ICMP

From Delft Solutions
Revision as of 04:55, 7 March 2024 by Louisraymond24 (talk | contribs) (Created page with " == Summary == ICMP is a [https://en.wikipedia.org/wiki/Network_layer L3 protocol], and forms part of the [https://en.wikipedia.org/wiki/Internet_protocol_suite IP suite]. It differs from other protocol in the suite as it is not used by applications to exchange data. Rather, ICMP messages are used for error reporting, and to obtain diagnostic information, enabling network administrators to attend to issues in the network. ICMP was introduced in 1981 to fulfil this role,...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

ICMP is a L3 protocol, and forms part of the IP suite. It differs from other protocol in the suite as it is not used by applications to exchange data. Rather, ICMP messages are used for error reporting, and to obtain diagnostic information, enabling network administrators to attend to issues in the network. ICMP was introduced in 1981 to fulfil this role, as this capability was missing from the internet protocol itself. Like L4 protocols, ICMP works by having its data encapsulated in IP packets. Nonetheless, it is still considered (and processed) like a 13 protocol, due to its function pertaining exclusively to the behaviour of that layer, and the fact that it is not used for data transmission.

An ICMP packet consists of two parts:

  1. A packet header
  2. A data section

And, beyond this -there are two broad categories of ICMP message:

  1. Query Messages
  2. Error reporting messages

Packet Headers

ICMP packet headers contain the following information:

  • Type
  • Code
  • Checksum
  • Rest of header

Together, the type and code together describe the function of the package.

Use Case

ICMP messages are most often associated with ping and traceroute (two network diagnostic tools). However, they are also used in other situations, for example:

  • If a device sends a mesage that is too large for a recipient to process, then the recipient will drop the message and send an ICMP message back to the source.
  • If a network gateway discovers a shorter route for a message to travel on, than the one previously used, it will send an ICMP message to the sender to address this.

Other notes

  • Like UDP ICMP is "connectionless", as it does not have to establish a connection between a server and client prior to sending data.
  • There are several attacks, including Ping attacks and Smurf attacks which make use of IMCP
  • Disabling ICMP is an option some network administrators use as a "quick fix" for handling the security vulneriblities posed by having ICMP enabled, but in doing so they impact their ability to diagnose problems, in addition the reliability and network performance of their system can be negatively impacted