ICMP is the Internet Control Message Protocol which works at Layer 3 or the Network layer. It is used for all kinds of network messaging services utilized by IP, the Internet Protocol.
In fact, here’s how it is defined by Wikipedia:
“The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is chiefly used by the operating systems of networked computers to send error messages indicating, for example, that a requested service is not available or that a host or router could not be reached. ICMP can also be used to relay query messages”
(see RFC 1256, if you are into that kind of thing).
Bottom line, ICMPs are used by routers, intermediary devices, or hosts to communicate updates or error information to other routers, intermediary devices, or hosts. It is a useful error reporting and diagnostic utility and is considered a required part of any IP implementation.
My focus today is on the morbid language used to describe some of the services provided by ICMP.
Each ICMP message contains three fields that define its purpose and provide a checksum – type, code, and checksum. The “TYPE” field identifies the ICMP message, the “CODE” field provides further information about the associated TYPE field, and the “CHECKSUM” provides a method for determining the integrity of the message.
| Type | Description |
| 0 3 4 5 8 11 12 13 14 17 18 |
Echo Reply Destination Unreachable Source Quench Redirect Message Echo Request Time Exceeded Parameter Problem Timestamp Request Timestamp Reply Address Mask Request Address Mask Reply |
Take for example, the case of type 3 “Destination Unreachable”.
When an IP packet is sent from one host to another, each packet is allotted a number of stopping points, usually routers, to pass through in order to reach its destination and these are called “hops” or “hop count”.
When a packet is undeliverable, a Destination Unreachable, Type 3, ICMP is generated. Type 3 ICMPs can have a Code value of 0 to 15:
| Type 3 | |
| Code Value | Description |
| 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 |
Network Unreachable Host Unreachable Protocol Unreachable Port Unreachable Fragmentation needed and DF (Don’t Fragment) set Source route failed Destination Network unknown Destination Host unknown Source Host isolated Communication with Destination Network Administratively Prohibited Communication with Destination Host Administratively Prohibited Network Unreachable for Type Of Service Host Unreachable for Type Of Service Communication Administratively Prohibited by Filtering Host Precedence Violation Precedence Cutoff in Effect |
If an IP packet reaches its limit of hops, the last receiving router usually just deletes the message. Now this is where the language issue comes in. The router that deletes the datagram is called an executioner. After “killing” the datagram, this “executioner” uses ICMP to send an “obituary” message to the machine that sent the message to inform it that its message met an untimely death. I am not making this up. Actually, here’s a paper called “Providing Packet Obituaries” that discusses the obituary concept.
What is the world coming to?
And oh, by the way, did I tell you about the “selfish” way Microsoft uses PING, the Packet InterNet Groper? PING uses the alphabet in the data portion of a packet as payload. But when you use ping on a Windows device, we seem to be a little short on our alphabet count.
For example:
| ICMP Data Area: | |
| abcdefghijklmnop | 61 62 63 64 65 66 67 68 69 6a 6b 6c 6d |
| qrstuvwabcdefghi | 71 72 73 74 75 76 77 61 62 63 64 65 66 |
Notice how the alphabet stops at “w”. Hmm. What happened to x, y,z? Windows, anyone?
Props to Todd Lammle for that tidbit.
