Home > Articles > Software Development & Management

This chapter is from the book

This chapter is from the book

ICMP Message Types

The type field identifies the type of the message sent by the host or gateway. Many of the type fields contain more specific information about the error condition. Table 3.2 lists the ICMP message types.

Table 3.2 ICMP Message Types


Description ICMP Message Types


Echo Reply (Ping Reply, used with Type 8, Ping Request)


Destination Unreachable


Source Quench




Echo Request (Ping Request, used with Type 0, Ping Reply)


Router Advertisement (Used with Type 9)


Router Solicitation (Used with Type 10)


Time Exceeded


Parameter Problem


Timestamp Request (Used with Type 14)


Timestamp Reply (Used with Type 13)


Information Request (obsolete) (Used with Type 16)


Information Reply (obsolete) (Used with Type 15)


Address Mask Request (Used with Type 17)


Address Mask Reply (Used with Type 18)

Because each of the ICMP message headers vary depending on which one is sent, we will discuss each type separately, identifying the corresponding code fields, if applicable.

Ping: Echo Request and Reply—Types 8 and 0

We discuss the ICMP Echo Request Type 8 and Echo Reply Type 0 because ICMP uses these messages in tandem. Remote hosts use these two message types to test connectivity. As previously mentioned, the user executes the Ping utility, initiating the generation of ICMP echo requests with the expectation that the destination host sends a corresponding echo reply. Upon successful receipt of the replies to the echo requests, the messages do the following:

  • Indicate a successful test.

  • Assume that a valid communication path between the hosts exists.

  • Assume the end host works through the Network layer.

Figure 3.10 shows an example of an echo request; Figure 3.11 shows an example of an echo reply. In Frame 1 host sends an echo request to test the connectivity with host Note the detail pane indicates a type 8 value stating this is an echo request. The ID value of 52743 and the sequence number of 57098 are optionally included to provide a reasonable match with the echo reply. In Frame 2 host returns the echo reply to host The type code 0 indicates this is a reply and the previous ID and sequence number values used in the echo request frame match.

Figure 3.10 This is an example of an echo request and reply generated as a result of the Ping Utility.

Destination Unreachable—Type 3

ICMP Type 3 message Destination Unreachable alerts a source host of delivery problems encountered while trying to reach the destination. Note that a destination host sends only code types 2 and 3; a router can send all codes. Destination Unreachable uses several code values to further describe the function of the ICMP message being sent. Each code type describes a different delivery problem encountered, as shown here:

Figure 3.11 This is an ICMP echo reply message sent in response to a previously received echo request.

0 = Network Unreachable

This message indicates that the router cannot find the destination network (does not exist or has failed) or has no route to this network. In other words, the router cannot deliver or forward an IP datagram to the destination network. This could be the result of a network that is beyond the maximum distance limitation for the routing protocol in use and is therefore considered unreachable (too far). When a client attempts to connect to a host on a network that is unreachable, a gateway generates this message to alert the source host of the problem. You can think of this message as the gateway saying to the sending host, "The street you are trying to locate is not found or is too far to reach."

1 = Host Unreachable

The host unreachable message alerts the sending host that the destination host requested cannot be found. This could happen because this host has been turned off or does not exist. You can think of this message as the gateway saying to the sending host, "I found the street you were looking for, but the house you are trying to find is not there."

2 = Protocol Unreachable

Protocol unreachable indicates that the Transport layer protocol (UDP or TCP) is not available. The destination host or an intervening gateway might send this message. You can think of this message as saying, "The transport layer protocol you are attempting to communicate with is not active on this host."

3 = Port Unreachable

A port unreachable message indicates that the process or application the source host is attempting to establish a connection with is not active on the destination host. Typically this type of message is sent when an application has not been started or has failed on this host. The destination host or an intervening gateway might send this message. You can think of this message as saying, "The process or application you are attempting to communicate with is not active on this host," or, "I found the street, I found the house, the lights were on, but no one was home."

Figure 3.12 shows a request being sent from a BOOTP client looking for a BOOTP server. Figure 3.13 shows an example of an ICMP destination port unreachable message generated because the router or gateway could not find the BOOTP server, or the server was unavailable. We discuss BOOTP in Chapter 4, "Address Resolution," and UDP in Chapter 9, "User Datagram Protocol (UDP)."

