ICMP Message Definitions for Isolating Network Connectivity Issues
Article ID: 414253
Updated On:
Products
Issue/Introduction
- ICMP is utilized by PING, MTR, and Traceroute. These are the primary tools for network diagnostics for connectivity and performance.
- ICMP used as a network troubleshooting utility provides the following data:
- Report errors regarding the processing of datagrams
- Provide network latency information
- Basic point to point connectivity
- MTU checking by adjusting the size of the ICMP packet
- Examples of when to employ these tools:
- Reports indicate inconsistent connectivity between single or multiple sources and destinations.
- When a source cannot reach a valid destination.
- The expected performance between a source and destination is found under performing.
- Discovering what network devices a specific packet traverses along its data path to a specific destination.
- Validation of new data paths.
Environment
- VMware vSphere ESXi
- VMware NSX
Resolution
- The ICMP packet format contains valuable information.
- The two fields Type and Code, provide details describing the ICMP message.
- The tables below are the common Types and Codes that will be most useful.
- ICMP error messages are used to report non-transient delivery problems.
- ICMP provides two sets of error messages: one for IPv4 and another for IPv6.
- The following table lists all ICMP error messages.
- Only IPv4 will be focused on in this article. IPV6 has similar messaging which can be referenced here ICMPv6.
Message types
| ICMP message type | Description | Codes | IP Version |
| 3 | Destination Unreachable | 0 - 15 | IPv4 |
| 5 | Redirect | 0 - 3 | IPv4 |
| 11 | Time Exceeded | 0 - 1 | IPv4 |
| 12 | Parameter Problem | 0 -2 | IPv4 |
| 4 | Source Quench (Deprecated) | NA | IPv4 |
| 1 | Destination Unreachable | 0 - 8 | IPv6 |
| 2 | Packet Too Big | 0 | IPv6 |
| 3 | Time Exceeded | 0 - 1 | IPv6 |
| 4 | Parameter Problem | 0 - 10 | IPv6 |
Destination unreachable
The Destination Unreachable message indicates that the destination host, network, or port number that is specified in the IP packet is unreachable. This could happen due to a many reasons such as the destination host device is down, an intermediate router is unable to find a path to forward the packet, and a firewall is configured to block connections from the source of the packet.
| Code | Description |
| 0 | Net Unreachable |
| 1 | Host Unreachable |
| 2 | Protocol Unreachable |
| 3 | Port Unreachable |
| 4 | Fragmentation Needed and Don't Fragment was Set |
| 5 | Source Route Failed |
| 6 | Destination Network Unknown |
| 7 | Destination Host Unknown |
| 8 | Source Host Isolated (obsolete) |
| 9 | Communication with Destination Network is Administratively Prohibited (obsolete) |
| 10 | Communication with Destination Host is Administratively Prohibited (obsolete) |
| 11 | Destination Network Unreachable for Type of Service |
| 12 | Destination Host Unreachable for Type of Service |
| 13 | Communication Administratively Prohibited |
| 14 | Host Precedence Violation |
| 15 | Precedence cutoff in effect |
Redirect
The Redirect message is used when a router needs to tell a sender that it should use a different path for a particular destination. Usually, it happens when the router knows a shorter path to the destination.
This error message has four sub-types. From them, two have been depreciated. The following lists all sub-types and their meanings.
| Code | Meaning |
| 0 | Redirect for Destination Network (deprecated) |
| 1 | Redirect for Destination Host |
| 2 | Redirect for Destination Network Based on Type-of-Service (deprecated) |
| 3 | Redirect for Destination Host Based on Type-of-Service |
Time Exceeded
The Time Exceeded message indicates that the Time-To-Live value of the datagram has reached zero, but the datagram has not yet reached the final destination. A destination system can also send this error when it does not receive all fragments of an IP datagram within the allotted time.
There are two sub-types of this error message. Both are listed in the following table.
| Code | Meaning |
| 0 | Time-to-Live Exceeded in Transit |
| 1 | Fragment Reassembly Time Exceeded |
Parameter Problem
If a device finds a problem that is not covered in any ICMP message type, it sends a parameter problem message to the sender. In IPv4 network, usually it occurs when arguments to an option are incorrect.
| Code | Description | IP version |
| 0 | Pointer indicates the error | IPv4 |
| 1 | Missing a Required Option | IPv4 |
| 2 | Bad Length | IPv4 |
| 10 | Option too big |
Analyzing ICMP Packets Using WireShark
ICMP packet information is found under the "Internet Protocol Version" section of the packet when viewed in Wireshark.
A closer look into the ICMP packet shows pertinent data that can be used of analysis.
Every ICMP request will have an ICMP reply when successful. Both will share the same sequence number.
Verifying latency on the network using data from ICMP ping responses.
The above example shows there is a latency of around 33 milliseconds per ICMP pair and a couple of outliers of 40 milliseconds.
These are just a few troubleshooting methods utilizing ICMP, Ping, Traceroute, and MTR, along with packet captures to isolate networking issue.
The reference for producing packet captures using the pktcap-uw command on an ESXi server is Packet capture on ESXi using the pktcap-uw tool
Feedback
