Talk:Internet Control Message Protocol

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Networking (Rated C-class, Low-importance)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
C-Class article C  This article has been rated as C-Class on the project's quality scale.
 Low  This article has been rated as Low-importance on the project's importance scale.
Taskforce icon
This article is supported by Networking task force (marked as Mid-importance).


The article currently says "Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP, ICMP is unreliable"; however, TCP is also encapsulated within IP and that doesn't make it unreliable. Needs more info. — Preceding unsigned comment added by (talk) 22:06, 13 January 2012 (UTC)

Is it true that ICMP is a transport layer protocol?[edit]

In CISCO CCNA Curriculum materials is correct answer for question "At which layer of the OSI model does ICMP operate?" is network layer —Preceding unsigned comment added by (talk) 17:52, 17 March 2008 (UTC)

The lead section of the article recently accumulated some controversial statements on this subject, such as a rewrite of this old paragraph:
ICMP differs in purpose from TCP and UDP in that it is not used to send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute.
into this paragraph on 3 April 2008:
From a strictly technical perspective, ICMP functions at the transport layer of IP. However, it differs in purpose from other transport protocols such as TCP and UDP in that it is typically not used to ::send and receive data between end systems. It is usually not used directly by user network applications, with some notable exceptions being the ping tool and traceroute. As such, ICMP is often ::considered to be a "network" layer protocol.
and this additional final paragraph on 4 May 2008:
ICMP can "never" be considered a Network Layer protocol. If it were to be considered so, then, it will have to rely on another transport layer protocol to carry its data i.e. Its data will become the payload for a transport layer protocol, as in the case of IP. ICMP is a Transport layer protocol just like TCP and UDP.
A user deleted that contentious paragraph on 5 May 2008, promptly enough, but at the same time amplified the controversial conclusion:
As such, ICMP is commonly (but incorrectly) considered to be a "network" layer protocol.
Now it may be true that some analysts of how the Internet works after the fact have working definitions of "network layer" "Internet layer" and "transport layer" where ICMP fits in the "transport layer" and no other. However, ICMP was part of the Internet layer by definition, when it was built into the Internet. Understanding why it was in that layer would be part of understanding the historical development of the Internet. If what is commonly considered its "layer" has changed, that should be supported with some reference rather than argued originally, or worse, merely asserted.
The company Network Sorcery provides an online guide to Internet protocols [1] that has a simple scheme for classifying protocols into layers that has apparently been favorably received by at least some technical writers and students. Network layer protocols have Ethertype numbers. Transport layer protocols have IP protocol numbers. Application layer protocols have port numbers. Unfortunately, that puts some protocols that have conventionally been considered in the network layer into the transport layer, including ICMP.
According to information, the OSI model has seven layers, then a conventional explanation of the TCP/IP model in terms of five layers developed. Meanwhile, the article Internet protocol suite currently has a chart that provides a nuanced view of only four layers, and historical references to support that view. It puts ICMP in the top of three sublayers in the Internet layer.
The difficulty that some have with this may be that "Internet layer" and "network layer" seem to be synonymous, yet what's in the "Internet layer" may be a matter of history and specific technical implementation, while what's in the "network layer" vs. in the "transport layer" may be a matter of classification according to information systems theory.
--Sonny Moonie (talk) 09:58, 17 May 2008 (UTC)
I think the important point is that the CCNA referes to the OSI modle, but here we refere to the TCP/IP-5-Layer Model. -- AssetBurned (talk) 16:29, 20 May 2008 (UTC)

Creating single article with description of control messages[edit]

Rather than having a separate article for each control message I think it would be better to have a single article containing them all. List of ICMP control messages would be a suitable name. Comments? reetep 19:06, 31 May 2005 (UTC)

ICMP is a supporting protocol to IP, but in the protocol stack it's relative position is higher than IP as ICMP receives services from IP.

Ghost pings[edit]

Why, when a computer crashes so badly that all other I/O screeches to a halt, TCP applications stop working, etc, will some computers still respond to ICMP packets? What is it about the ICMP implementation of any given network stack or OS kernel that would make that happen?

Reply: ICMP, being a supporting protocol to TCP and UDP, is usually handled at a very low level in the TCP stack, possibly even inside the NIC. Most modern NIC's support some kind of TCP speedup by implementing part of the TCP stack inside hardware. Usually, some level of ethernet handling is even performed while the machine is off. —Preceding unsigned comment added by (talk) 10:26, 26 June 2008 (UTC)

Transport layer control protocol[edit]

ICMP is part of the transport layer, but the Internet protocol suite sidebar lists it as being in the network layer.

== ICMP will normally run on port 135 ==.

What on earth is that about?

Reply: AFAIK, ICMP does not use ports really, because it runs only over IP and not over TCP or UDP that give port numbers. It gives information about ports, so if you're getting a lot of ICMP about port 135, maybe you're experiencing an attack there. --Sonny Moonie (talk) 10:54, 17 May 2008 (UTC)

ICMP does not have any assigned port number. What it has is an protocol number, in fact, ICMP's got protocol #1.--Francisco Castro (talk) 03:17, 10 July 2008 (UTC)

ICMP above IP[edit]

I thought so as well, so why didn't anybody fix it before? fixed now.