Figure 3.12 In frame one, highlighted in the summary pane and show in the detail pane, we see a BOOTP client, "UDP port=68," sending a broadcast to all hosts using UDP port 67, which identifies a BOOTP Server process requesting an IP address.

In Figure 3.13 note that the gateway has added a copy of the offending IP header within the ICMP header that caused the error from frame one. By including a copy of the offending IP header, the source might be able to use this information to correct the problem that resulted in this ICMP message being sent.

4 = Fragmentation is needed, but don't-fragment bit set

This message occurs when a router receives a datagram that requires fragmentation, but the router has the DF (don't-fragment) flag turned on. We discussed fragmentation earlier in the chapter. If you recall, the sending host generally has the responsibility of fragmentation. The receiver has the responsibility of reassembly.

However, when a router cannot forward a datagram because it is too big, if allowed the router might fragment the datagram further before transmitting it to an attached segment. If the router has the DF bit set, this will not happen and the router will trash the datagram. It then generates a message to alert the sender of this action by sending a Type 3, Code 4 message. The fragmentation bit also can determine the maximum packet size or MTU that hosts can transmit end to end along the communication path.

Figure 3.13 In frame two, highlighted in the summary pane and shown in the detail pane, we see an ICMP message being sent by a gateway ( stating the previous request failed because the port request (68) is not active and therefore unreachable. As you can see in the detail pane, immediately following the IP header is the ICMP header.

Hosts can use the ICMP messages sent by routers to resize datagrams, dynamically adjusting to the needs of the network. This allows the host to determine the smallest MTU path to a destination.

5 = Source Route Failed

The message occurs if a router encounters a next hop in the source route that does not reside on a directly connected network.

6 = Destination Network Unknown

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular network because it is unknown.

7 = Destination Host Unknown

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular host because it is unknown.

8 = Source Host Isolated (obsolete)

9 = Destination Network Administratively Prohibited

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular network because it is not allowed. Access to this network has been prohibited.

10 = Destination Host Administratively Prohibited

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular host because it is not allowed. Access to this host has been prohibited.

11 = Network Unreachable for ToS

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular network because the ToS requested is not available.

12 = Host Unreachable for ToS

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular host because the ToS requested is not available.

13 = Communication Administratively Prohibited by Filtering

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular host because it is not allowed. An administratively configured filter has prohibited access to this process or application.

14 = Host Precedence Violation

This message occurs when a router receives an IP datagram that it cannot deliver or forward to a particular host because the precedence level requested does not match, and is not accepted or is invalid. This could be a source host attempting to access a high security host without the necessary security clearance values.

15 = Precedence Cutoff in Effect

This message rarely occurs. However, you will receive this message when a packet is dropped by the cutoff function.

Precedence Handling For All Routers

Routers must accept and route incoming traffic of all precedence levels normally, unless you have configured it to do otherwise. If you want to learn more about precedence and Destination Unreachable messages 14 and 15, please refer to RFC 1812,, "Precedence Handling for All Routers."

Source Quench—Type 4

A receiving host generates this message when it cannot process datagrams at the speed requested due to a lack of memory or internal resources. This message serves as a simple flow control mechanism that a receiving host can utilize to alert a sender to slow down its transmission of data. When the source host receives this message, it must pass this information on to the upper-layer process, such as TCP, which then must control the flow of the application's datastream. A router generates this message when, in the process of forwarding datagrams, it has run low on buffers and cannot queue the datagram for delivery.

Redirect—Type 5

A router sends a redirect error to the sender of an IP datagram when the sender should have sent the datagram to a different router or directly to an end host (if the end host is local). The message assists the sending host to direct a misdirected datagram to a gateway or host. This alert does not guarantee proper delivery; the sending host has to correct the problem if possible.

Only gateways generate redirect messages to inform source hosts of misguided datagrams. Note that a gateway receiving a misdirected frame does not trash the offending datagram if it can forward it. The gateway forwards the frame, sends an alert message to the source, and hopes the source host will properly direct future frames to the designated host or gateway indicated in the message. ICMP redirect messages alert source hosts when a datagram has been misdirected and should be resent. Four redirect error codes can occur:

  1. 0 = Redirect for Network

  2. 1 = Redirect for Host

  3. 2 = Redirect for Type-of-Service and Network

  4. 3 = Redirect for Type-of-Service and Host

Figure 3.14 shows an example of a ICMP redirect message. In this example, a gateway ( alerts host ( that it should be sending future datagrams to the following gateway internet address ( This alert message also includes a copy of the offending IP header for the source host's inspection.

