---

---

ICMP Usage in Scanning 40 Copyright Ó Ofir Arkin, 2000 http://www.sys-security.com A.1 ICMP Messages ICMP messages are sent in IP datagrams. The protocol number will be always one (ICMP), and the Type-of-Service will be zero. The IP data field will contain the actual ICMP message: 4 bit Version 4 bit Header Length 8-bit type of service (TOS)=0 16-bit total length ( in bytes ) 16-bit identification 3 bit Flags 13-bit Fragment Offset 8-bit time to live ( TTL ) 8-bit protocol=1 (ICMP) 16-bit header checksum 32-bit source IP address Options ( if any ) 32-bit destination IP address Type Code Checksum 20 bytes 4 bytes ICMP data (depending on the type of message) IP Data Field 0 8 16 31 4 Figure 10: ICMP Message Format ICMP error message length Every ICMP error message includes the Internet (IP) Header and at least the first 8 data octets (bytes) of the datagram that triggered the error; more than 8 octets (bytes) may be sent; this header and data must be unchanged from the received datagram. The TYPE field specifies the type of the message, while the error code for the datagram reported on by this ICMP message is contained in the CODE field. The code interpretation is dependent upon the message type.