Table of contents
1.
Introduction
2.
What is the Internet Control Message Protocol (ICMP)?
3.
Uses of ICMP
4.
How Does ICMP Work?
5.
ICMP Message Format
6.
ICMP in DDoS Attacks
7.
Types of ICMP Messages
7.1.
Source Quench Message
7.2.
Parameter Problem
7.3.
Destination Unreachable
7.4.
Redirection Message
8.
ICMP and Network Security
9.
Frequently Asked Questions
9.1.
What is ICMP Protocol used for?
9.2.
What is the ICMP protocol?
9.3.
Is ICMP a TCP or UDP protocol?
9.4.
Is ICMP used in ping?
10.
Conclusion
Last Updated: Mar 27, 2024
Medium

Internet Control Message Protocol (ICMP)

Author Gaurav Singh
0 upvote
Career growth poll
Do you think IIT Guwahati certified course can help you in your career?

Introduction

ICMP stands for Internet Control Message Protocol and is a network layer protocol. It is very important to understand ICMP protocols because it is important to understand Network Communication, Troubleshoot Network Issues, if any, improve Network Security, etc.

icmp protocol

In this blog, we will learn about the ICMP protocols, its types, its uses and applications. We will also understand about the format of the ICMP Protocols, and its application in Network Security.

Also See, Digital Subscriber Line

What is the Internet Control Message Protocol (ICMP)?

ICMP protocols are there to handle error reporting. Let's suppose on the internet, there are two devices that are connected to each other. So if one device tries to send a message/data to another device, but the data is not sent to the intended location/destination. Thus, at this event, an ICMP is generated to report an error and it will send a message back to the original device from where the data was sent. Along with the error message, it also sends the operational information.

The ICMP messages are used by routers, hosts, and other network devices which helps in communication about errors or timeouts. And thus, if the router has a problem while delivering a packet, it sends an ICMP message back to the sender and tells about the error.

Uses of ICMP

The common uses for the ICMP protocol are given in the following points:

  1. Tracerouting: it helps us trace the taken path of the packets between two devices. It helps us build a map kind of thing to trace the routes followed by the packets between two devices.
     
  2. Ping is a network connectivity test that employs ICMP echo requests to assess network connectivity between two routers/devices. It helps us know the internet connectivity between 2 devices. The main principle behind it follows is to send an echo request to the target device and wait for the echo reply. If the echo reply comes in, it means that the target device is reachable.
     
  3. Path MTU discovery employs ICMP packets to define the network's maximum transmission unit (MTU) between two devices. This method is used to find out the maximum size of the packet that can be transmitted between two devices without any fragmentation. To understand when fragmentation takes place we will send varying packets and decode the ICMP “fragmentation needed”  messages. We will continue this until there is no fragmentation messages are received.

How Does ICMP Work?

The purpose of ICMP is to send error messages and provide diagnostic information related to IP packet processing. Let's see how ICMP works.

  1. Error Reporting: When a network device encounters an issue while processing an IP packet, it generates an ICMP error message and sends it back to the source IP address of the original packet.
     
  2. Ping: The ping is used to test the reachability of a host on an IP network. It works by sending an ICMP Echo Request message to the target host. If it is reachable, it will respond with an ICMP Echo Reply message.
     
  3. Time Exceeded: The Time Exceeded messages are sent when a packet exceeds the maximum number of hops allowed before reaching its destination. If a packet takes too long to reach its destination, it will be discarded by an intermediate router.
     
  4. Destination Unreachable: The Destination Unreachable message is sent when a network device cannot deliver an IP packet to its destination for various reasons, e.g., the destination host is down.
     
  5. Redirect: The ICMP Redirect messages are used to inform hosts about better routes for sending packets to a specific destination. This improves network efficiency by suggesting an alternative path that avoids unnecessary hops.

ICMP Message Format

ICMP Message Format
  1. Type (8 bits): it helps us know the ICMP message. As we can see in the above table, ICMP Echo Request has a type value of 8. Similarly, we can refer to the above table for the message type.
     
  2. Code (8 bits): it provides additional information on the ICMP message.
     
  3. Checksum (16 bits): it measures the integrity of the ICMP message. The checksum is calculated using the header and the content of the message.

ICMP in DDoS Attacks

DDoS attacks flood the target system or a network with a massive volume of traffic from multiple sources. ICMP, being a network protocol, can be utilized in various ways to facilitate such attacks. The two ways in which ICMP is used in DDoS attacks are:

  1. ICMP Flood: In an ICMP flood attack, the attacker sends a large number of ping packets to the target system or network. It receives the response for them in the form of Echo Replies. The target's resources, such as network bandwidth, processing power, and memory, are exceeded, which doesn’t allow it to handle the traffic.
     
  2. Smurf Attack: The Smurf attack is a specific type of ICMP flood attack that involves exploiting the ICMP Echo Request functionality to magnify the attack's impact. In a Smurf attack, the attacker spoofs the source IP address of the ICMP Echo Requests to be the victim's IP address. These spoofed ICMP Echo Requests are then broadcasted to a network's broadcast address or directed to multiple hosts on the network.