Figure 3.14 ICMP redirect messages are sent by gateways to hosts alerting them of messages that have been misdirected.

Router Advertisement and Solicitation—Types 9 and 10

Rather than initializing a routing table with static routes specified in configuration files, you can use the router ICMP advertisement and solicitation messages. After bootstrapping, a host can transmit a broadcast or multicast a solicitation message to which a router or routers responds with a router advertisement. This allows communicating hosts to learn of available routes dynamically and update their routing tables. We will discuss routing in more detail in Chapters 5 and 6.

Time Exceeded—Type 11

The time exceeded message occurs when a router receives a datagram with a TTL (Time To Live) of 0 or 1. IP uses the TTL field to prevent infinite routing loops. A router cannot forward a datagram that has a TTL of 0 or 1. Instead, it trashes the datagram and sends a time exceeded message. Two different time exceeded error codes can occur:

  1. 0 = Time-To-Live Equals 0 During Transit

  2. 1 = Time-To-Live Equals 0 During Reassembly

Note that a router cannot forward a datagram with a TTL of 0 or 1 both during transit or reassembly.

As previously mentioned in the IP section of this chapter, the TTL timer is measured in seconds and originally was used before the existence of routers to guarantee that a datagram did not live on the Internet forever. Each gateway processing a datagram reduces this value by at least one if it takes longer to process and forward the datagram. When this value expires, the gateway trashes the datagram and sends a message back to the sender notifying the host of the situation.

The traceroute utility also uses the TTL value to discover the path or route to a destination host or network. Upon execution of the traceroute command, the initial ICMP message is sent out with a TTL value of 1 set in the IP header. You can use the traceroute program to determine, or rather trace, the path to a destination. Traceroute accomplishes this by sending a sequence of datagrams with the TTL set to 1, 2, and so on. It then uses the ICMP Time Exceeded messages like a trail of breadcrumbs to trace the routers along the path. We will provide you with examples later in this section.

As you might recall from earlier in this chapter, when a router receives a datagram with a TTL of zero, it trashes the datagram and returns an ICMP time exceeded message to the source. This message allows the host to learn of the first router in the path to the destination. Figure 3.15 shows an ICMP message generated as a result of a TTL expiration.

As shown in the figure, ICMP message type 11 alerts a source host of a TTL expiration. Code 0 identifies the reason for the expiration as time to live being exceeded while the datagram was in transit. This message also includes a copy of the original datagram header that caused the error to assist the source host in correcting the problem. Within the offending header contained within the ICMP message, you can see that the "TTL value = 0 seconds/hops," which is why the original datagram was trashed.

Figure 3.15 The ICMP time exceeded message is sent when the TTL timer expires.

Now the source host sends a new ICMP trace with a TTL value of 2, which allows this datagram to be forwarded by the first router (which decrements the value by one) and reaches the next router in the path with a TTL of one. This router must trash the frame and send back an ICMP time exceeded. This process continues until the path to the destination network or host is fully discovered or deemed unreachable. As you can see, traceroute is another useful troubleshooting tool, typically used in conjunction with other utilities such as the Ping utility to test connectivity between two hosts.


Both the Ping and traceroute utilities can help you when troubleshooting.

Parameter Problem—Type 12

The parameter problem message indicates that a host or gateway received and could not interpret an invalid or misunderstood parameter. A host or gateway also can send this message when no other ICMP message covering the problem can be used to alert the sending host. In this respect, it is a catchall message. In most cases this message indicates some type of implementation error occurred, perhaps because of vendor incompatibility issues. A host or gateway will not send this message unless it trashes the datagram containing the parameter problem.

Two parameter problem error messages can occur:

  1. 0 = IP Header Bad (catchall error0)

  2. A host or gateway sends this error to indicate a general implementation error of an unspecific nature.

  3. 1 = Required Option Missing

  4. The host or gateway expected a specific option, but the sender did not send it.

Timestamp Request and Reply—Types 13 and 14

Timestamp request and reply messages work in tandem. You have the option of using timestamps. When used, a timestamp request permits a system to query another for the current time. It expects a recommended value returned to be the number of milliseconds since midnight, Coordinated Universal Time. This message provides millisecond resolution, considered a beneficial feature when compared to other means of obtaining time from another host who provides resolution in seconds. The two systems compare the three timestamps and use RTT to adjust the sender's or receiver's time if necessary. Note that most systems set the transmit and receive time as the same value.

