Internet Control Message Protocol (ICMP) Basics

SUMMARY
 
Internet Control Message Protocol (ICMP) is an error reporting and diagnostic utility and is considered a required part of any IP implementation. Understanding ICMP and knowing what can possibly generate a specific type of ICMP is useful in diagnosing network problems.
 
MORE INFORMATION
 
ICMPs are used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts.

Each ICMP message contains three fields that define its purpose and provide a checksum. They are TYPE, CODE, and CHECKSUM fields. The TYPE field identifies the ICMP message, the CODE field provides further information about the associated TYPE field, and the CHECKSUM provides a method for determining the integrity of the message.

The TYPES defined are:
 
TYPE      Description
-----      ----------
  0         Echo Reply
  3         Destination Unreachable
  4         Source Quench
  5         Redirect Message
  8         Echo Request
 11        Time Exceeded
 12        Parameter Problem
 13        Timestamp Request
 14        Timestamp Reply
 15        Information Request (No Longer Used)
 16        Information Reply (No Longer Used)
 17        Address Mask Request
 18        Address Mask Reply

Echo Request & Echo Reply

This is the ICMP most used to test IP connectivity commonly known as PING. The Echo Request ICMP will have a Type field of 8 and a Code field of 0. Echo Replies have a Type field of 0 and a Code field of 0.

Destination Unreachable

When a packet is undeliverable, a Destination Unreachable, Type 3, ICMP is generated. Type 3 ICMPs can have a Code value of 0 to 15: 
Type 3
Code
Value   Description
-----   -----------
0       Network Unreachable
1       Host Unreachable
2       Protocol Unreachable
3       Port Unreachable
4       Fragmentation needed and DF (Don't Fragment) set
5       Source route failed
6       Destination Network unknown
7       Destination Host unknown
8       Source Host isolated
9       Communication with Destination Network Administratively Prohibited
10      Communication with Destination Host Administratively Prohibited
11      Network Unreachable for Type Of Service
12      Host Unreachable for Type Of Service
13      Communication Administratively Prohibited by Filtering
14      Host Precedence Violation
15      Precedence Cutoff in Effect

Source Quench

An ICMP Source Quench message has a Type field of 4 and Code 0. Source Quench messages are sent when the destination is unable to process traffic as fast as the source is sending it. The Source Quench ICMP tells the source to cut back the rate at which it is sending data. The destination will continue to generate Source Quench ICMPs until the source is sending at an acceptable speed.

Redirect Message

An intermediary device will generate an ICMP Redirect Message when it determines that a route being requested can be reached either locally or through a better path. Redirect Message ICMPs are Type 5 and are further defined by the following Code field values: 
Type 5
Code
Value   Description
-----   -----------
0       Redirect datagrams for the Network
1       Redirect datagrams for the Host
2       Redirect datagrams for the Type of Service and Network
3       Redirect datagrams for the Type of Service and Host

Time Exceeded

If a router or host discards a packet due to a time-out, it will generate a Time Exceeded Type 11 ICMP. The Time Exceeded ICMP will have a Code value of either 0 or 1. A Code 0 is generated when the hop count of a datagram is exceeded and the packet is discarded. A Code 1 is generated when the reassemble of a fragmented packet exceeds the time-out value.

Parameter Problem

When an intermediary device or host discards a datagram due to inability to process, an ICMP 12 is generated. Common causes of this ICMP are corrupt header information or missing options. If the reason for the ICMP is a required missing option, the ICMP will have a Code value of 1. If the Code value is 0, the Pointer field will contain the octet of the discarded datagram's header where the error was detected.

Timestamp Request & Timestamp Reply

Timestamp Request and Timestamp Reply is a rudimentary method for synchronizing the time maintained on different devices. The Request has a Type field of 13 and the Reply is Type 14. This method for time synchronization is crude and unreliable. Therefore, it is not heavily used.

