ICMP is a network protocol used for diagnostics, reporting errors or problems when transmitting information over a network. It works at layer 3 of the OSI model.
ICMP is based on the IP protocol and is part of the TCP/IP stack. An error message is encapsulated in a new packet with an IP header.
One example of how ICMP works. Each time information is transmitted through a network node (e.g., router), the TTL field in the data packet is decremented by 1. When it reaches zero, an ICMP message is returned to the source saying that the TTL is exceeded.
There are 3 rules when creating ICMP messages:
- If an ICMP packet was lost in transit, no new one is generated.
- An ICMP message is never created in response to broadcast or group requests. Otherwise, network traffic congestion (“broadcast storm”) can occur.
- If an IP packet was damaged during transmission, an ICMP message is sent immediately to the source.
Also messages are generated automatically if:
- the package did not reach its destination;
- the network equipment cannot forward packets at the current speed;
- the network equipment is redirected to another route, which is more convenient than the current one for reaching the recipient.