Sometimes the Internet Control Message Protocol might not look very helpful when you’re trying to troubleshoot issues. However ICMP contains a lot of different message types and lots of them are in fact extremely useful for both troubleshooting and general network management tasks. Obviously the most used and famous command in ping which is focussed on using ICMP echo and reply messages. Closely followed by the Traceroute command which uses ICMP traceroute and time-exceeded messages for monitoring things like hop count. There are actually many more messages and although some are seldom seens and perhaps of little practical use, many more can give valuable insight into network issues.
Here are some of the common ICMP messages that you are likely to see:
ICMP Unreachable: When an IP host generates this message it does not have a valid route to the requested host, port, protocol or network. There are in fact several of these messages which all have slightly different meanings. For example routers can generate these messages if a firewall or access control list is denying access to a route or resource. Although these messages are useful for troubleshooting you should consider the security implications of them. There can be a lot of information contained in the messages including host addresses embedded in replies. On routers you can usually filter these messages by using the no ip unreachables command on the interface.
ICMP Redirects When a router generates a ICMP redirect it means that the packet received on a specific interface has a destination address on the same interface. Any router that receives redirect messages can use this information to update their routing tables appropriately. One of the most common uses for the ICMP redirect messages are to detect routing loops. There is also a command for suppressing these messages – no ip redirects command on the interface. Some of Cisco’s routing protocols like HSRP automatically suppresses these messages.
ICMP Source Quench – These messages are primarily a means of providing ICMP congestion control. When a router detects any congestion because packets are being dropped it will issue this message back to the source of the packets. This message is useful for troubleshooting general networking issues plus for specific problems. They are useful in determining specific problems consider a client trying to access a certain site – perhaps trying to stream BBC news abroad and finding it blocked. Using these message you can rule out any network problems and you can actually see that the reason is the BBC using region locking to block access from VPNs and specific IP addresses.
So don’t think that you’re restricted to simple traceroute messages and using ping. These are only a few of the messages that ICMP can supply, there are many more. It’s important to remember when using any of these messages to troubleshoot to think of the context when you look at them. Think carefully about the route, especially when you’re looking at connections which originate or terminate across the internet. It’s also useful to examine the protocol involved in any other data for example if you buy proxies and they’re not accessible or functioning. Most of these proxies merely tunnel applications through them so they are difficult to identify as the source.