From Network Security Wiki


Type Code Checksum
Rest of Header


Notable control messages
Type Code Description
0 – Echo Reply 0 Echo reply (used to Ping)
3 – Destination Unreachable 0 Destination network unreachable
1 Destination host unreachable
2 Destination protocol unreachable
3 Destination port unreachable
4 Fragmentation required, and DF flag set[1]
6 Destination network unknown
7 Destination host unknown
9 Network administratively prohibited
10 Host administratively prohibited
13 Communication administratively prohibited
8 – Echo Request 0 Echo request (used to ping)
11 – Time Exceeded 0 TTL expired in transit
1 Fragment reassembly time exceeded
13 – Timestamp 0 Timestamp
14 – Timestamp Reply 0 Timestamp reply


  • IP address is unconfigured:
Reply from Destination host unreachable
  • Ping disabled on host:
Request timed out
  • Router performs ICMP rate limiting:
U.U.U ping response

Path MTU Discovery[1]

  • RFC 1191 defines path MTU discovery = process to detect smaller MTU to a destination
  • Two key components:
Don't Fragment (DF) bit of the IP header
A subcode of the ICMP Destination Unreachable message - Fragmentation Needed
  • Setting DF bit in IP packet prevents a Router from fragmenting a packet larger than MTU
  • Packet is discarded and an ICMP Fragmentation Needed message is sent
  • RFC 1191 expands the Fragmentation Needed message to include the MTU of the link requiring fragmentation
  • Path MTU discovery is continuous process & can detect increase or decrease in MTU
tracepath -n
mturoute (Windows)
  • A Fragmentation Needed message can be seen in packet #6 of this packet capture:



Source: Packetlife.net

  • Works by sequentially incrementing the TTL of UDP packets in Linux/Unix.
  • Sending ICMP packets in Linux requires raw sockets and thus needs root privileges.
  • It uses ICMP on Windows.
  • All hops return a "TTL exceeded in transit" message
  • Last hop should return a "destination unreachable/port unreachable" message
  • UDP traceroute packets are sent to a pseudorandom high port on which the end host is not likely to be listening

Traceroute PCAP


  1. 1.0 1.1 1.2 AVI Networks

{{#widget:DISQUS |id=networkm |uniqid=ICMP |url=https://aman.awiki.org/wiki/ICMP }}