What is the Internet Control Message Protocol (ICMP)?
The Internet Control Message Protocol (ICMP) is a protocol that devices within a network use to communicate problems with data transmission. In this ICMP definition, one of the primary ways in which ICMP is used is to determine if data is getting to its destination and at the right time. This makes ICMP an important aspect of the error reporting process and testing to see how well a network is transmitting data. However, it can also be used to execute distributed denial-of-service (DDoS) attacks.
The manner in which ICMP works in network communication is similar to the communication that happens between a carpenter building a house and a home improvement store. The store sends studs, floorboards, roofing materials, insulation, and more, assuming that each component arrives and in the right order.
For instance, when the carpenter begins to construct a wall, he makes a request for 28 2x4s, 10 pounds of nails, and a door. He needs to get the nails first, the 2x4s second, and the door last. The home improvement store sends them in that order, but the door arrives first. This will not work because you cannot hang a door without having a wall up first. So the carpenter asks the store to resend the nails and the 2x4s, and the store resends them, telling the driver to take a different route.
ICMP works like the communication between the carpenter and the store. It relays messages from the receiver to the sender about the data that was supposed to arrive. If the data either does not reach the receiver or is received in the wrong order, ICMP lets the sender know so the data can be resent. In this way, ICMP is simply a protocol for communicating information about data, but it does not manage the data itself.
Also, it does not have its own level within the Open Systems Interconnection (OSI) model, which outlines the seven layers involved in network transmissions. Understanding ICMP can help you see why it is such a valuable tool, but it is also important to understand how ICMP can be used in DDoS attacks that may threaten an organization.
What is ICMP Used For?
The number one use of ICMP is for reporting errors. Anytime two devices are connected through the internet, ICMP can be used to create errors that can go from the receiving device to the sending device if some of the data did not arrive as expected. For example, extremely large packets of data may be too big for a router to manage. In that case, the router will discard the data packet and transmit an ICMP message to the sender informing it of the issue.
Another common use of ICMP is as a diagnostic tool to assess a network’s performance. Both traceroute and ping use ICMP. Traceroute and ping are messages sent regarding whether data was successfully transmitted. When traceroute is used, the devices that a packet of data went through to get to its destination are displayed in the report. This includes the physical routers that handled the data.
The traceroute also tells you how much time it took for the data to go from one device to another. Each time data goes between routers, the trip is referred to as a hop. The information revealed by the traceroute can be used to figure out which devices along the route are causing delays.
A ping is similar to a traceroute but simpler. It reports how long it takes for data to go between two points. ICMP facilitates ping in that the ICMP echo request and echo reply are used during the ping process.
ICMP is also used to hurt network performance. This is done using an ICMP flood, a Smurf attack, and a ping of death attacks that overwhelms a device on the network and prevent normal functionality.