ICMP
What is ICMP?
ICMPA network-layer control and diagnostics protocol (RFC 792 for IPv4, RFC 4443 for IPv6) used by hosts and routers to report errors and signal path conditions.
The Internet Control Message Protocol is an integral part of IP, defined in RFC 792 for IPv4 and RFC 4443 for IPv6. Routers and end hosts use it to send error messages (destination unreachable, time exceeded, fragmentation needed) and diagnostic queries (echo request/reply, used by ping and traceroute). ICMP rides directly over IP with protocol number 1 (or 58 for ICMPv6) and has no ports. It is essential for Path MTU Discovery and IPv6 Neighbor Discovery, so blanket-blocking ICMP often breaks connectivity. Abuses include ping floods, Smurf-style amplification, ICMP redirect attacks that alter local routing tables, and ICMP tunneling used for command-and-control or data exfiltration.
● Examples
- 01
ping example.com sends ICMP echo requests and measures the time to receive echo replies.
- 02
A router returns ICMP type 3 code 4 to signal that fragmentation is needed but DF is set.
● Frequently asked questions
What is ICMP?
A network-layer control and diagnostics protocol (RFC 792 for IPv4, RFC 4443 for IPv6) used by hosts and routers to report errors and signal path conditions. It belongs to the Network Security category of cybersecurity.
What does ICMP mean?
A network-layer control and diagnostics protocol (RFC 792 for IPv4, RFC 4443 for IPv6) used by hosts and routers to report errors and signal path conditions.
How does ICMP work?
The Internet Control Message Protocol is an integral part of IP, defined in RFC 792 for IPv4 and RFC 4443 for IPv6. Routers and end hosts use it to send error messages (destination unreachable, time exceeded, fragmentation needed) and diagnostic queries (echo request/reply, used by ping and traceroute). ICMP rides directly over IP with protocol number 1 (or 58 for ICMPv6) and has no ports. It is essential for Path MTU Discovery and IPv6 Neighbor Discovery, so blanket-blocking ICMP often breaks connectivity. Abuses include ping floods, Smurf-style amplification, ICMP redirect attacks that alter local routing tables, and ICMP tunneling used for command-and-control or data exfiltration.
How do you defend against ICMP?
Defences for ICMP typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for ICMP?
Common alternative names include: Internet Control Message Protocol.
● Related terms
- network-security№ 1136
TCP/IP
The four-layer Internet Protocol Suite that defines how packets are addressed, routed, fragmented, and reliably delivered between hosts across interconnected networks.
- network-security№ 553
IP Address
A numeric identifier assigned to a network interface for routing across IP networks: 32 bits in IPv4 (RFC 791) or 128 bits in IPv6 (RFC 8200).
- network-security№ 1188
UDP
A connectionless transport protocol (RFC 768) that delivers individual datagrams between ports with minimal overhead but no reliability or ordering guarantees.
- attacks№ 555
IP Spoofing
Forging the source IP address of network packets to impersonate another host, bypass filters, or amplify denial-of-service attacks.
- network-security№ 344
DNS Tunneling
A covert channel that encodes arbitrary data inside DNS queries and responses on UDP/TCP port 53, frequently used for command-and-control and data exfiltration.
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
● See also
- № 061ARP