Information Request & Information Reply

These ICMP types were originally designed to allow a booting host to discover an IP address. This method is obsolete and is no longer used. Most common methods for IP address discovery are BOOTP (bootstrap protocol) and DHCP (dynamic host configuration protocol). BOOTP is defined by RFC1542, and DHCP is defined by RFC1541. For information about Microsoft's implementation of DHCP, please see the following Microsoft Knowledge Base article:
 
169289 DHCP (Dynamic Host Configuration Protocol) Basics

Address Mask Request & Address Mask Reply

A booting computer to determine the subnet mask in use on the local network uses the Address Mask Request ICMP Type 17. An intermediary device or computer acting as an intermediary device will reply with a Type 18 ICMP Address Mask Reply ICMP.
 
REFERENCES
 
For more information about ICMP, see RFC950, RFC792, and RFC1122.

RFCs may be obtained via the Internet as follows:

Paper copies of all RFCs are available from the NIC, either individually or on a subscription basis (for more information, contact NIC@NIC.DDN.MIL). Online copies are available via FTP or Kermit from NIC.DDN.MIL as rfc/rfc####.txt or rfc/rfc####.PS (#### is the RFC number without leading zeros).
 
APPLIES TO
Microsoft Host Integration Server 2000 Standard Edition
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Professional Edition
Microsoft Windows 2000 Datacenter Server
Microsoft Windows NT Advanced Server 3.1
Microsoft Windows NT Server 3.5
Microsoft Windows NT Server 3.51
Microsoft Windows NT Server 4.0 Standard Edition
Microsoft Windows NT Workstation 3.1
Microsoft Windows NT Workstation 3.5
Microsoft Windows NT Workstation 3.51
Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows NT Advanced Server 3.1
Microsoft SNA Server 4.0 Service Pack 4
Microsoft Windows for Workgroups 3.2
Microsoft TCP/IP-32 for Windows for Workgroups 1.0
Microsoft Windows 95 Service Pack 1
 

Configuring RRAS Filters to Permit a One-Way Ping

SYMPTOMS
 
With filters on your Routing and Remote Access Service (RRAS) server configured to allow your network to ping remote hosts and to disallow the remote hosts from pinging your RRAS server or internal network hosts, you may notice that ping does not work in either direction.
 
CAUSE
 
When setting the input ICMP filter, the ICMP type and ICMP code fields are blank. This causes the default type and code value of 255 to be used. When 255 is used, all ICMP packets will be blocked (not received), including type 0, which is Echo Reply. When your computer tries to ping a host, the host replies with an Echo Reply ICMP packet, but because of the filter, the packet is discarded.
 
RESOLUTION
 
To resolve this issue set up the filters using the following steps:
 
(1) Click Start, point to Programs, point to Administrative Tools, and then click Routing and RAS Admin.
 
(2) Double-click IP Routing, click Summary, and then right-click the interface on which you want to configure filters.
 
(3) Click Configure Interface, click Input Filters, and then click Add.
 
(4) In the Protocol drop-down list, select ICMP and type 8 in the ICMP type field.
 
    NOTE: Type 8 denotes an Echo Request.
 
(5) Click OK and click Receive all except listed below.
 
(6) Click OK in the IP Packet Filters Configuration dialog box.
 
(7) Click OK in the IP Configuration dialog box for the specific interface.

For more information, please see the following article in the Microsoft Knowledge base:

ARTICLE-ID: 170292 (at the beginning of this whitepaper).

TITLE : Internet Control Message Protocol (ICMP) Basics
 
APPLIES TO
Microsoft Windows NT Server 4.0 Standard Edition
Microsoft Windows NT Server 4.0 Enterprise Edition
 
AMSS COMMUNITY HUB
James K. Murray (MCSA, MCSD)
President
A. M. Software Services, Inc.
347.247.6680
JamesMurray@AMSoftwareServices.com
http://www.amsoftwareservices.net
 
A. M. Software Services, Inc. is a Microsoft Certified Partner