ICMP & ICMPv6: Common Types
Practical guide to ICMP and ICMPv6 message types and codes you'll encounter in real network troubleshooting.
What is ICMP?
ICMP (Internet Control Message Protocol) is used by network devices to send error messages and operational information. It's not used for data transfer, but rather for network diagnostics and error reporting. ICMPv6 serves the same purpose for IPv6 networks, but also handles additional functions like Neighbor Discovery that ARP handles in IPv4.
Common ICMPv4 Types
Type 0: Echo Reply
Description: Response to ping request
Common Use: Ping response - confirms host is reachable
Example: When you ping 8.8.8.8 and get a response back
Troubleshooting: No reply = host down, filtered, or network issue
Type 3: Destination Unreachable
Description: Cannot reach the destination
Common Use: Various network connectivity problems
Example: Host unreachable, port unreachable, network unreachable
Troubleshooting: Check routing, firewall rules, and destination status
Common Codes:
- Code 0: Network Unreachable
- Code 1: Host Unreachable
- Code 2: Protocol Unreachable
- Code 3: Port Unreachable
- Code 4: Fragmentation Needed (MTU)
- Code 13: Communication Prohibited (Firewall)
Type 5: Redirect
Description: Suggests better route to destination
Common Use: Router tells host about better path
Example: Default gateway redirects to more specific router
Troubleshooting: Often disabled for security reasons
Type 8: Echo Request
Description: Ping request message
Common Use: Testing connectivity with ping command
Example: ping 192.168.1.1 sends ICMP type 8
Troubleshooting: Most common diagnostic tool for connectivity
Type 11: Time Exceeded
Description: TTL expired or fragment reassembly timeout
Common Use: Traceroute functionality and loop detection
Example: Each hop in traceroute sends Time Exceeded
Troubleshooting: Indicates routing loops or excessive hop counts
Common Codes:
- Code 0: TTL Expired in Transit
- Code 1: Fragment Reassembly Time Exceeded
Type 12: Parameter Problem
Description: Invalid IP header or required option missing
Common Use: Malformed packets or unsupported options
Example: Bad IP header length or unknown IP option
Troubleshooting: Usually indicates software bugs or attacks
Common ICMPv6 Types
Type 1: Destination Unreachable
Description: Cannot reach IPv6 destination
Common Use: IPv6 connectivity problems
Example: No route to destination, port unreachable
Troubleshooting: Similar to ICMPv4 type 3
Common Codes:
- Code 0: No Route to Destination
- Code 1: Communication Prohibited
- Code 3: Address Unreachable
- Code 4: Port Unreachable
Type 2: Packet Too Big
Description: Packet exceeds link MTU
Common Use: Path MTU discovery for IPv6
Example: Router can't forward large packet
Troubleshooting: Check MTU settings along path
Type 3: Time Exceeded
Description: Hop limit exceeded
Common Use: IPv6 traceroute and loop detection
Example: IPv6 equivalent of ICMPv4 type 11
Troubleshooting: Routing loops or too many hops
Type 128: Echo Request
Description: IPv6 ping request
Common Use: Testing IPv6 connectivity
Example: ping6 2001:db8::1
Troubleshooting: Primary IPv6 connectivity test
Type 129: Echo Reply
Description: IPv6 ping response
Common Use: Response to IPv6 ping
Example: Confirms IPv6 host is reachable
Troubleshooting: No reply indicates IPv6 connectivity issues
Type 133: Router Solicitation (RS)
Description: Request for router advertisements
Common Use: Host discovering IPv6 routers
Example: New host joining IPv6 network
Troubleshooting: Part of IPv6 address autoconfiguration
Type 134: Router Advertisement (RA)
Description: Router announcing its presence and prefixes
Common Use: IPv6 address autoconfiguration
Example: Router tells hosts about available prefixes
Troubleshooting: Critical for SLAAC and IPv6 operation
Type 135: Neighbor Solicitation (NS)
Description: IPv6 equivalent of ARP request
Common Use: Finding MAC address for IPv6 address
Example: Resolving link-layer address
Troubleshooting: Part of Neighbor Discovery Protocol
Type 136: Neighbor Advertisement (NA)
Description: IPv6 equivalent of ARP reply
Common Use: Responding with MAC address
Example: Response to Neighbor Solicitation
Troubleshooting: Confirms neighbor reachability
Practical Troubleshooting Scenarios
Ping Not Working
ICMP Types Involved: Type 8 (Echo Request), Type 0 (Echo Reply)
What to Check:
- Is ICMP type 8 being sent?
