ICMP type is the first 8 bits in the ICMP message header. It provides a brief explanation of what the message is for so the receiving network device knows why it is getting the message and how to treat it.
For example, a Type 8 Echo is a query a host sends to see if a potential destination system is available. Upon receiving an Echo message, the receiving device might send back an Echo Reply (Type 0), indicating it is available.
Here are the widely used ICMP types:
- Type 0 — Echo reply
- Type 3 — Destination unreachable
- Type 8 — Echo
- Type 5 — Redirect
Internet Assigned Numbers Authority (IANA) provides a list of all message types ICMP packets use.
Table of Contents
ICMP Packet Structure
ICMP (Internet Control Message Protocol) is a protocol used by network devices, such as routers and hosts, to communicate error messages and operational information about the network.
It is an integral part of the Internet Protocol (IP) suite and is used by various network diagnostic tools such as ping, traceroute, and pathping.
ICMP messages are typically used for network troubleshooting and management, helping to identify and resolve issues related to network connectivity, packet loss, and latency.
In this part, we will explore ICMP in detail, including its message format, types, and examples of how it is used in practice.
ICMP is part of IP, and it relies on IP to transmit its messages. ICMP contains a relatively small header that changes depending on its purpose. The ICMP header contains the following fields:
- Type The type or classification of the ICMP message, based on the RFC specification
- Code The subclassification of the ICMP message, based on the RFC specification
- Checksum Used to ensure that the contents of the ICMP header and data are intact upon arrival
- Variable A portion that varies depending on the Type and Code fields
Let’s see an example of ICMP packet.
00 0c 29 f8 1c 7c 00 0c 29 23 c1 05 08 00 45 00
00 3c 02 04 00 00 80 01 6a 2e c0 a8 01 01 c0 a8
01 02 08 00 28 b6 7c 01 00 00 00 00 09 00 00 00
00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a
1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a
2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
This is a hexadecimal dump of the packet. ICMP packets are often used for diagnostic or error reporting purposes in networking.
In this example, the packet contains the following fields:
| Header | Value |
|---|---|
| Ethernet | Source MAC address: 00 0c 29 f8 1c 7c |
| Destination MAC address: 00 0c 29 23 c1 05 | |
| IP | Source IP address: 192.168.1.1 |
| Destination IP address: 192.168.1.2 | |
| ICMP | Type: 8 (echo request) |
| Code: 0 | |
| Checksum: 28 b6 | |
| Payload | 00 00 00 00 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b |
| 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f | |
| 30 31 32 33 34 35 36 37 |
ICMP Type and ICMP Codes
Each ICMP Type can have 1 or more Codes related to it.
For example the Type 0 has only 1 Code, but Type 3 has 16 Codes — Type 3 is Destination Unreachable, Destination could be unreachable due to any of the reasons mentioned in the 16 Codes corresponding to this Type starting from 0 to 15.
| ICMP Message Type and Code | Description |
|---|---|
| Type 8, Code 0; Type 0, Code 0 | Echo request and Echo reply |
| Type 3, various codes | Destination unreachable |
| Type 11, Code 0; Type 11, Code 1 | Time exceeded |
| Type 5, various codes | Redirect message |
| Type 12, various codes | Parameter problem |
Capture ICMP Type Echo Request Packets
we can use this tcpdump command to filter all ICMP packets. We use eth0 network interface in all our examples. Please change it based on the environment.
# tcpdump -i eth0 icmp
To filter ICMP echo-requests, we can use this tcpdump command.
# tcpdump -i eth0 “icmp[0] == 8”
These are the packets we get captured with tcpdump command.
14:37:14.555295IP10.79.101.23>108.177.125.101:ICMP echo request, id 61205, seq 0, length 64
Capture ICMP Type Echo Reply Packets
To filter ICMP echo reply requests, we can use this tcpdump command.
# tcpdump -i eth0 “icmp[0] == 0”
These are the packets we get captured with tcpdump command.
21:05:51.164467 IP 66.114.168.201 > 10.79.102.71: ICMP echo reply, id 16790, seq 203, length 64
Related:
Exploring ICMP Protocol with Examples
Understanding Ping Command and ICMP with Examples