The process for time resolution goes as follows:

  1. The requestor stamps the originate time and sends the query.

  2. The replying system stamps the receive time when it receives the query.

  3. The replying system stamps the transmit time when it sends the reply to the query.

Information Request and Reply—Types 15 and 16

Although ICMP messages list information request and reply as a potential ICMP message type, they actually do not occur; thus they are obsolete. A host can request information such as to what network it was attached.

Address Mask Request and Reply—Types 17 and 18

Address mask request and reply messages work in tandem. Although we rarely use this message today, its original design supported the function of dynamically obtaining a subnet mask. Hosts can use the ICMP address mask request to acquire subnet masks during bootstrap from a remote host. However, problems can occur when using ICMP to receive a mask if a host gives an incorrect mask from an external source. If the external source does not give a response, the source host must assume a classful mask (that the network is not subnetted).


IP is the workhorse of the Network layer within the TCP/IP suite. All protocols and applications utilize IP for logical Network layer addressing and transmission of datagrams between internet hosts. IP provides an unreliable, connectionless datagram delivery service and uses ICMP to send messages when it encounters an error.

End host and routers use ICMP as a control, messaging, and diagnostic tool. ICMP utilizes IP to deliver its messages and is considered an integral part of IP. ICMP messages notify a host of problems. Although ICMP does not offer a solution to these problems, it can provide enough information for a source host to solve some of the problems that might occur in the internetwork. The most popular ICMP message is the echo request and reply. Utilizing the Ping utility, these messages allow you to test connectivity between end hosts.

InformIT Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from InformIT and its family of brands. I can unsubscribe at any time.


Pearson Education, Inc., 221 River Street, Hoboken, New Jersey 07030, (Pearson) presents this site to provide information about products and services that can be purchased through this site.

This privacy notice provides an overview of our commitment to privacy and describes how we collect, protect, use and share personal information collected through this site. Please note that other Pearson websites and online products and services have their own separate privacy policies.

Collection and Use of Information

To conduct business and deliver products and services, Pearson collects and uses personal information in several ways in connection with this site, including:

Questions and Inquiries

For inquiries and questions, we collect the inquiry or question, together with name, contact details (email address, phone number and mailing address) and any other additional information voluntarily submitted to us through a Contact Us form or an email. We use this information to address the inquiry and respond to the question.

Online Store

For orders and purchases placed through our online store on this site, we collect order details, name, institution name and address (if applicable), email address, phone number, shipping and billing addresses, credit/debit card information, shipping options and any instructions. We use this information to complete transactions, fulfill orders, communicate with individuals placing orders or visiting the online store, and for related purposes.


Pearson may offer opportunities to provide feedback or participate in surveys, including surveys evaluating Pearson products, services or sites. Participation is voluntary. Pearson collects information requested in the survey questions and uses the information to evaluate, support, maintain and improve products, services or sites, develop new products and services, conduct educational research and for other purposes specified in the survey.

Contests and Drawings

Occasionally, we may sponsor a contest or drawing. Participation is optional. Pearson collects name, contact information and other information specified on the entry form for the contest or drawing to conduct the contest or drawing. Pearson may collect additional personal information from the winners of a contest or drawing in order to award the prize and for tax reporting purposes, as required by law.


If you have elected to receive email newsletters or promotional mailings and special offers but want to unsubscribe, simply email information@informit.com.

Service Announcements

On rare occasions it is necessary to send out a strictly service related announcement. For instance, if our service is temporarily suspended for maintenance we might send users an email. Generally, users may not opt-out of these communications, though they can deactivate their account information. However, these communications are not promotional in nature.

Customer Service

We communicate with users on a regular basis to provide requested services and in regard to issues relating to their account we reply via email or phone in accordance with the users' wishes when a user submits their information through our Contact Us form.

Other Collection and Use of Information

Application and System Logs

Pearson automatically collects log data to help ensure the delivery, availability and security of this site. Log data may include technical information about how a user or visitor connected to this site, such as browser type, type of computer/device, operating system, internet service provider and IP address. We use this information for support purposes and to monitor the health of the site, identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents and appropriately scale computing resources.

