Internet Control Message Protocol ICMP is the bookeeping protocol of the Internet.
Defined by RFC 792.
There are broadly two types of ICMP messages. Connection related ("Error") messages, and standalone ICMP messages.
ICMP Packet Types Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being received.
"Error" ICMP packets These are used to convey information about another packet sent. Whenever a packet or a connection has problems on the IP layer (and sometimes even higher), these are reported using an ICMP error packet.
Typical messages seen on the internet:
Time to live expired (mostly seen during traceroutes) - type 11 code 0
Fragmentation needed but don't fragment set - type 3 code 4 (see below)
Port unreachable (UDP connection to non-listening port) - type 3 code 3
In order to identify the connection/packet on which error ICMPs are sent, several bytes of the original packet are quoted inside the error packet. The RFC calls for quoting the entire IP header + 64bit (8 bytes) of the original packet's layer 4. For offending TCP/IP and UDP packets, this is enough to get the IP protocol, source IP, destination IP, and the source and destination ports, which is usually enough information to identify the offending connection. This is also used by some state keeping firewalls to pass the ICMP without an explicit rule allowing ICMP, based on it's relevance for the connection.
Standalone ICMP packets These are packets that are potentially unrelated to any other connection. They mean to perform an operation in and on themselves. These packets are usually defined in pairs, where one is the "request", and the other is the "response".
Typical messages seen on the internet:
Echo request/reply (Ping) - type 8 (request) and type 0 (reply)
Typically, the response message has a type that is one more than the request message. The noteable exception to this rule is the "echo request" message (aka "ping"), that is type 8, while the echo reply message is type 0.
Common ICMP related connectivity problems Tunneled connections, such as ADSL PPPoE or PPTP connections, typically lower the maximum transfer unit MTU. This means a packet needs to be fragmented in order to fit the narrower pipe of the tunneled connection. Many hosts employ an algorithm called "path MTU discovery", or PMTU. This algorithm relies heavilly on dropped packets being reported using the ICMP "Fragmentation needed but don't fragment set" message (type 3 code 4). Sadly, some over-eager firewall admins block all ICMP messages, type 3 code 4 included. This results in attempts to download large files/email to hang indefenitely, as big packets are repeatedly sent, repeatedly dropped, and the ICMP that reports this drop is dropped as well. Worse, this problem only happend with some sites, as the problem is really not on the user's end at all.
The way to deal with this problem is to decrease the maximum segment size MSS advertised on the initial TCP/IP SYN packet. This can be achieve by either configuring the firewall that does the NAT (clamp MSS in IPTables), or by setting each machine's MTU to match that of the ADSL (1450 is a good value for ethernet based home networks).
Credits and copyright This entry was written by Shachar Shemesh, and may be distributed under the terms of the GFDL
ICMP types and codes table ICMP TYPE NUMBERS
The Internet Control Message Protocol (ICMP) has many messages that
are identified by a "type" field.
Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
4 Source Quench [RFC792]
5 Redirect [RFC792]
6 Alternate Host Address [JBP]
7 Unassigned [JBP]
8 Echo [RFC792]
9 Router Advertisement [RFC1256]
10 Router Selection [RFC1256]
11 Time Exceeded [RFC792]
12 Parameter Problem [RFC792]
13 Timestamp [RFC792]
14 Timestamp Reply [RFC792]
15 Information Request [RFC792]
16 Information Reply [RFC792]
17 Address Mask Request [RFC950]
18 Address Mask Reply [RFC950]
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
37 Domain Name Request [Simpson]
38 Domain Name Reply [Simpson]
39 SKIP [Markson]
40 Photuris [Simpson]
41-255 Reserved [JBP]
Many of these ICMP types have a "code" field. Here we list the types
again with their assigned code fields.