- Is ICMP type 0 coming back?
- Are firewalls blocking ICMP?
- Check destination host status
Common Causes: Firewall blocking ICMP, Host down, Network congestion
Traceroute Shows * * *
ICMP Types Involved: Type 11 (Time Exceeded)
What to Check:
- Are routers sending Time Exceeded?
- Firewall blocking ICMP type 11?
- Router configured to not send ICMP?
Common Causes: ICMP rate limiting, Security policy, Router misconfiguration
Large Files Won't Transfer
ICMP Types Involved: Type 3 Code 4 (Fragmentation Needed), ICMPv6 Type 2 (Packet Too Big)
What to Check:
- Path MTU discovery working?
- ICMP being filtered by firewall?
- MSS clamping configured?
Common Causes: Firewall blocking ICMP, MTU mismatch, Fragmentation issues
IPv6 Address Not Working
ICMP Types Involved: Type 135/136 (Neighbor Discovery), Type 133/134 (Router Discovery)
What to Check:
- Router Advertisements being sent?
- Neighbor Discovery working?
- IPv6 enabled on all devices?
Common Causes: No IPv6 router, NDP filtering, IPv6 disabled
Common ICMP Filtering Issues
Firewall Blocks All ICMP
Problem: Breaks ping, traceroute, and Path MTU Discovery
Solution: Allow specific ICMP types (0, 3, 8, 11) instead of blocking all
Recommendation: Never block ICMP types 3 and 11 completely
Router Drops ICMP Due to Rate Limiting
Problem: Intermittent ping/traceroute failures
Solution: Adjust ICMP rate limiting thresholds
Recommendation: Configure reasonable rate limits, not zero
IPv6 NDP Messages Filtered
Problem: IPv6 connectivity completely broken
Solution: Allow ICMPv6 types 133-137 on local network
Recommendation: Critical for IPv6 operation - never filter on LAN
Troubleshooting Commands
| Command | Purpose | ICMP Type Used |
|---|---|---|
ping 8.8.8.8 | Test IPv4 connectivity with ICMP Echo | Type 8 (request) and Type 0 (reply) |
ping6 2001:db8::1 | Test IPv6 connectivity | Type 128 (request) and Type 129 (reply) |
traceroute 8.8.8.8 | Show path using ICMP Time Exceeded | Type 11 (Time Exceeded responses) |
traceroute6 ipv6.google.com | IPv6 path tracing | Type 3 (Time Exceeded) |
tcpdump -i eth0 icmp | Capture ICMP traffic for analysis | All ICMP types |
wireshark (filter: icmp or icmpv6) | Detailed ICMP packet analysis | All ICMP and ICMPv6 types |
Best Practices for ICMP
- Allow ICMP types 0, 3, 8, 11 through firewalls
- For IPv6, allow ICMPv6 types 1, 2, 3, 128, 129, 133-137
- Use ICMP rate limiting instead of complete blocking
- Monitor ICMP traffic for network health
- Don't filter ICMP on internal networks
- Log ICMP messages for troubleshooting purposes
ICMP Quick Reference
Always Allow These
ICMP Type 0 - Echo Reply (ping responses)
ICMP Type 3 - Destination Unreachable
ICMP Type 8 - Echo Request (ping)
ICMP Type 11 - Time Exceeded (traceroute)
ICMPv6 Type 1 - Destination Unreachable
ICMPv6 Type 2 - Packet Too Big (MTU)
ICMPv6 Type 128/129 - Echo Request/Reply
ICMPv6 Type 133-137 - Neighbor Discovery
Never Filter These
ICMP Type 3 Code 4 (Fragmentation Needed)
ICMPv6 Type 2 (Packet Too Big)
ICMPv6 Types 135/136 (Neighbor Discovery on LAN)
Critical for proper network operation
Common Mistakes to Avoid
Don't Do These
Blocking all ICMP types (breaks PMTU discovery)
Filtering ICMPv6 Neighbor Discovery on LANs
Not understanding the difference between ICMP filtering and rate limiting
Blocking ICMP for security without considering operational impact
Forgetting that some applications depend on specific ICMP messages
Security vs Functionality
Don't block all ICMP for security. Instead, use rate limiting and allow essential types. Blocking ICMP
completely breaks critical network functions like Path MTU Discovery and IPv6 Neighbor Discovery.