ICMP

ICMP is how network devices communicate about network conditions rather than carrying application data. It reports errors (destination unreachable, time exceeded, fragmentation needed) and supports diagnostic tools.

Ping

Ping uses ICMP Echo Request and Echo Reply messages to test reachability and measure round-trip time. Type ping 8.8.8.8 and you're sending ICMP Echo Requests to Google's DNS server and measuring how long replies take. It's the most basic and universal network diagnostic tool.

Traceroute

Traceroute uses ICMP Time Exceeded messages to map the path packets take across the network. It sends packets with increasing TTL values, causing each router in the path to respond when it decrements TTL to zero. The result is a hop-by-hop map of the route with latency at each hop.

Blocking ICMP

Some security policies block ICMP at the firewall, reasoning that ICMP reveals network topology. This breaks ping and traceroute diagnostics and should be approached carefully — ICMP is too useful for troubleshooting to block entirely. Blocking inbound ICMP to sensitive hosts while allowing outbound and internal ICMP is a more practical policy.