ICMP Protocol with Wireshark

Introduction to ICMP

Unlike the Transport Control Protocol (TCP) and User Datagram Protocol (UDP), the Internet Control Message Protocol (ICMP) is not designed for carrying data. 

While ICMP packets do have a data section, their purpose is not to wrap and carry protocols like HTTP and DNS. Instead, ICMP is designed as a low-level management protocol for the internet. It carries error messages and implements simple management functions. 

As a result, an organization’s ICMP traffic should largely be confined inside the network boundary, but it is a common protocol to see in network traffic captures.

ICMP in Wireshark

As an error messaging protocol, the structure of an ICMP packet is designed to provide the necessary information to the recipient. Error data in ICMP is carried in two values: the type and the code.

As shown above, the type of an ICMP packet contains the overall message that the message is intended to convey. For example, a type value of 3 means that the intended destination is unreachable.

For some types, there are multiple code values intended to provide additional information. For example, a type 3 ICMP message with a 0 code points to issues with the destination network, while a 1 code means that the issue is that the particular host is unreachable.

While many ICMP messages are designed to be sent as error messages in response to packets of other protocols, some are designed to implement standalone functionality.

The purpose of ping is to determine if the system at a certain IP address exists and is currently functional, and that a route to that system can be found. Typing ping into the Windows or Linux terminal will send a series of ping packets and provide a percentage value for the reachability of the destination based upon the (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Chris Sienko. Read the original post at: