Welcome to Firewall.cx - The Site For Networking Professionals

 
Modules
· Home
· Alternative Menu
· Amazon
· Cisco Decrypter
· Cisco Lab Partners
· Feedback
· Forums
· Max Arcade
· Private Messages
· Recommend Us
· Statistics
· Stories Archive
· Submit News
· Surveys
· Topics
· Web Links
· Your Account
 
Cisco Knowledgebase Articles
 
Site Info
Welcome, Anonymous
Nickname
Password
Security Code: Security Code
Type Security Code:

· Register
· Lost Password
Membership:
Latest: Check the profile of Krusty_47 Krusty_47
New Today: 4
New Yesterday: 7
Waiting: 1
Overall: 25794
People Online:
Visitors: 119
Members: 3
Hidden: 0
Total: 122
Online Now:
01: Check the profile of Perlhack Send a quick private message to Perlhack Perlhack
02: Check the profile of geet Send a quick private message to geet geet
03: Check the profile of S0lo Send a quick private message to S0lo S0lo
We received
75376454
page views since
15th September 2003
Hits New Today: 24418
Hits New Yesterday: 36694
 
Top Downloads
 
Gold Lab Partners


 
Introduction To The Internet Control Message Protocol

Introduction To The Internet Control Message Protocol

Share
Introduction

The Internet Control Message Protocol, or ICMP as we will be calling it, is a very popular protocol and actually part of an Internet Protocol (IP) implementation. Because IP wasn't designed to be absolutely reliable, ICMP came into the scene to provide feedback on problems which existed in the communication environment.

If I said the word 'Ping' most people who work with networks would recognise that a 'ping' is part of ICMP and in case you didn't know that, now you do :)

ICMP is one of the most useful protocols provided to troubleshoot network problems like DNS resolutions, routing, connectivity and a lot more. Personally, I use ICMP a lot, but you need to keep its limits in mind beause you might end up spending half a day trying to figure out why you're not getting a 'ping reply' ('echo reply' is the correct term) from, for example, www.firewall.cx when, in fact, the site's webserver is configured NOT to reply to 'pings' for security reasons !

Cool Note

A few years ago there was a program released, which still circulates around the Internet, called Click ( I got my hands on version 1.4). Click was designed to run on a Windows platform and work against Mirc users. The program would utilise the different messages available within the ICMP protocol to send special error messages to Mirc users, making the remote user's program think it had lost connectivity with the IRC server, thus disconnecting them from the server ! The magic is not what the program can do, but how it does it ! This is where a true networking guru will be able to identify and fix any network security weakness.

The Protocol

ICMP is defined in RFC (Request For Comments) 792. Looking at its position in the OSI model we can see that it's sitting in the Network layer (layer 3) alongside IP. There are no ports used with ICMP, this is because of where the protocol sits in the OSI model. Ports are only used for protocols which work at the Session layer and above:

 

The ICMP protocol uses different 'messages' to identify the purpose of an ICMP packet, for example, an 'echo' (ping) is one type of ICMP message.

I am going to break down the different message descriptions as they have been defined by the RFC792.

There is a lot of information to cover in ICMP so I have broken it down to multiple pages rather than sticking everything into one huge page that would bore you!

Also, I haven't included all the messages which ICMP supports, rather I selected a few of the more common ones that you're likely to come across. You can always refer to the RFC792 to get the details on all messages.

We will start with a visual example of where the ICMP header and information are put in a packet, to help you understand better what we are dealing with :)

The structure is pretty simple, not a lot involved, but the contents of the ICMP header will change depending on the message it contains. For example, the header information for an 'echo' (ping) message (this is the correct term) is different to that of a 'destination unreachable' message, also a function of ICMP.

NOTE: If you were to run a packet sniffer on your LAN and catch a "ping" packet to see what it looks like, you would get more than I am showing here. There will be an extra header, the datalink header, which is not shown here because that header will change (or more likely be removed) as the packet moves from your LAN to the Internet, but the 2 headers you see in this picture will certainly remain the same until they reach their destination.

So, that now leaves us to analyse a few of the selected ICMP messages !

The table below shows all the ICMP messages the protocol supports. The messages that are in the green colour are the ones covered. Please click on the ICMP message you wish to read about: