a datagram to the destination, it sends a destination unreachable message back to the original source. After sending this message, the router drops the corresponding datagram.

Source quench message: This message is used to report the situation of traffic congestion. A source quench message is a request to the source to reduce the rate at which it is transmitting the packets. When a host receives the source quench message from a target, it reduces its rate of transmission so that the destination can properly receive all the datagrams.

ICMP time exceeded message: Each datagram contains a time-to-live counter, which specifies how long that datagram can remain in the network. Each router decrements the time-to-live counter whenever it processes the datagram. When a router discards a datagram because its time-to-live counter is zero, it sends an ICMP time exceeded message to the source.

Thus it is clear that ICMP messages are sent in several situations. You need to understand that the purpose of ICMP messages is to give a feedback on the various problems in the network, and not to make IP reliable.

ICMP is connectionless because it does not require hosts to handshake before establishing a connection. Although ICMP messages are invaluable for troubleshooting the networks, you should be aware that hackers find ICMP messages equally useful. Because hackers can use ICMP messages to gain information about a network or to actually harm a network, many companies restrict devices from transmitting specific ICMP messages across their connection to the Internet. If your company's security policy does not cover ICMP messages, you may want to revise it to include such a restriction

ICMP is an example of a client-server application. As we saw earlier, this protocol is used to report problems with delivery of IP datagrams within a network. It can be used to show when a network can not be reached, when a node is overloaded, when an error occurs in the information the IP header contains, and so on.

There are two very popular tools based on ICMP.

Ping: This effectively includes sending one or more ICMP echo requests to a target machine and then measuring the time taken to receive ICMP echo reply messages.

Trace route: This is a classic tool that helps to find the route taken by a packet while traveling from a source to a destination. It uses TTL (Time To Live counter) for its operation. The sender transmits ICMP echo requests with varying TTL values and listens to echo reply messages. Each router, after processing the datagram, decrements the TTL. When TTL reaches zero, the router discards the datagram and 'ICMP time exceeded message' is transmitted back. The route is determined by examining these time-exceeded messages sent by the intermediate routers.