Cook Computing

ICMP Protocol

June 8, 2004 Written by Charles Cook

I was ashamed a few days ago to realize that I don't know all that much about how the Internet works. A support issue came in where one server was failing to ping another server using the ICMP protocol (using the ping as a preliminary check that the target server was alive before connecting via MAPI). The support person asked me "Do ICMP pings use specific ports?". I had to some research to find out the answer. This page has some discussion on the same question:

Discussing a port is typically something associated with TCP or UDP traffic. ICMP traffic is neither of these and hence in terms of icmp, there is no such thing as port 0 as part of the protocol itself. Instead, there are ICMP type and codes that define the purpose of the icmp packet. That being said, an ICMP packet can be used to report ont he status of a TCP or UDP port 0, such as with a type 3:code 3 packet notifying a host that a specified port is unreachable. Note that ICMP is IP protocol 1.

So, an echo request is not about a port. It is about whether or not the icmp packet being sent is able to make it to the destination host, that host is up, and icmp echo requests are permitted and processed. Note that it is possible for a response to be recieved to an icmp packet even if a host is down. A router that is locally attached to the subnet of the target host might respond telling you the desintation is unreachable for various reasons. Additionally, routers between your host and the destination host could respond notifying that the communication is administraively prohibited (such as icmp packets being blocked in an acl).

Under normal circumstances you send an echo request and expect an echo reply. If you send an echo request and recieve nothing in return, you can asume several things... The destination host does not exist or is powered off. Also, it's possible the icmp packets are blocked and configured to provide no response indicating a reason. Also, there could be a problem with routes between you and the destination host that prevents the traffic from making it to the destination or back and no ttl exceeded message was sent.... the list goes on..

and this page has an overview of ICMP:

Internet Control Message Protocol (ICMP), documented in RFC 792, is a required protocol tightly integrated with IP. ICMP messages, delivered in IP packets, are used for out-of-band messages related to network operation or mis-operation. Of course, since ICMP uses IP, ICMP packet delivery is unreliable, so hosts can't count on receiving ICMP packets for any network problem. Some of ICMP's functions are to:

Announce network errors, such as a host or entire portion of the network being unreachable, due to some type of failure. A TCP or UDP packet directed at a port number with no receiver attached is also reported via ICMP.

Announce network congestion. When a router begins buffering too many packets, due to an inability to transmit them as fast as they are being received, it will generate ICMP Source Quench messages. Directed at the sender, these messages should cause the rate of packet transmission to be slowed. Of course, generating too many Source Quench messages would cause even more network congestion, so they are used sparingly.

Assist Troubleshooting. ICMP supports an Echo function, which just sends a packet on a round--trip between two hosts. Ping, a common network management tool, is based on this feature. Ping will transmit a series of packets, measuring average round--trip times and computing loss percentages.

Announce Timeouts. If an IP packet's TTL field drops to zero, the router discarding the packet will often generate an ICMP packet announcing this fact. TraceRoute is a tool which maps network routes by sending packets with small TTL values and watching the ICMP timeout announcements.

I really should refresh my knowledge of the fundamentals of IP networking.