• Articles
  • Tutorials
  • Interview Questions

What is ICMP (Internet Control Message Protocol)?

What is ICMP (Internet Control Message Protocol)?

Table of content

Show More

ICMP

ICMP is an assisting protocol in the Internet protocol suite that network devices frequently use to send errors as well as other relevant information.

Well, this is just the definition, Read on to find out more about ICMP in detail!

Check out our free Cyber Security Course on our YouTube Channel and start learning today!

Video Thumbnail

What is ICMP?

ICMP is part of the TCP/IP protocol stack. It is an error message protocol that integrates the basic Internet Protocol and is situated on the Internet Layer. The first interpretation of ICMP was written by Jon Postel, one of the internet’s pioneers.

When network issues block IP packet delivery, network devices such as routers deliver error messages to the source IP address using ICMP (Internet Control Message Protocol). ICMP generates and transmits information to the source IP address notifying it that a packet transmission internet gateway, such as a router, service, or host, is down. Any IP network device can send, accept, and process ICMP messages.

Purpose of ICMP

IP lacks a built-in mechanism for sending control and error messages. That is why a protocol such as ICMP is required. In practical terms, ICMP provides error control and is frequently used to report errors, and send strategic queries, and operations details.

To send error messages, network devices such as routers must use ICMP. As a result, ICMP is regarded as an assisting protocol.

Although the lower Internet Layer does not have to be involved with connection affirmation, ICMP is critical for valuable feedback when issues arise.

They intend to disrupt the usual network performance. They launch a variety of attacks, including an ICMP flood, a Smurf attack, and a Ping of death attack. Intruders are focused to dominate the victim and disable standard connectivity.

EPGC in Cyber Security and Ethical Hacking

ICMP Flood Attack

ICMP Flood Attack

A ping flood, also known as an ICMP flood, occurs when an attacker attempts to flood a targeted device with ICMP echo-request packets. Each packet must be processed and responded to by the target, consuming computing resources until authorized customers are unable to receive service.

Ping of Death Attack

A ping of death attack takes place when an attacker sends a ping to a targeted machine that is larger than the maximum allowable size for a packet, causing the device to freeze or collapse.

Smurf Attack

The attacker uses a fake website source IP address to send an ICMP packet in a Smurf attack. Networking equipment responds to the packet by sending responses to the fake IP address and bombarding the victim with undesired ICMP packets. The Smurf attack, like the ‘ping of death,’ is only possible with prestige equipment today.

It is used to predict network performance. It is operated and used by two well-known utilities, Traceroute and Ping. They both deliver texts indicating whether or not the data was successfully transmitted.

The Traceroute command is useful for depicting and explaining the routing route taken by two different Internet devices. It displays the physical path of linked routers that manage and transfer the proposal until it reaches its final destination. Each journey from one router to another is referred to as a “hop.” The Traceroute command also displays the time it took for each hop along the way. This type of data is remarkably useful for determining which network points along the route are causing disruption.

This type of data is remarkably useful for determining which network points along the route are causing disruption.

The Ping command is similar but slightly simpler. It measures the speed of a connection between two points, and the report shows how long it takes a packet of data to reach its destination and return to the user’s device. Even though the Ping command does not offer additional information about routing or hops, it is a very useful tool for determining the lag between two points.

How does ICMP Work?

ICMP is a connectionless protocol, which denotes that the transmitter does not need to establish a connection with the receiver before transmitting the information. This is why it varies from TCP, for example, where a link between two devices is required. A message can only be sent when both devices are ready via a TCP handshake.

All ICMP messages are forwarded as datagrams with an IP header containing the ICMP data. Each datagram is a self-contained, data-independent entity. Consider it a packet that transports a fraction of a larger message all over the network. IP packets with ICMP in the IP data part are referred to as ICMP packets.

ICMP messages contain the entire IP header from the original message. As a result, the target system knows which specific packet failed.

What is ICMP Port?

As previously stated, the Internet Control Message Protocol is an element of the Internet protocol suite, also widely recognized as the TCP/IP protocol suite. That is, it is limited to the Internet Layer. Only at the Transport Layer, the layer above, do port numbers appear to be discovered.

The Internet Control Message Protocol (ICMP) does not use ports like TCP and UDP, however, it does use types and codes. The ICMP types echo request and echo reply (used for Ping) are commonly used, and TTL (time-to-live) is exceeded in transit (used for Traceroute).

Get 100% Hike!

Master Most in Demand Skills Now!

Limitations of ICMP

Limitations of ICMP

The two significant disadvantages of Internet protocol are listed below. To properly understand the ICMP requirements, you must first understand these limitations.

  • No Error Reporting
  • No Communication

No Error Reporting

If the router discards a data transmission, it could be due to an error; however, there is no mechanism in the internet protocol that allows the sender to be notified of this error.

Assume that the lifetime of a data packet is completed while traveling over the internet, and the value of the time to live field in the data packet has become zero; in this case, the data packet will be discarded.

No Communication

It is common for one device to need to interact with another, in which case Internet Protocol lacks a process for devices to share information.

            For Example:

Before transferring the data, the host should determine whether the destination is still alive or not.

Conclusion

The Internet Control Message Protocol (ICMP) is a fantastic network layer protocol that permits devices to inform errors and improve interactions. Furthermore, it is an excellent network diagnostic tool. It is not surprising that many administrators use it daily to develop a better understanding of their network using popular utilities like Ping and Traceroute.

Course Schedule

Name Date Details
Cyber Security Course 30 Nov 2024(Sat-Sun) Weekend Batch View Details
07 Dec 2024(Sat-Sun) Weekend Batch
14 Dec 2024(Sat-Sun) Weekend Batch

About the Author

Lead Penetration Tester

Shivanshu is a distinguished cybersecurity expert and Penetration tester. He specialises in identifying vulnerabilities and securing critical systems against cyber threats. Shivanshu has a deep knowledge of tools like Metasploit, Burp Suite, and Wireshark.