ICMP

ICMP (Internet Control Message Protocol) is a network-layer protocol used by devices (like routers) to diagnose communication issues, report transmission errors, and manage network traffic. It functions as the network’s built-in troubleshooting tool, ensuring data successfully reaches its destination.

• Error Reporting: Informs the sender if a packet cannot be delivered (e.g., the destination is unreachable or a packet is too large).
• Connectionless: Unlike TCP, it does not require a handshake to establish a connection.
• No Port Numbers: It operates directly on top of the Internet Protocol (IP) rather than relying on transport-layer ports.
• Not for Data Transfer: It communicates information about data rather than transmitting the actual user data.

Two popular commands rely on ICMP, and they are instrumental in network troubleshooting and network security. The commands are:

• ping: This command uses ICMP to test connectivity to a target system and measures the round-trip time (RTT).
• traceroute:Uses ICMP to discover the route from your host to the target.

Ping#

Ping is a basic computer network tool used to test reachability and measure connection latency (round-trip time) between a device and an IP address or server. It measures network delay in milliseconds (ms).

Usage#

ping [host]

How it works#

1. The ping command sends an ICMP Echo Request (ICMP Type 8).
2. The computer on the receiving end responds with an ICMP Echo Reply (ICMP Type 0).
   Many things might prevent us from getting a reply. In addition to the possibility of the target system being offline or shut down, a firewall along the path might block the necessary packets for ping to work.

Traceroute#

Traceroute is a network diagnostic tool that maps the real-time path data packets take to reach a destination across an IP network. It identifies the routers (hops) traversed and measures response times. It helps pinpoint network congestion, high latency, or points of failure.

Usage#

• Windows: Open Command Prompt and type: tracert [hostname or IP]
• macOS / Linux: Open Terminal and type: traceroute [hostname or IP]

How it works#

The Internet protocol has a field called Time-to-Live (TTL) that indicates the maximum number of routers a packet can travel through before it is dropped. The router decrements the packet’s TTL by one before it sends it across. When the TTL reaches zero, the router drops the packet and sends an ICMP Time Exceeded message (ICMP Type 11). (In this context, “time” is measured in the number of routers, not seconds.) This process reveals the IP address of each router along the path.

How to Read the Results#

A standard traceroute provides multiple columns of data for each hop:

1. Hop Number: The sequence of the router in the path.
2. Round-Trip Time (RTT): Three separate time measurements (in milliseconds) to that router.
3. Router Name / IP: The hostname and IP address of the router

• Asterisks ( * ): Represent a timeout where a router failed to respond within the allowed time. A single asterisk usually means intermittent packet loss, while a series of them indicates a blockage or a router configured to ignore ICMP requests.
• High Latency Spikes: If the response time jumps significantly (e.g., from 10ms to 250ms), it indicates a bottleneck or geographic distance delay at that specific router.