The Internet Control Message Protocol is the housekeeping protocol of the Internet. It performs a variety of important administrative functions. Learn how basic functions of ICMP and how you can use ICMP to troubleshoot network issues with the ping and traceroute commands.
- The Internet Control Message Protocol, ICMP is the housekeeping protocol of the internet. It performs a variety of important administrative functions. The ping command is one of the most basic network troubleshooting commands available. When a system sends a ping command over the network, the receiving system responds with an acknowledgment. It's the equivalent of one system asking another, "Are you there?" and the target system responding, "Yes, I am".
Although, instead of asking these questions in English, the ping command uses the ICMP protocol. The, "Are you there" question is asked by sending a packet known as an ICMP Echo request. The target system responds "Yes, I am" by sending an ICMP Echo reply. Let's try this from the command line using Terminal on a MacBook. I'm going to try pinging the website of The International Information Systems Security Certification Consortium or ISC squared, the creators of the CISSP exam.
Their website is www.isc2.org. So, I'm going to go ahead and type in the command ping, space, and the name of the server, www.isc2.org. And, as you can see, the screen immediately begins filling up with ping information. My computer is sending ICMP Echo requests in a continuous fashion. ISC square's web server, when it receives each of those requests, responds with an ICMP Echo reply. And, each line that you see appearing on the screen here is the receipt of one of those Echo reply packets.
You can see, each one of these packets contains 64 bytes. It's coming from the IP address 22.214.171.124, that's the IP address of ISC squared's web server. It gives us a sequence number that's counting the number of packets received. And you can see, we missed a couple here. There was some little blip in the network taking place and the request timed out. But, generally, these are flowing in order and they're coming pretty steadily, and they're taking somewhere between 40 and 50 milliseconds for that round-trip communication between my laptop and the ISC squared web server.
Now, these are just going to continue on forever, so, I'm going to use the Control+C command to exit out of that. And just type clear to clear up the screen. ICMP also enables the use of the Traceroute command. Traceroute performs more detailed troubleshooting by not only showing you whether a system is alive on the network, but also showing you the path over the network between those two systems. Let's try using Traceroute to identify the path followed over the internet between my system and the ISC squared web server.
Here we're back in the Terminal session. I'm going to type in the command traceroute, followed by the flag -I, to let Traceroute know I would like to use ICMP packets, and then I'm going to type in the address of that ISC squared web server again. And, when I hit enter, my screen begins filling up with the network routing information, showing me the path between my system, that's the top one here, number 1, 10.0.1.1 and the ISC squared web server, 126.96.36.199.
And, as you can see, there are 14 steps between my system and that server. Once the packet leaves my computer, it goes through a series of Comcast-owned routers, beginning in my hometown of South Bend, Indiana, then traveling to Chicago, a backbone for Comcast located in Cermak, Illinois. And, then we switch networks. We go over from Comcast over to a network called as6453.net, which is another internet backbone service provider. And, this is also happening in Chicago.
So, we went to Chicago where Comcast apparently has a network peering with this other provider, and then it bounces around their network a little bit. It travels on the as6453 network from Chicago to New York, to Newark, New Jersey, and then to Ashburn, Virginia, before we start getting into the last couple of hops that just have IP addresses and reach us to the ISC squared web server. So, this is telling me that the ISC squared web server is probably located somewhere in the Ashburn, Virginia area, which is actually a known site for many cloud data centers.
If I were troubleshooting a bad network connection between my system and the ISC squared server, this type of information can help me figure out where the problem might be. You'll notice that the Traceroute command gives you the amount of time that it takes for the packet to travel at each step along the way. We can see that it takes approximately 40 seconds, like it did when we did the ping command, but, when we start looking into the details, we can see where those delays took place, what the latency is between each one of those connections. So, I can get to these local South Bend Comcast devices in a about 10 milliseconds, but, getting back and forth to the Comcast systems in Chicago takes about 20.
And, as soon as we go from Chicago to New York, we're about doubling that travel time, that's the time that the packets are actually taking to travel halfway across the country from Chicago to New York, and it's taking 40 milliseconds to get from my system to get to the systems located in New York, New Jersey and Virginia. ICMP also has some other functions. Some of the administrative messages sent by ICMP include, destination unreachable messages, redirect messages, time exceeded messages, and address mask requests and replies.
Through these functions, the Internet Control Message Protocol plays an important role in maintaining a robust, healthy network, and troubleshooting network connectivity issues.
Learn about communication and networking best practices, including TCP/IP networking, network security devices, and secure network design and management. Instructor and cybersecurity expert Mike Chapple also includes coverage of converged protocols, network encryption, and wireless networking. You can find Mike's companion study books for this series at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- IP addressing
- Switches and routers
- Content distribution networks
- Designing secure networks
- Specialized networking
- Managing secure networks
- Working with virtualized networks like SDNs
- Detecting and preventing network attaches
- Transport encryption
- Wireless networking
- Host security