Summary
ICMP is a supporting protocol in the IP suite used to send error messages and operational information such as whether a host is reachable or a packet exceeded its time-to-live.
What is ICMP?
Unlike TCP and UDP, ICMP is not used to exchange data between applications. It operates at the network layer and is primarily used for diagnostic and control purposes. The most familiar ICMP applications are ping, which sends Echo Request messages and listens for Echo Reply, and traceroute, which exploits the TTL-exceeded message to map network paths.
ICMP also carries error messages back to senders: Destination Unreachable informs a sender that a packet could not be delivered; Time Exceeded signals that a router discarded the packet because its TTL reached zero; Fragmentation Needed tells a sender to reduce packet size.
In cloud and virtualised environments, ICMP is often selectively permitted in security group rules. Allowing ICMP Echo is important for basic connectivity troubleshooting, while restrictive rules may block other ICMP types to reduce the attack surface.
Why is ICMP relevant?
- Diagnostics: Tools like
pingandtracerouterely entirely on ICMP for network troubleshooting - Error signalling: Routers use ICMP to notify senders of delivery failures without upper-layer involvement
- Path MTU discovery: ICMP Fragmentation Needed messages enable endpoints to determine the maximum packet size on a path