INTERNET ENGINEERING

LECTURE 6

SAYOR AJFAR AARON

Canadian University Bangladesh
 ICMP INTRODUCTION

• The Internet Control Message Protocol (ICMP) is a network layer

protocol employed by network devices to diagnose and
troubleshoot communication problems within a network. It
primarily serves to verify whether data is successfully reaching
its target destination in a timely fashion.
• ICMP is commonly utilized in network devices like routers and
is essential for error reporting and diagnostic testing. However,
it can also be exploited in distributed denial-of-service (DDoS)
attacks.
 ICMP FUNCTIONALITY

• ICMP is used for error reporting and handling management queries. It

serves as a supporting protocol, enabling network devices like routers to
send error messages and operational information, such as when a
requested service is unavailable or when a host or router cannot be
reached.
• Since the IP protocol lacks its own error-reporting or error-correction
capabilities, ICMP communicates issues through specialized messages.
For example, when a message is sent to its intended recipient, it may be
intercepted or blocked in the way
• Without ICMP, the sender might mistakenly assume the message has
been successfully delivered. However, ICMP allows an intermediary device
to report the error, ensuring the sender is aware of the issue.
 ICMP USES

• The primary function of ICMP is error reporting. When two

devices connect over the Internet, ICMP is responsible for
generating error messages that are sent back to the originating
device if any data fails to reach its intended destination.
• For instance, if a data packet is too large for a router to handle,
the router will discard the packet and send an ICMP message
back to the source, informing it of the issue.
• In addition to error reporting, ICMP is also used for network
diagnostics. Commonly used terminal utilities like traceroute and
ping rely on ICMP to function.
• Traceroute: Traceroute utility is used to know the route between
two devices connected over the internet. It routes the journey from
one router to another, and a traceroute is performed to check
network issues before data transfer.
• The traceroute utility displays the routing path between two
Internet devices, showing the actual physical path of connected
routers that a request travels through to reach its destination.
• Each journey between routers, known as a 'hop,' is recorded by
traceroute, along with the time taken for each hop. This
information is valuable for identifying sources of network delay.
• Ping: Ping is a simple kind of traceroute known as the echo-
request message, it is used to measure the time taken by data to
reach the destination and return to the source, these replies are
known as echo-replies messages.
• Pingtests the connection speed between two devices and reports
how long it takes for a data packet to travel to the destination and
return to the sender's device.
• Although ping doesn't provide information about routing paths or
hops, it is an effective tool for measuring the latency between two
devices. ICMP echo-request and echo-reply messages are typically
used to perform a ping.
 WHY ICMP IS DIFFERENT FROM TCP
OR UDP?

• Unlike the Internet Protocol (IP), ICMP is not linked to any

transport layer protocols like TCP or UDP. This characteristic
makes ICMP a connectionless protocol, meaning that one
device does not need to establish a connection with another
before sending an ICMP message.
• Typically, IP traffic is sent using TCP, which involves a
handshake process to ensure both devices are prepared to
exchange data. In contrast, ICMP skips this step and does not
establish a connection. Additionally, ICMP does not allow for
targeting specific ports on a device.
 ICMP PACKET

• An ICMP packet is a packet that uses the ICMP protocol. ICMP

packets include an ICMP header after a normal IP header.
• When a router or server needs to send an error message, the
ICMP packet body or data section always contains a copy of the
IP header of the packet that caused the error.
ICMP PACKET
ICMP IN DDOS
ATTACKS

• ICMP Flood Attacks

• In an ICMP flood
attack, the attacker
sends a barrage of
echo requests and
echo replies to
overwhelm the
target's network.
 PING OF DEATH ATTACK

• A ping of death attack involves an attacker sending a ping that

exceeds the maximum allowable packet size to a targeted
machine. As the packet travels to its destination, it gets
fragmented.
• However, when the target reassembles the packet, the
oversized packet causes a buffer overflow, potentially freezing
or crashing the machine. While largely historical, older
networking equipment may still be vulnerable to this type of
attack.
 SMURF ATTACK

• In a Smurf attack, the attacker sends an ICMP packet with a

spoofed source IP address.
• The network devices respond to this packet, sending replies to
the spoofed IP address and effectively flooding the victim with
unwanted ICMP packets. Like the ping of death, the Smurf
attack is mainly a concern for legacy equipment.