Expressvpn Glossary
Internet Control Message Protocol (ICMP)
What is the Internet Control Message Protocol?
The Internet Control Message Protocol (ICMP) is a protocol used by devices to send error messages during communication over networks, defined in Request for Comments (RFC) 792 and published in September 1981. It’s a core part of the Internet Protocol (IP) suite, with a separate version, ICMPv6, existing for IPv6 networks.
How does the Internet Control Message Protocol work?
ICMP works by exchanging control and error messages between devices on a network. When a data packet cannot be delivered, routers or hosts send standardized ICMP messages back to the source to report issues such as unreachable destinations, expired time limits, or processing errors. These messages use defined types and codes, allowing systems to interpret network problems. ICMP is designed to provide feedback on how data transmission is functioning, rather than to carry application data.
The protocol also underpins common network diagnostic tools. Ping, for example, uses ICMP echo and echo reply messages to test connectivity between devices, while traceroute uses time-exceeded messages to map the path packets take across a network. By providing standardized messages to report why failures occur, ICMP helps identify delivery problems and supports more informed routing decisions.
Why is Internet Control Message Protocol important?
ICMP's primary value is in network diagnostics. When connectivity fails, ICMP’s standardized messages allow network administrators to determine exactly where the problem is, like whether a host is unreachable, a route is broken, or packets are being dropped.
Beyond diagnostics, ICMP supports performance monitoring, as tools that track latency, availability, and packet loss rely on ICMP to gather data.
Security teams also use ICMP to safeguard systems, as firewalls can use ICMP to block certain kinds of traffic, and it can also highlight unusual traffic patterns that may indicate active threats.
Where is it used?
Below are some of the key areas where ICMP is used:
- Routers and gateways: Routers generate ICMP messages when they cannot forward a packet, notifying the source of the issue or suggesting an alternative route.
- Operating systems and servers: Devices that use Transmission Control Protocol (TCP) / (IP) implement ICMP, supporting diagnostic tools like ping and traceroute.
- Firewalls and security tools: Security tools can inspect and filter traffic using ICMP to safeguard networks from intrusion.
- Network monitoring platforms: Monitoring tools use ICMP to continuously check availability and response times across networks.
Risks and privacy concerns
While ICMP is essential for network diagnostics, it also carries security risks.
Attackers can use ICMP echo requests to perform network reconnaissance and map out all live hosts on a network if it’s misconfigured to allow unrestricted ICMP echo requests.
ICMP can also be used for denial-of-service (DoS) attacks. ICMP ping floods let an attacker overwhelm a target with ICMP echo requests faster than it can respond, while smurf attacks, a largely mitigated and now uncommon technique, used spoofed ICMP requests sent to broadcast addresses, causing many devices to flood a single victim with replies.
Further reading
- Internet Control Message Protocol (ICMP): A detailed guide
- How to ping an IP address
- What is traceroute and how to use it for network diagnostics
- What is packet loss? Everything you need to know
- How to prevent a ping flood attack on your network
- What is a smurf attack and why is it a security risk?