WIN FIFA World Cup™ tickets! Raffle closes in:

WIN FIFA World Cup 2026™ tickets! Enter now

Sign up now
Wc2026 Mobile

Expressvpn Glossary

Internet Control Message Protocol (ICMP)

Internet Control Message Protocol (ICMP)

What is the Internet Control Message Protocol?

The Internet Control Message Protocol (ICMP) is a protocol used by devices to send error messages during communication over networks, defined in Request for Comments (RFC) 792 and published in September 1981. It’s a core part of the Internet Protocol (IP) suite, with a separate version, ICMPv6, existing for IPv6 networks.

How does the Internet Control Message Protocol work?

ICMP works by exchanging control and error messages between devices on a network. When a data packet cannot be delivered, routers or hosts send standardized ICMP messages back to the source to report issues such as unreachable destinations, expired time limits, or processing errors. These messages use defined types and codes, allowing systems to interpret network problems. ICMP is designed to provide feedback on how data transmission is functioning, rather than to carry application data.

The protocol also underpins common network diagnostic tools. Ping, for example, uses ICMP echo and echo reply messages to test connectivity between devices, while traceroute uses time-exceeded messages to map the path packets take across a network. By providing standardized messages to report why failures occur, ICMP helps identify delivery problems and supports more informed routing decisions.Infographic explaining how the the Internet Control Message Protocol helps with network troubleshooting.

Why is Internet Control Message Protocol important?

ICMP's primary value is in network diagnostics. When connectivity fails, ICMP’s standardized messages allow network administrators to determine exactly where the problem is, like whether a host is unreachable, a route is broken, or packets are being dropped.

Beyond diagnostics, ICMP supports performance monitoring, as tools that track latency, availability, and packet loss rely on ICMP to gather data.

Security teams also use ICMP to safeguard systems, as firewalls can use ICMP to block certain kinds of traffic, and it can also highlight unusual traffic patterns that may indicate active threats.

Where is it used?

Below are some of the key areas where ICMP is used:

  • Routers and gateways: Routers generate ICMP messages when they cannot forward a packet, notifying the source of the issue or suggesting an alternative route.
  • Operating systems and servers: Devices that use Transmission Control Protocol (TCP) / (IP) implement ICMP, supporting diagnostic tools like ping and traceroute.
  • Firewalls and security tools: Security tools can inspect and filter traffic using ICMP to safeguard networks from intrusion.
  • Network monitoring platforms: Monitoring tools use ICMP to continuously check availability and response times across networks.

Risks and privacy concerns

While ICMP is essential for network diagnostics, it also carries security risks.

Attackers can use ICMP echo requests to perform network reconnaissance and map out all live hosts on a network if it’s misconfigured to allow unrestricted ICMP echo requests.

ICMP can also be used for denial-of-service (DoS) attacks. ICMP ping floods let an attacker overwhelm a target with ICMP echo requests faster than it can respond, while smurf attacks, a largely mitigated and now uncommon technique, used spoofed ICMP requests sent to broadcast addresses, causing many devices to flood a single victim with replies.

Further reading

FAQ

What is ICMP used for?

The Internet Control Message Protocol (ICMP) is used for error reporting and network diagnostics, allowing devices to know when a packet couldn’t be delivered, a destination is unreachable, or a time limit has expired. It also provides the foundation for various troubleshooting tools like ping and traceroute.

Is ICMP the same as ping?

No. Ping is a tool that uses the Internet Control Message Protocol (ICMP) by sending ICMP echo request messages and waiting for echo replies to test connectivity between devices. ICMP is the underlying protocol that enables ping to operate.

Should ICMP be blocked by firewalls?

Not entirely. Selectively blocking certain Internet Control Message Protocol (ICMP) message types can reduce attack exposure, but blanket blocking disrupts diagnostics and can break core network functions like Path MTU Discovery.

Can attackers abuse ICMP?

Yes. Attackers can use the Internet Control Message Protocol (ICMP) to perform network reconnaissance on misconfigured networks and to carry out denial-of-service (DoS) attacks like ping floods and smurf attacks.

What is the difference between ICMP and TCP?

The Transmission Control Protocol (TCP) requires a multi-step handshake before data is exchanged, while the Internet Control Message Protocol (ICMP) requires no prior connection and simply sends data. It exists only to report on network conditions, not to transfer data between applications.
Get Started