What are the minimum and maximum sizes of an ICMP packet?
The minimum size of any ICMP packet, or message, is much lower than the minimum Ethernet frame size on an Ethernet network, which is 64 bytes. Because of this imposed requirement, and that fact that almost all ICMP headers are only 20 bytes in length, the rest is additional overhead from the third and second OSI Layers. This overhead includes destination and source IP addresses, various IP flags and, lastly, the destination and source Mac address. These all together, along with a bit of padding that occurs, helps bring the total frame site to its minimum length, which as we said is 64 bytes.
Effectively, you could say that the smallest ICMP Packet is 64 bytes, while the largest size is usually found in the reply messages where the original IP and ICMP header is added to the reply, increasing its size to 76 bytes – under normal circumstances.
It's quite important to note that at this point it is possible to create an ICMP packet with a much larger size, and this is used today in flooding attempts, where a host is constantly bombarded with large ICMP packets, causing network problems to the host who will eventually drop offline! These attacks are well known as "ping floods" and are popular on IRC servers.
In closing, if you would like to find out detailed information about the ICMP structure,
messages and other options the protocol supports, you can visit Firewall.cx where the protocol is covered in great detail.
This was first published in June 2004