Ping and ICMP

Ping is a simple utility found across hosts (Windows, Linux, Mac…) and network devices (such as routers).

Ping uses the Internet Control Message Protocol to send an ‘echo request’ to another device. Typically the address of the other device may be given directly as an IP address or as a hostname which the ‘pinger’ tries to resolve to an IP address using DNS.

If a device is configured to respond to pings (echo requests), then it sends an ‘echo reply’ in response.

The ping program then displays information about the responses received such as

  • Size of data received

  • IP Address

  • ICMP Sequence Number

  • Time To Live (TTL) value

  • Round trip time

Ping is a simple but effective tool for testing network connectivity and troubleshooting issues.

ICMP: The Internet Control Message Protocol

ICMP can do a lot more than basic pings. For example, it may be used to share information about a network and attempted connections. RFC 792 defines ICMP.

ICMP is encapsulated directly inside an IP packet and consists of a header and payload. The header consists of:

  • Type (1 byte)

  • Code (1 byte)

  • Checksum (2 bytes)

  • 4 bytes of type-specific header content (or just unused space)

The payload varies depending on the message type.

In theory, there could be up to 255 different types of message, but most of these are deprecated or currently unassigned.

Common ICMP Message Types

Type 0: Echo Request (ping)

Type 3: Destination Unreachable

Type 5: Redirect Message

Type 8: Echo Request (ping reply)


Question 1

What ICMP message type is a ping?

Question 2

What protocol is used by the 'ping' utility?

  1. DHCP

  2. FTP

  3. ICMP

  4. TCP


RFC-792 Internet Control Message Protocol

Internet Engineering Task Force

Prerequisite Skills


How does IPv4 work?

IPv4 Functions IPv4 (Internet Protocol version 4) operates at the Internet layer in the TCP stack (or layer 3 in the OSI model). It has two…


DNS: The Domain Name System

DNS is what allows us to type instead of using an IP address. Think how difficult browsing the web would be if you had to…

Follow On Cyber Learning


Access Control Lists for Beginners

Access control lists (ACLs) provide a simple but effective layer of security in modern networks.


How does traceroute work?

The traceroute command is useful tool installed on hosts and network devices for troubleshooting networking issues by tracing the route of a packet across a network.


Using tcpdump: Options, Filters and Examples

'tcpdump' is a command-line tool available for UNIX based systems (including macOS and Linux) that captures network traffic and displays it on screen or saves it to a file. It is a simple but powerful tool for troubleshooting network problems, understanding protocols, investigating suspicious network activity, and much more.

Related Training Courses


Computer Networking Foundations

Understand how modern computer networks work.