We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13
INTERNET ENGINEERING
LECTURE 6
SAYOR AJFAR AARON
Canadian University Bangladesh ICMP INTRODUCTION
• The Internet Control Message Protocol (ICMP) is a network layer
protocol employed by network devices to diagnose and troubleshoot communication problems within a network. It primarily serves to verify whether data is successfully reaching its target destination in a timely fashion. • ICMP is commonly utilized in network devices like routers and is essential for error reporting and diagnostic testing. However, it can also be exploited in distributed denial-of-service (DDoS) attacks. ICMP FUNCTIONALITY
• ICMP is used for error reporting and handling management queries. It
serves as a supporting protocol, enabling network devices like routers to send error messages and operational information, such as when a requested service is unavailable or when a host or router cannot be reached. • Since the IP protocol lacks its own error-reporting or error-correction capabilities, ICMP communicates issues through specialized messages. For example, when a message is sent to its intended recipient, it may be intercepted or blocked in the way • Without ICMP, the sender might mistakenly assume the message has been successfully delivered. However, ICMP allows an intermediary device to report the error, ensuring the sender is aware of the issue. ICMP USES
• The primary function of ICMP is error reporting. When two
devices connect over the Internet, ICMP is responsible for generating error messages that are sent back to the originating device if any data fails to reach its intended destination. • For instance, if a data packet is too large for a router to handle, the router will discard the packet and send an ICMP message back to the source, informing it of the issue. • In addition to error reporting, ICMP is also used for network diagnostics. Commonly used terminal utilities like traceroute and ping rely on ICMP to function. • Traceroute: Traceroute utility is used to know the route between two devices connected over the internet. It routes the journey from one router to another, and a traceroute is performed to check network issues before data transfer. • The traceroute utility displays the routing path between two Internet devices, showing the actual physical path of connected routers that a request travels through to reach its destination. • Each journey between routers, known as a 'hop,' is recorded by traceroute, along with the time taken for each hop. This information is valuable for identifying sources of network delay. • Ping: Ping is a simple kind of traceroute known as the echo- request message, it is used to measure the time taken by data to reach the destination and return to the source, these replies are known as echo-replies messages. • Pingtests the connection speed between two devices and reports how long it takes for a data packet to travel to the destination and return to the sender's device. • Although ping doesn't provide information about routing paths or hops, it is an effective tool for measuring the latency between two devices. ICMP echo-request and echo-reply messages are typically used to perform a ping. WHY ICMP IS DIFFERENT FROM TCP OR UDP?
• Unlike the Internet Protocol (IP), ICMP is not linked to any
transport layer protocols like TCP or UDP. This characteristic makes ICMP a connectionless protocol, meaning that one device does not need to establish a connection with another before sending an ICMP message. • Typically, IP traffic is sent using TCP, which involves a handshake process to ensure both devices are prepared to exchange data. In contrast, ICMP skips this step and does not establish a connection. Additionally, ICMP does not allow for targeting specific ports on a device. ICMP PACKET
• An ICMP packet is a packet that uses the ICMP protocol. ICMP
packets include an ICMP header after a normal IP header. • When a router or server needs to send an error message, the ICMP packet body or data section always contains a copy of the IP header of the packet that caused the error. ICMP PACKET ICMP IN DDOS ATTACKS
• ICMP Flood Attacks
• In an ICMP flood attack, the attacker sends a barrage of echo requests and echo replies to overwhelm the target's network. PING OF DEATH ATTACK
• A ping of death attack involves an attacker sending a ping that
exceeds the maximum allowable packet size to a targeted machine. As the packet travels to its destination, it gets fragmented. • However, when the target reassembles the packet, the oversized packet causes a buffer overflow, potentially freezing or crashing the machine. While largely historical, older networking equipment may still be vulnerable to this type of attack. SMURF ATTACK
• In a Smurf attack, the attacker sends an ICMP packet with a
spoofed source IP address. • The network devices respond to this packet, sending replies to the spoofed IP address and effectively flooding the victim with unwanted ICMP packets. Like the ping of death, the Smurf attack is mainly a concern for legacy equipment.