Inter Control Message Protocol (ICMP): ICMP is a protocol used primarily to display alerts, errors, and general information in an IP network, it is used by network devices to update other devices (also accessed via the ping command) to report information about the communication. Something to keep in mind is that ICMP does not is not a transport protocol, as such it won’t transfer any user data from end to end. ICMP is divided in in Types, which are the specific functions the protocol carries out, and each Type has its own codes, which are the represent a specific function within the type.

For example, ICMP Type 3 is: Destination unreachable. There are many reasons why a destination could be unreachable, the protocol then uses Codes to tell us the reason why the attempted communication came back with a Type 3. There are sixteen codes for Type 3, from code 0 to code 15, and each represents a possible error in the communication.

ICMP is used by various tools, including ping and traceroute commands. It’s important to understand that the ping command will display displays a “generic message” indicating the result of the attempted communication but it does not show the exact type and code that will give you a more realistic view of the communication status. To view the protocol information you need to use a protocol analyzer, you can use wireshark to analyze protocols, including ICMP.

Let’s go over a few examples using wireshark.

In the first example is simply using the ping command to test network connectivity to another host, in our case the host is in the same subnet.

Notice how on Figure 1 I used the ping command to ping a computer with IP address 172.16.5.82. The connection was successful as you can see by the replies, we’ll continue exploring the ICMP Types and Codes in wireshark.

Figure 1, successful ping command result.

Now let’s look at Figure 2, in it you can see how wireshark displays the ICMP information, including the Type and Code. In this case we see that the first ICMP packet reports a Type 8 Code 0 which represent an Echo (ping) request. In other words, is like my computer shouting at the other computer saying: are [if gte vml 1]><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f"> <v:stroke joinstyle="miter"></v:stroke> <v:formulas> <v:f eqn="if lineDrawn pixelLineWidth 0"></v:f> <v:f eqn="sum @0 1 0"></v:f> <v:f eqn="sum 0 0 @1"></v:f> <v:f eqn="prod @2 1 2"></v:f> <v:f eqn="prod @3 21600 pixelWidth"></v:f> <v:f eqn="prod @3 21600 pixelHeight"></v:f> <v:f eqn="sum @0 0 1"></v:f> <v:f eqn="prod @6 1 2"></v:f> <v:f eqn="prod @7 21600 pixelWidth"></v:f> <v:f eqn="sum @8 21600 0"></v:f> <v:f eqn="prod @7 21600 pixelHeight"></v:f> <v:f eqn="sum @10 21600 0"></v:f> </v:formulas> <v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"></v:path> <o:lock v:ext="edit" aspectratio="t"></o:lock> </v:shapetype><v:shape id="Picture_x0020_2" o:spid="_x0000_s1026" type="#_x0000_t75" style='position:absolute;margin-left:-1.5pt;margin-top:34.45pt;width:426pt; height:217.65pt;z-index:251659264;visibility:visible;mso-wrap-style:square; mso-width-percent:0;mso-height-percent:0;mso-wrap-distance-left:9pt; mso-wrap-distance-top:0;mso-wrap-distance-right:9pt; mso-wrap-distance-bottom:0;mso-position-horizontal:absolute; mso-position-horizontal-relative:margin;mso-position-vertical:absolute; mso-position-vertical-relative:text;mso-width-percent:0;mso-height-percent:0; mso-width-relative:margin;mso-height-relative:margin'> <v:imagedata src="file:///C:\Users\admin\AppData\Local\Temp\msohtmlclip1\01\clip_image001.png" o:title="type 8 code 0"></v:imagedata> <w:wrap type="through" anchorx="margin"></w:wrap> </v:shape><![endif][if !vml][endif]you there, are you there?

Figure 2, Type 8 Code 0

Figure 3 shows the response from other computer, represented on the second packet, shows a Type 0 Code 0. It’s like the computer responding to my first request of: are you there? With a response of: yes I am here. That answer, again, is represented by the Type 0 Code 0.

Figure 3, Type 0 Code 0

Want to learn more about ICMP Types and Codes? Great, here's IANA's official link that will satisfy your tech reading cravings or will put you to sleep in 5 minutes. All joking aside, understanding the ICPM Types and Codes will you troubleshoot network, below are the most common messages and the meaning, I usually have bookmarked for references.

Type 3 - Destination Unreachable.

Code 0: Net Unreachable

Code 1: Host Unreachable

Code 2: Protocol Unreachable

Code 3: Port Unreachable

Code 4: Fragmentation needed

Code 5: Source Route Failed

Code 6: Destination network unknown

Code 7: Destination host unknown

Code 8: Source host isolated

Code 9: Communication with destination network is administratively prohibited.

Code 10: Communication with destination host is administratively prohibited.

Code 11: Destination network unreachable for type or service.

Code 12: Destination host unreachable for type or service.

Code 13: Communication administratively prohibited.

Code 14: Host precedence violation.

Code 15: Precedence cutoff in effect.

Type 5 - Redirect Codes

Code 0: Redirect datagram for network.

Code 1: Redirect datagram for host.

Code 2: Redirect datagram for the type of service and network.

Code 3: Redirect datagram for the type of service and host.

________________________________________________________________________________

We are PreciseTek, a network support company in Manhattan providing network and information security services to businesses and organizations in NYC and Northern NJ. We specialize in Wireless Network designs, network solutions, and firewall implementations. You can find more about our services and solutions by visiting www.precisetek.com.