ICMP - secuguru/security-terms GitHub Wiki

ICMP (Internet Control Message Protocol) is a network layer protocol used for sending diagnostic and error messages within a network. ICMP helps devices on the internet communicate issues related to packet delivery, such as unreachable hosts, timeouts, or route changes. Unlike TCP or UDP, ICMP is not used for transmitting data but for reporting errors and performing network diagnostics.

Key Functions of ICMP:

  1. Error Reporting: ICMP informs the sender when packets cannot reach their destination due to issues like routing errors, unreachable networks, or the TTL (Time to Live) limit being exceeded.
  2. Network Diagnostics: It is used in diagnostic tools like Ping and Traceroute, which help network administrators troubleshoot connectivity issues.

Ping and ICMP:

  • Ping is a widely used diagnostic tool that sends ICMP Echo Request packets to a destination host and waits for an ICMP Echo Reply. The main purpose of Ping is to check whether a host is reachable and to measure round-trip time (latency).
  • If the destination responds with an ICMP Echo Reply, it means the host is reachable, and the Ping output will include details about the round-trip time and packet loss, if any.
  • If no reply is received, it could indicate that the host is down, unreachable, or that ICMP traffic is blocked by a firewall.

Traceroute and ICMP:

  • Traceroute is a network diagnostic tool that uses ICMP Time Exceeded messages to trace the path packets take from the source to the destination across multiple routers. The purpose of Traceroute is to identify each hop along the route and determine how long it takes for a packet to reach each router.
  • Traceroute works by sending packets with a low TTL (starting with 1), which is incremented with each successive packet. When a packet’s TTL expires at a router, the router sends an ICMP Time Exceeded message back to the source, revealing its IP address.
  • This process continues until the packet reaches the destination, allowing Traceroute to map the entire path and report the latency for each hop.

Summary:

  • ICMP is used for error reporting and diagnostics in a network.
  • Ping uses ICMP Echo Request and Echo Reply messages to test connectivity and measure response times.
  • Traceroute uses ICMP Time Exceeded messages to trace the path packets take to their destination, identifying the routers they pass through and the latency at each hop.

ICMP is essential for troubleshooting network issues, but it is often blocked by firewalls for security reasons, as it can be used in attacks like ping floods or network reconnaissance.