Type Name Reference
---- ------------------------- ---------
0 Echo Reply [RFC792]
Codes
0 No Code
1 Unassigned [JBP]
2 Unassigned [JBP]
3 Destination Unreachable [RFC792]
Codes
0 Net Unreachable
1 Host Unreachable
2 Protocol Unreachable
3 Port Unreachable
4 Fragmentation Needed and Don't Fragment was Set
5 Source Route Failed
6 Destination Network Unknown
7 Destination Host Unknown
8 Source Host Isolated
9 Communication with Destination Network is
Administratively Prohibited
10 Communication with Destination Host is
Administratively Prohibited
11 Destination Network Unreachable for Type of Service
12 Destination Host Unreachable for Type of Service
13 Communication Administratively Prohibited [RFC1812]
14 Host Precedence Violation [RFC1812]
15 Precedence cutoff in effect [RFC1812]
4 Source Quench [RFC792]
Codes
0 No Code
5 Redirect [RFC792]
Codes
0 Redirect Datagram for the Network (or subnet)
1 Redirect Datagram for the Host
2 Redirect Datagram for the Type of Service and Network
3 Redirect Datagram for the Type of Service and Host
6 Alternate Host Address [JBP]
Codes
0 Alternate Address for Host
7 Unassigned [JBP]
8 Echo [RFC792]
Codes
0 No Code
9 Router Advertisement [RFC1256]
Codes
0 No Code
10 Router Selection [RFC1256]
Codes
0 No Code
11 Time Exceeded [RFC792]
Codes
0 Time to Live exceeded in Transit
1 Fragment Reassembly Time Exceeded
12 Parameter Problem [RFC792]
Codes
0 Pointer indicates the error
1 Missing a Required Option [RFC1108]
2 Bad Length
13 Timestamp [RFC792]
Codes
0 No Code
14 Timestamp Reply [RFC792]
Codes
0 No Code
15 Information Request [RFC792]
Codes
0 No Code
16 Information Reply [RFC792]
Codes
0 No Code
17 Address Mask Request [RFC950]
Codes
0 No Code
18 Address Mask Reply [RFC950]
Codes
0 No Code
19 Reserved (for Security) [Solo]
20-29 Reserved (for Robustness Experiment) [ZSu]
30 Traceroute [RFC1393]
31 Datagram Conversion Error [RFC1475]
32 Mobile Host Redirect [David Johnson]
33 IPv6 Where-Are-You [Bill Simpson]
34 IPv6 I-Am-Here [Bill Simpson]
35 Mobile Registration Request [Bill Simpson]
36 Mobile Registration Reply [Bill Simpson]
39 SKIP [Markson]
40 Photuris [Simpson]
Code
0 Reserved
1 unknown security parameters index
2 valid security parameters, but authentication failed
3 valid security parameters, but decryption failed
===================================================================
REFERENCES
[RFC792] Postel, J., "Internet Control Message Protocol", STD 5,
RFC 792, USC/Information Sciences Institute, September 1981.
[RFC950] Mogul, J., and J. Postel, "Internet Standard Subnetting
Procedure", STD 5, RFC 950, Stanford, USC/Information
Sciences Institute, August 1985.
[RFC1108] Kent, S., "U.S. Department of Defense Security Options for
the Internet Protocol", RFC 1108, November 1991.
[RFC1256] Deering, S., Editor, "ICMP Router Discovery Messages", RFC
1256, Xerox PARC, September 1991.
[RFC1393] Malkin, G., "Traceroute Using an IP Option", RFC 1393,
Xylogics, Inc., January 1993.
[RFC1475] Ullmann, R., "TP/IX: The Next Internet", RFC 1475, Process
Software Corporation, June 1993.
[RFC1812] Baker, F., "Requirements for IP Version 4 Routers", RFC
1812, Cisco Systems, June 1995.
PEOPLE
[JBP] Jon Postel, , September 1995.
[David Johnson]
[Markson] Tom Markson, , September 1995.
[Simpson] Bill Simpson, , October 1995.
[Solo]
[ZSu] Zaw-Sing Su
| | |