Definition of Internet Control Message Protocol (ICMP) in Network Encyclopedia.
What is Internet Control Message Protocol (ICMP)?
ICMP stands for Internet Control Message Protocol is a TCP/IP network layer protocol used by routers and TCP/IP hosts for building and maintaining routing tables, adjusting data flow rates, and reporting errors and control messages for TCP/IP network communication. Internet Control Message Protocol (ICMP) is defined in Request for Comments (RFC) 792.
What is ICMP (Internet Control Message Protocol)?
ICMP uses connectionless Internet Protocol (IP) datagrams of various types for communicating control messages between hosts and routers on a TCP/IP network.
The more common ICMP packets include the following:
- Echo Reply (ICMP type 0): The ping command uses this packet type to test TCP/IP connectivity.
- Destination Unreachable (ICMP type 3): Indicates that the destination network, host, or port cannot be reached.
- Source Quench (ICMP type 4): Routers send this packet type when they cannot process IP traffic as fast as it is sent. A Source Quench message essentially means, “Slow down!” A Microsoft Windows NT or Windows 2000 host can respond to a Source Quench message by slowing down its rate of data transmission.
- Redirect Message (ICMP type 5): Used to redirect the host to a different network path. This message essentially tells the router to override the entry in its internal routing table for this packet.
- Echo Request (ICMP type 8): The ping command uses this packet type to test TCP/IP connectivity.
- Time Exceeded (ICMP type 11): Indicates that the Time to Live (TTL) has been exceeded because of too many hops. The tracert command uses this message to test a series of routers between the local and remote hosts.
Source Quench messages
When a multihomed machine running Windows NT is used as a router, it does not send Source Quench messages to the transmitting hosts if data is being received too quickly. Instead, it simply discards packets that can’t be buffered and processed.
ICMP and denial of service attack
ICMP redirects can modify a router’s routing table, so sometimes hackers try to subvert routers by issuing forged ICMP redirects in order to perform a denial of service attack.
ICMP redirects are usually sent by routers only if all the following conditions occur:
- The router is configured to generate ICMP redirects.
- The incoming router interface for the packet is the same as the outgoing router interface.
- The subnet of the source IP address is identical to the next-hop IP address.
- The IP datagram is not source routed.