What is ICMP in Networking?

By /

Listen to this Post

Featured Image
ICMP (Internet Control Message Protocol) is a core protocol used in networking for sending error messages and operational information about network conditions—such as when a device is unreachable or a service is not available.

Key Functions of ICMP:

1. Error Reporting:

  • ICMP informs the sender when a packet cannot reach its destination (e.g., host unreachable, time exceeded).

2. Diagnostics:

  • ICMP is used in tools like:
    – `ping` – Checks connectivity between devices.
    – `traceroute` – Tracks the path packets take to a destination.

3. Flow Control:

  • ICMP can notify the sender to slow down traffic if the receiving device is overwhelmed.

ICMP Message Types:

  • Type 0: Echo Reply
  • Type 3: Destination Unreachable
  • Type 5: Redirect Message
  • Type 8: Echo Request (used in ping)
  • Type 11: Time Exceeded (used in traceroute)

Security Note:

Because ICMP can reveal network structure or vulnerabilities, some organizations limit or block ICMP traffic for security reasons.

Why ICMP Is Important:

  • Helps diagnose and troubleshoot network issues.
  • Provides feedback about network communication problems.
  • Assists in identifying latency or path issues.

You Should Know:

1. How to Use `ping` for Network Diagnostics

ping google.com

– Flags:
– `-c 4` (Send 4 packets)
– `-i 2` (Set interval between packets to 2 seconds)
– `-s 1000` (Set packet size to 1000 bytes)

  1. How to Use `traceroute` (Linux) / `tracert` (Windows) 
    traceroute google.com
    • Windows: 
      tracert google.com

3. Blocking ICMP in Linux (iptables)

sudo iptables -A INPUT -p icmp --icmp-type 8 -j DROP

– This blocks `ping` (Echo Request) requests.

4. Allowing Only Specific ICMP Types

sudo iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT 
sudo iptables -A INPUT -p icmp -j DROP

5. Testing ICMP Responses with `hping3`

sudo hping3 -1 google.com

– `-1` for ICMP mode.

6. Analyzing ICMP Traffic with `tcpdump`

sudo tcpdump -i eth0 icmp

7. Disabling ICMP Redirects in Linux

echo 0 > /proc/sys/net/ipv4/conf/all/accept_redirects

8. Simulating ICMP Flood Attack (For Testing)

sudo hping3 --flood --icmp target_IP

(Use responsibly in controlled environments.)

What Undercode Say:

ICMP remains a fundamental protocol for network troubleshooting, yet it is often exploited in attacks like ICMP floods, Smurf attacks, and Ping of Death. Properly configuring firewalls (iptables, ufw) and monitoring ICMP traffic (tcpdump, Wireshark) is crucial for security.

  • For Linux Admins: 
    sysctl -w net.ipv4.icmp_echo_ignore_all=1  Disable ping responses
  • For Windows Admins: 
    New-NetFirewallRule -DisplayName "Block ICMP" -Protocol ICMPv4 -IcmpType 8 -Action Block

Understanding ICMP types (0, 3, 8, 11) helps in network forensics and intrusion detection. Always log unusual ICMP traffic: 

sudo tcpdump -nni eth0 'icmp and not (icmp[bash]=0 or icmp[bash]=8)'

Expected Output:

[/bash]
15:30:45.123456 IP 192.168.1.100 > 192.168.1.1: ICMP echo request, id 12345, seq 1, length 64
15:30:45.123789 IP 192.168.1.1 > 192.168.1.100: ICMP echo reply, id 12345, seq 1, length 64
[bash]

Prediction
As networks evolve with 5G and IoT, ICMP will remain essential for diagnostics but may face stricter filtering due to increasing DDoS risks. Future tools may integrate AI-based anomaly detection to differentiate between legitimate ICMP traffic and attacks.

References:

Reported By: Ahmed Bawkar – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram

Related Posts: