Internet Control Message Protocol (ICMP) is a network-layer protocol used by network utility applications and network devices. ICMP sends diagnostic and error information to identify communication success or failure between IP hosts. An ICMP message includes header and data sections.

ICMP conveys information about other flows. It does not carry data that needs reassembly, nor does it require target-based binding.

The stream_icmp inspector defines ICMP flow tracking. For pings, the inspector provides basic flow tracking through the source and destination IP address fields and the port fields in the ICMP header. For unreachable destinations, the inspector analyzes the original IP addresses and transport ports, then it updates the session's state. The port_scan inspector can use the unreachable host and port, if available.

Consider the following best practices when you configure the stream_icmp inspector:

• Create a stream_icmp inspector for each session timeout that you want to apply to a host or network. The stream_icmp inspector associates the session_timeout with the ICMP hosts or networks defined in the binder inspector.

  You can have multiple versions of the stream_icmp inspector in the same network analysis policy (NAP).