Types of ICMP Messages

Type

Name

Description

0 Echo Reply Sent by the receiving device to confirm receipt of an ICMP Echo Request message.
3 Destination Unreachable Sent by a router or the receiving device to indicate that the destination is unreachable.
4 Source Quench Sent by a router to indicate that the traffic rate is too high and should be slowed down.
5 Redirect Sent by a router to inform the source device that a better path exists to the destination.
8 Echo Request Sent by the source device to test network connectivity with the target device.
11 Time Exceeded Sent by a router or the target device to indicate that the packet has exceeded its TTL.
12 Parameter Problem Sent by a router or the target device to indicate an error in the packet.
13 Timestamp Sent by the source device to request the timestamp of the target device.
14 Timestamp Reply Sent by the receiving device to provide the timestamp to the source device.
15 Information Requests Sent by the source device to request information about the target device.
16 Information Reply Sent by the receiving device to provide information to the source device.

 

Source Quench Message

The Source Quench message is a type of ICMP message that is used to provide feedback to the sender of an IP packet to instruct it to reduce the rate at which it is sending packets. When there is a congestion problem in the packet’s path, the message is generated by routers. When a router detects that its buffer is filling up or that there is congestion on the network, it can send a Source Quench message back to the source IP address of the incoming packets. This message essentially asks the sender to slow down the rate at which it is sending packets to avoid further exacerbating the congestion.

Parameter Problem

Parameter Problem is an ICMP message type used to report errors related to the IP header of a packet. When a router or a host encounters an IP packet with an invalid or problematic header, it can generate an ICMP Parameter Problem message and send it back to the source IP address of the original packet.

Destination Unreachable

Destination Unreachable message is used to inform that a destination host or network is unreachable for a particular IP packet. When a router or a host encounters a situation where it cannot deliver an IP packet to its intended destination, it generates an ICMP Destination Unreachable message and sends it back to the source IP address of the original packet.

The ICMP Destination Unreachable message provides valuable information to the sender about why the packet could not reach its destination. It helps in diagnosing connectivity issues and allows the sender to take appropriate action.

Redirection Message

The Redirection message is an Internet Control Message Protocol (ICMP) message which is used to inform a sender that it should utilize an alternate route for sending packets to a specific destination. When a router identifies a more efficient or preferable path to reach a particular destination, it generates an ICMP Redirect message and sends it back to the source IP address of the packet that initiated the redirection.

ICMP and Network Security

ICMP gets an error message when the receiver does not receive the packet from the sender successfully. However, many use cases exist for ICMP messages, like network management. Although, attackers can easily exploit it and be a source of malicious attacks. Since we already discussed the excellent part covered in the use cases part, we will now focus on the malicious activities that can be performed in the ICMP protocol.

  1. Ping of Death: It launches a Denial of Service (DoS), which causes the target system to crash because the ICMP messages send various ICMP packets to the target system. The attackers send pings that are greater than the maximum allowable size. These oversized packets are broken into smaller parts. And when the receiver re-assembles it, the length exceeds the max limit, which subsequently causes a buffer overflow and makes the system freeze.
     
  2. Smurf attacks happen when the attacker sends many ICMP echo requests that overload the system since many ICMP echo replies are sent to the victim.
     
  3. ICMP flood attacks happen when the attacker sends many ICMP messages to the target system, which causes it to become unresponsive or crash.
     

Also See - Locked based protocol in DBMS

Frequently Asked Questions

What is ICMP Protocol used for?

ICMP protocol is used for many reasons; some of them include Tracerouting, which helps track the route taken by packets between two routers, Ping which uses ICMP echo requests that further reply to the test network connectivity between two routers/devices, Path MTU discovery which uses ICMP messages to define the maximum transmission unit (MTU) of the network between two devices.

What is the ICMP protocol?

ICMP is a network protocol that helps devices communicate and troubleshoot on the internet. It sends error messages, like Destination Unreachable, and supports ping to check if a device is reachable. It helps in diagnosing and resolving network issues.

Is ICMP a TCP or UDP protocol?

ICMP is neither TCP nor UDP. It is a separate protocol used by devices to send error messages and check network connectivity. While TCP and UDP handle data transfer, ICMP focuses on network diagnostics and communication between devices on the internet.

Is ICMP used in ping?

Yes, ICMP is used in ping. When you ping a device, it sends a small message called ICMP Echo Request. If the device is working, it responds with an ICMP Echo Reply, confirming it's reachable on the network.

Conclusion

Thus, in this blog, we discuss the IMCP, also known as Internet Control Message Protocol which is used to send an error message if the package isn’t delivered to the other router, and also tells about what the error is about. We also discussed the various uses of IMCP Protocols, which include Tracerouting, which helps track the route taken by packets between two routers, Ping which uses ICMP echo requests that further reply to the test network connectivity between two routers/devices, Path MTU discovery which uses ICMP messages to define the maximum transmission unit (MTU) of the network between two devices.

 

To learn more about Network Layer Protocols and different types of Networking:

 

If you liked our article, do upvote our article and help other ninjas grow.  You can refer to our Guided Path on Coding Ninjas Studio to upskill yourself in Database management systemData StructureOperating SystemJavascript, and Computer Networks

Live masterclass