Is this still fixed??? Just checked and ICMP is listed at the internet layer. Very confusing!!!

Bad packet structure[edit]

how come the source address and destination address in the packet structure table are only 16 bits long ? ips are 32 bits long. see also IP packet format

Color accessibility[edit]

In the table of the segment structure, the ICMP header is only labeled with color. The Wikipedia Accessibility guidelines do not recommend this since blind people cannot differentiate the important information. Please use text notes, bold, italics, or some other form of distinguishment. -- 05:48, 20 June 2007 (UTC)

ICMP segment structure ?[edit]

Echo and Timestamp request / reply (and some others) use identifier and sequence numbers. Other ICMP messages (such as Destination Unreachable) do not use them. I think the figure is wrong for illustrating ICMP as a whole. Rjgodoy (talk) 01:53, 28 February 2008 (UTC)

ICMP vs IP[edit]

IP is better !

Header format[edit]

Why are the header bit positions specified from the start of the IP header? This is ... curious, at best. —Preceding unsigned comment added by (talk) 00:48, 6 May 2009 (UTC)


The following discussion is an archived discussion of a requested move. Please do not modify it. Subsequent comments should be made in a new section on the talk page. No further edits should be made to this section.

The result of the move request was: Not moved, no consensus that this is the most common usage of the term. Taelus (talk) 13:43, 15 March 2010 (UTC)

Internet Control Message ProtocolICMPWP:COMMONNAME and this discussion. cf. HTML. —Justin (koavf)TCM☯ 21:55, 6 March 2010 (UTC)

The above discussion is preserved as an archive of a requested move. Please do not modify it. Subsequent comments should be made in a new section on this talk page. No further edits should be made to this section.

Major merge[edit]

There is a family of articles associated with ICMP. I assert that one article covering all versions and functions of ICMP would best serve readers and have proposed merging all this material into this article. -—Kvng 01:09, 22 November 2012 (UTC)

I whole heartedly agree. All ICMP articles apart from the base one are short, and reference to it. --Dalibor Dragojevic (talk) 11:46, 27 November 2012 (UTC)
Support per Dalibor. 1exec1 (talk) 03:15, 6 December 2012 (UTC)
Hello, Thanks for this suggestion. I also support it. Regards. --nha, from Lyon, France. (talk) 18:34, 12 December 2012 (UTC)
Support, but when you merge them, notice that the ICMPv6 article improves understanding of the protocol by classifying messages into two categories: error messages and information messages. -- Dave Braunschweig (talk) 13:44, 17 December 2012 (UTC)
Oppose, the risk of confusion is too great. Electron9 (talk) 10:35, 13 January 2013 (UTC)
What kind of confusion are you talking about? -—Kvng 19:09, 13 January 2013 (UTC)
Mainly IPv4 and IPv6, ie what belongs to what. Electron9 (talk) 02:43, 14 January 2013 (UTC)
I started to look at the ICMPv6 merge and there does appear to be a problem here. They've renumbered code points in IGMPv6 making it a different protocol. -—Kvng 00:26, 16 January 2013 (UTC)

I've completed the easy merges. Plenty of additional cleanup to do. -—Kvng 22:08, 20 December 2012 (UTC)

Formatting cleanup completed. -—Kvng 19:22, 7 January 2013 (UTC)

I'm calling this one done. The ICMPv6 merge does not look like it will be helpful. ICMP Router Discovery Protocol is a separate protocol that makes use of ICMP. -—Kvng 15:19, 20 January 2013 (UTC)


It is not entirely true that "every device (such as an intermediate router) forwarding an IP datagram first decrements the time to live (TTL) field in the IP header by one." There are whole ranges of routers that don't touch TTL by default. — Preceding unsigned comment added by (talk) 22:15, 30 March 2014 (UTC)

Such routers should be treated as malfunctioning; please see RFC 1812, section 5.3.1. — Dsimic (talk | contribs) 21:25, 31 March 2014 (UTC)

ICMP Exploits[edit]

I found this article about a man-in-the-middle attack called "DoubleDirect", which makes use of ICMP Redirect packets to modify routing tables on the victim host. This attack would force network traffic to flow via an arbitrary network path for a particular IP address.

I wanted to add this to the Redirect section, but this is currently just about the technical details. Which would be an appropriate section to place this?

The article I wanted to quote is at

invenio tc 01:11, 25 November 2014 (UTC)

On that note, I've just noticed that the Data section mentions an ICMP abuse. Should there be a completely new section Abuse or Exploits that detail possible scenarios?
Yes, WP:BEBOLD and add a new section. If another editor, comes up with a better way to incorporate the new cited information, they can make the improvement. ~KvnG 15:06, 27 November 2014 (UTC)

Black Nurse[edit]

Low bandwidth high impact DOS attack: Hcobb (talk) 18:46, 14 November 2016 (UTC)