Web Analytics

Pearson may use third party web trend analytical services, including Google Analytics, to collect visitor information, such as IP addresses, browser types, referring pages, pages visited and time spent on a particular site. While these analytical services collect and report information on an anonymous basis, they may use cookies to gather web trend information. The information gathered may enable Pearson (but not the third party web trend services) to link information with application and system log data. Pearson uses this information for system administration and to identify problems, improve service, detect unauthorized access and fraudulent activity, prevent and respond to security incidents, appropriately scale computing resources and otherwise support and deliver this site and its services.

Cookies and Related Technologies

This site uses cookies and similar technologies to personalize content, measure traffic patterns, control security, track use and access of information on this site, and provide interest-based messages and advertising. Users can manage and block the use of cookies through their browser. Disabling or blocking certain cookies may limit the functionality of this site.

Do Not Track

This site currently does not respond to Do Not Track signals.


Pearson uses appropriate physical, administrative and technical security measures to protect personal information from unauthorized access, use and disclosure.


This site is not directed to children under the age of 13.


Pearson may send or direct marketing communications to users, provided that

  • Pearson will not use personal information collected or processed as a K-12 school service provider for the purpose of directed or targeted advertising.
  • Such marketing is consistent with applicable law and Pearson's legal obligations.
  • Pearson will not knowingly direct or send marketing communications to an individual who has expressed a preference not to receive marketing.
  • Where required by applicable law, express or implied consent to marketing exists and has not been withdrawn.

Pearson may provide personal information to a third party service provider on a restricted basis to provide marketing solely on behalf of Pearson or an affiliate or customer for whom Pearson is a service provider. Marketing preferences may be changed at any time.

Correcting/Updating Personal Information

If a user's personally identifiable information changes (such as your postal address or email address), we provide a way to correct or update that user's personal data provided to us. This can be done on the Account page. If a user no longer desires our service and desires to delete his or her account, please contact us at customer-service@informit.com and we will process the deletion of a user's account.


Users can always make an informed choice as to whether they should proceed with certain services offered by InformIT. If you choose to remove yourself from our mailing list(s) simply visit the following page and uncheck any communication you no longer want to receive: www.informit.com/u.aspx.

Sale of Personal Information

Pearson does not rent or sell personal information in exchange for any payment of money.

While Pearson does not sell personal information, as defined in Nevada law, Nevada residents may email a request for no sale of their personal information to NevadaDesignatedRequest@pearson.com.

Supplemental Privacy Statement for California Residents

California residents should read our Supplemental privacy statement for California residents in conjunction with this Privacy Notice. The Supplemental privacy statement for California residents explains Pearson's commitment to comply with California law and applies to personal information of California residents collected in connection with this site and the Services.

Sharing and Disclosure

Pearson may disclose personal information, as follows:

  • As required by law.
  • With the consent of the individual (or their parent, if the individual is a minor)
  • In response to a subpoena, court order or legal process, to the extent permitted or required by law
  • To protect the security and safety of individuals, data, assets and systems, consistent with applicable law
  • In connection the sale, joint venture or other transfer of some or all of its company or assets, subject to the provisions of this Privacy Notice
  • To investigate or address actual or suspected fraud or other illegal activities
  • To exercise its legal rights, including enforcement of the Terms of Use for this site or another contract
  • To affiliated Pearson companies and other companies and organizations who perform work for Pearson and are obligated to protect the privacy of personal information consistent with this Privacy Notice
  • To a school, organization, company or government agency, where Pearson collects or processes the personal information in a school setting or on behalf of such organization, company or government agency.


This web site contains links to other sites. Please be aware that we are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects Personal Information. This privacy statement applies solely to information collected by this web site.

Requests and Contact

Please contact us about this Privacy Notice or if you have any requests or questions relating to the privacy of your personal information.

Changes to this Privacy Notice

We may revise this Privacy Notice through an updated posting. We will identify the effective date of the revision in the posting. Often, updates are made to provide greater clarity or to comply with changes in regulatory requirements. If the updates involve material changes to the collection, protection, use or disclosure of Personal Information, Pearson will provide notice of the change through a conspicuous notice on this site or other appropriate way. Continued use of the site after the effective date of a posted revision evidences acceptance. Please contact us if you have questions or concerns about the Privacy Notice or any objection to any revisions.

Last Update: November 17, 2020