Networking Technology: ICMP

ICMP stands for Internet Control Message Protocol and it is an error-reporting protocol. Since IP itself is not capable of sending error control messages, it relies on ICMP to perform this duty diligently. ICMP is used to determine whether data is reaching an intended destination on time or not. Commonly, ICMP is used on main network devices like internet routers.

Uses of ICMP

 As mentioned before, the main function of ICMP is error-reporting. Imagine two devices connecting over the internet. ICMP is the guiding light under which the sending device receives errors if any data did not reach the intended recipient.

Another use of ICMP is to look at network diagnostics, where ping and traceroute utility both use ICMP. Traceroute utility highlights the path between two internet devices. The journey between these two routers is called a ‘hop’. Traceroute utility also reports the time required by each hop on its way. The timing is useful when predicting network delays.

Ping utility on the other hand is a simplified version of traceroute utility that measures the connection speed between two devices. Ping does not provide any data on the hops or routes, but it is extremely beneficial to measure the latency of connection between two devices. Unfortunately, cyber miscreants can exploit this process and because what is known as ICMP Flooding or Ping of Death attacks.

Common ICMP Messages

Here are some common messages exchanged by the ICMP:

  • Echo Request: when testing the connectivity between two devices, ICMP is often used. You can use Ping to check the connectivity from a device with another device. The Ping command is run using the internet control message protocol. Ping command requests the destination device to respond back with the dataset. Ping uses ICMP Echo Request and Echo Reply
  • ICMP Redirect: ICMP redirect messages let a router redirect the traffic through another router when the intended route is not optimum.
  • ICMP Source Quench: if one device is sending a large amount of data to a remote device, the data volume will be high. The router then sends a Quench message to IPv4 and asks it to slow down the rate of data.
  • ICMP Destination Unreachable: if a router cannot deliver a datagram, ICMP runs a Destination Unreachable message to the IPv4 address.
  • ICMP Time Exceeded: if an IPv4 datagaram is discarded, ICMP sends this message to the source. This also happens when datagrams start looping between two routers without landing at the destination.

ICMP Tunnel

Did you know that routers only analyze the ICMP packet’s headers? This includes the UDP/TCP header that may be the source of ICMP data. As a result, normal packets with plenty of data would go through as long as they contain an ICMP section. This is referred to as an ICMP tunnel, which can be modified to conduct a network hack. Fortunately, these tunnels can be blocked by IDS or by killing all ICMP activity at network gateways

Conclusion

Overall, ICMP is a useful mechanism for transmission failure analysis and reporting. It’s also one of the most robust tools in a network administrator’s toolkit. The fact that it’s free and automatically deployed on any network-connected device makes it all more useful for system administrators.