What is ICMP ~ Difference from layer and TCP, about how to use ~

What is ICMP

ICMP stands for Internet Control Message Protocol , it is a protocol to support IP communication that checks the communication state and returns error information when there is a problem. It operates using IP, but it is the same layer 3 protocol as IP.

ICMP is the protocol number 1 in the IP header, and unlike TCP (protocol number 6) and UDP (protocol number 17), there is no concept of port number.Instead, there is a type number and a code number.

How ICMP is used

Echo Request (Type 8) / Echo Reply (Type 0)

The most famous are Ping request [Echo Request] and Ping response [Echo Reply] , which specifies the destination IP address, sends a Ping request, and returns a Ping response to the sender if it can reach that destination.You can evaluate that it functions as an IP network if it returns to the source.


Destination Unreachable (Type3)

If the specified destination can not be reached, the message returned differs depending on the cause.

For example, [Destination Unreachable] will return if communication is not possible.[Destination Unreachable] is Network Unreachable (code0) and Host Unreachable (code 1), each code has an individual Code.Even if they are not only for ICMP echo but also for TCP communication and UDP communication, if they are communicating by IP address and communication to the target IP address is impossible, communication can not be made ICMP is returned by the determined NW device or host.(In the case of a host, there may be settings that you do not intentionally return for security reasons)


The source IP is the "IP of the interface that will be NextHop to Host A" of the NW device (or host) that generates ICMP.

Time Exceeded (Type 11)

A message generated by an NW device that attempted to route a packet with a TTL of 1 due to a routing loop occurrence or too many relay devices.If you ping at the Windows command prompt and TTL becomes 0, [TTL Expired] will be displayed.


IP redirect (Type 5)

There is also a function called "Redirect" to change NextHop to the optimum one.For example, consider the case of the following NW configuration.


Host A will throw a packet to to router A which is a DGW. Router A looks at the routing table and transfers it to Router B. At this time, the IP of the receiving interface and IP of Next Hop are the same segment.

In this case, it is more efficient for Host A to send to communication to Router B than to send it to Router A of DGW. So Router A will notify you by "Redirect".

Having received the notification, host A places the route information in its own routing table and forwards it to router B from the next time on.

If you want to disable this function, you can either deny it on the terminal side FW (deny by default on Windows Firewall) or disable on the router side ("no ip redirects" on Cisco).


Copied title and URL