Introduction To
The Internet Control Message Protocol
Introduction
The
Internet Control Message
Protocol, or ICMP
as we will be calling it, is a very popular protocol
and actually part of an Internet Protocol (IP)
implementation. Because IP wasn't designed to be
absolutely reliable, ICMP
came into the scene to provide feedback on problems
which existed in the communication environment.
If I said
the word 'Ping' most people who work with networks
would recognise that a 'ping' is part of
ICMP and in case you
didn't know that, now you do :)
ICMP is one of the most
useful protocols provided to troubleshoot network
problems like DNS resolutions, routing, connectivity
and a lot more. Personally, I use
ICMP a lot, but you
need to keep its limits in mind beause you might end
up spending half a day trying to figure out why
you're not getting a 'ping reply' ('echo reply' is
the correct term) from, for example, www.firewall.cx
when, in fact, the site's webserver is configured
NOT to reply to 'pings' for security reasons !
Cool Note
A few
years ago there was a program released, which still
circulates around the Internet, called
Click ( I got my hands
on version 1.4). Click
was designed to run on a Windows platform and work
against Mirc users. The
program would utilise the different messages
available within the ICMP protocol to send special
error messages to Mirc
users, making the remote user's program think it had
lost connectivity with the IRC server, thus
disconnecting them from the server ! The magic is
not what the program can do, but how it does it !
This is where a true networking guru will be able to
identify and fix any network security weakness.
The Protocol
ICMP is
defined in RFC (Request For Comments)
792. Looking at its position in the OSI model we
can see that it's sitting in the Network layer
(layer 3) alongside IP. There
are no ports used with ICMP, this is because
of where the protocol sits in the OSI model.
Ports are only used for
protocols which work at the
Session layer and above:
|
|
The ICMP
protocol uses different 'messages' to
identify the purpose of an
ICMP packet,
for example, an 'echo' (ping) is one type of
ICMP message.
I
am going to break down the different message
descriptions as they have been defined by
the
RFC792.
There is a lot of information to cover in
ICMP so I have
broken it down to multiple pages rather than
sticking everything into one huge page that
would bore you! |
|
|
Also, I
haven't included all the messages which ICMP
supports, rather I selected a few of the more common
ones that you're likely to come across. You can
always refer to the
RFC792 to get the details on all messages.
We will
start with a visual example of where the
ICMP header and
information are put in a packet, to help you
understand better what we are dealing with :)
The
structure is pretty simple, not a lot involved, but
the contents of the ICMP
header will change depending on the message it
contains. For example, the header information for an
'echo' (ping) message (this is the correct term) is
different to that of a 'destination unreachable'
message, also a function of
ICMP.
NOTE: If you were to
run a packet sniffer on your LAN and catch a "ping"
packet to see what it looks like, you would get more
than I am showing here. There will be an extra
header, the datalink header, which is not shown here
because that header will change (or more likely be
removed) as the packet moves from your LAN to the
Internet, but the 2 headers you see in this picture
will certainly remain the same until they reach
their destination.
So, that
now leaves us to analyse a few of the selected ICMP
messages !
The table
below shows all the ICMP messages the protocol
supports. The messages that are in the
green colour are the
ones covered. Please click on the
ICMP message you wish
to read about:
 |
