Network performance is critical to most users and applications. For example, VoIP and other real-time communication services require low latency. The ping and traceroute terminal utilities use ICMP messages to assess network performance. The ping utility displays the routing path that data packets must travel to reach their destination, showing each device (also known as a hop) along the way.
Detecting Congestion
Network congestion is a common cause of performance problems in many network applications. ICMP protocol can help with this issue by detecting when data transmissions are taking an inefficient route through the network. For example, suppose a router or other network device receives an IP packet that it can’t deliver due to network congestion. In that case, it will send a Destination Unreachable message back to the source. This error report helps the network troubleshoot and correct the problem before it worsens. Another common ICMP error reporting mechanism is the source quench message. This report informs the source device that the rate of incoming data packets is too high and slows down transmissions. This adds flow control to the network layer and prevents traffic from being lost. Other ICMP error detection features include the checksum and pointer fields. The checksum is a 16-bit value that checks for the integrity of transmitted data. The pointer field identifies the location within the original datagram of the problem. ICMP also provides useful diagnostic tools like ping and traceroute. Ping uses ICMP echo-request and echo-reply messages to test network availability and latency between devices. Traceroute, meanwhile, combines the functionality of ping and ICMP to provide a hop-by-hop breakdown of network path delays. It can also identify faulty hardware or security threats, such as Smurf attacks and ping of death.
Informing the Sender of an Issue
ICMP can report network errors without involving a connection handshake between devices as TCP does. Instead, ICMP encapsulates the error information into an IP packet that the recipient device decodes and handles. ICMP has a header and a variable-sized data section. The title includes an 8-bit field called the type, which tells the receiving device what error information the message contains. The data section consists of an identifier of the problem, a pointer to where the error occurred in the original IP packet and a copy of the original IP datagram that triggered the error. For example, suppose a network gateway encounters a packet too large to process (or contains data in the wrong order). In that case, it will return an ICMP error notification to the sending device. This way, the transmitting device knows it is time to resend the data. Another common use of ICMP is for network diagnostics. The terminal utilities traceroute and ping both utilize ICMP to reveal the path data takes between devices. Traceroute shows the devices that handled a packet of data, including the physical routers involved and how long each leg of the trip took — allowing administrators to pinpoint sources of latency.
The ping utility uses ICMP to detect whether a device is reachable. It does this by sending out ICMP messages of the ping type (Type 8) with a packet length slightly smaller than the maximum MTU size allowed by IP. This causes the receiving device to respond with a ping reply message indicating availability.
Providing Feedback
As an Internet layer protocol, ICMP doesn’t include associated processes for establishing and closing connections between devices (like TCP does). However, it can still help teams troubleshoot problems when something goes wrong. For example, ICMP can send error reports to the network administrator so that they can determine why some or all of the data from a device isn’t making it to its destination. The most common way ICMP helps with feedback is via ping monitoring, which involves repeatedly sending an ICMP echo request message to a specific server or device on the network to find out if it’s alive. If the target server or device responds with an ICMP echo reply message, this is considered a good sign and means the connection is functional without any issues. If the ping time, measured in milliseconds, is significantly longer than normal, it’s a bad sign and indicates problems with the network. Other ICMP messages also provide feedback, such as the time exceeded error message that can be sent when an IP datagram’s time-to-live value expires before the destination device receives it. Another useful ICMP message is the query message, which allows a router or host to ask another router or host for information such as its IP address or subnet mask.
Providing Flow Control
ICMP messages fall into two categories: error reports and query messages. The latter are used for network diagnostics and are the basis for the terminal utilities ping and traceroute. Error reports can inform administrators of connectivity issues like unreachable destination devices. They can also show the routing path data taken between the two devices and how long each hop took, a useful tool for finding the source of congestion. Aside from error reporting, ICMP is also used for network monitoring and performance testing. Its connectionless nature – it does not require a connection to be established between devices before sending a message – makes it easy to “ping” a network device and verify whether it is functioning properly. These pings can also test loopback connections, networking software and communication protocols. ICMP also supports using query messages, which help verify information like the network device’s address, subnet mask and other data. In addition, ICMP can send a “source quench” message to the source host (when it detects that the source is sending packets too quickly), which tells the head to reduce its traffic rate to avoid causing router congestion. This feature helps to protect a network from denial-of-service attacks (DoS) by preventing the attacker from overwhelming a server with ping requests.