ICMP can help to both solve and cause network traffic issues. ICMP or InternetControl Message Protocol is an error reporting protocol used by routers, hosts, and other network devices to communicate error information or updates to other routers, hosts, or network devices.
In this blog, we’ll cover when it’s used and some of the potential challenges. For more background on network testing and diagnostics, click the link above or in the description below.ICMP is primarily used for network traffic analysis.
But when are ICP messages sent, ICMP messages are sent in a variety of error reporting contexts. One scenario is that if one device sends a message that is too large for a recipient to process, the recipient will drop that message and send an ICMP message back to the source. Another is when the network gateway finds a shorter route for the message to travel on.
When this happens, the gateway sends an ICMP message and the packet is redirected to the shorter route. ICMP is commonly associated with traceroute and ping to common network diagnostic tools that use ICMP messages. traceroute helps the admins locate the source of a network delay. While ping is useful for collecting latency information. However, ICMP can also be exploited.
In denial of service attacks. Attackers overwhelm the target with unwanted traffic so the target cannot provide the service to its users.
There are multiple ways an attacker can use ICMP to execute these attacks, including ping sweep, ping flood, and Smurf attack, among others. Because of the possible attacks enabled by ICMP, network admins sometimes disable ICMP for a quick-fix security measure. And while TCPIP can still work with ICMP traffic blocked. Diagnostics, reliability and networkperformance can be negatively impacted.