What is ICMP?
ICMP stands for Internet Control Message Protocol and is a network protocol used to send error messages, status information and diagnostic messages within IP networks.
ICMP is used, for example, to indicate that a device is unreachable, or to measure Latency with tools such as
ping.
🎯 What is ICMP used for?
| Function | Description |
|---|---|
| Diagnostics | For example via ping or traceroute |
| Error messages | Such as “Destination Unreachable” or “Time Exceeded” |
| Network monitoring | Devices can inform each other about connectivity issues |
| TTL processing | Detection of routing loops or excessive hops |
🔧 Important ICMP types
| Type | Name | Description |
|---|---|---|
| 0 | Echo Reply | Response to a ping |
| 3 | Destination Unreachable | Destination not reachable |
| 5 | Redirect | Route change required |
| 8 | Echo Request | Ping request |
| 11 | Time Exceeded | TTL expired (e.g. in traceroute) |
🔒 ICMP and security
Although useful, ICMP can also be misused:
- Reconnaissance by attackers (e.g. via ICMP sweep)
- DDoS attacks with ICMP flooding (Ping flood / Smurf attack)
- Tunnelling/abuse via ICMP packets
Best practices:
- Rate limit ICMP traffic
- Filter at firewalls (but don’t block everything!)
- Allow only on specific interfaces or zones (e.g. DMZ)
📌 In summary
ICMP is an essential protocol within IP networks that handles communication about network status and errors. It plays a major role in troubleshooting, but requires careful security in both IT and OT networks.