ICMP

ICMP, or the Internet Control Message Protocol, is a tool used by devices on a network to find and fix problems with communication. It helps devices like routers make sure data reaches where it should on time.

What is ICMP?

ICMP, or the Internet Control Message Protocol, is a network layer protocol employed by network gadgets to troubleshoot network communication complications. Devices such as routers widely utilize ICMP to track data’s timely arrival to its identified destination. It is crucial for error notification and system testing, but bad actors are also known to use ICMP in distributed denial-of-service (DDoS) attacks.

How does the Internet Control Message Protocol work?

ICMP operates slightly differently than the Internet Protocol (IP). It isn’t linked with a transport layer protocol like TCP or UDP, which makes ICMP a connectionless protocol. Before sending an ICMP message, a device doesn’t need to establish a connection with another device. Normal IP traffic employs TCP, which implies that devices exchanging data will initially perform a TCP handshake to confirm readiness to receive data, a step exempted by ICMP operations. Likewise, ICMP protocol won’t allow targeting a specific device port.

What can I use ICMP for?

ICMP is primarily used for error notification. Whenever devices connect over the internet and the data don’t reach its desired endpoint, ICMP generates error notifications to inform the sending device. For instance, a router will discard an oversized data packet, triggering an ICMP message reflecting this issue back to the source.

Another key ICMP function is network diagnostics. Familiar terminal tools used for this purpose are traceroute and ping, both of which are ICMP based. Traceroute displays the routing path between two internet devices, marking the physical route of connected routers that an internet request has to traverse to reach its final point. The travel between two routers, known as a “hop,” is noted within a traceroute, alongside the time each hop took, useful for pinpointing network delays.

Ping serves as a streamlined version of traceroute; it measures the connection speed between two devices and states the exact time a data packet takes to reach its receiver and return. Despite not offering data about routing or hops like traceroute, its effectiveness in estimating device latency justifies its use. ICMP echo-request and echo-reply messages are typically employed in a ping operation.

Attackers can manipulate these procedures to disrupt networks with ICMP flood attacks and ping of death attacks.

What is an ICMP packet?

An ICMP packet, which adopts the ICMP protocol, appends an ICMP header after a conventional IP header. In the case of routers or servers needing to transmit an error message, the ICMP packet’s body or data section continuously holds a copy of the IP header from the packet that induced the error.

How do attackers use ICMP to DDoS?

On Jennifer’s side, her device receives the series of 1s and 0s, and these data move up through the OSI Model layers in reverse:

Hence, through the OSI Model, Peter and Jennifer are able to share photos or any data seamlessly across different networks, ensuring both the security and integrity of the data transmitted.