What is the Full form of ICMP:
Network devices use ICMP (Internet Control Message Protocol) to troubleshoot communication problems at the network layer. ICMP is typically utilized to check if data is being delivered to its destination in a timely manner. The ICMP protocol is commonly used on routers and other network devices. While ICMP plays a vital role in error reporting and testing, it can also be used in DDoS assaults.
History of ICMP:
Bill Clinton of the United States proposed the formation of ICMP at the 1996 G-7 Summit in Lyon, France. In the first year after the Dayton Peace Agreement was signed, which ended the combat in the former Yugoslavia, ICMP's primary mission was to assist in locating the estimated 40,000 people who went missing during the conflict.
Early in the conflict, in Croatia and Serbia, national agencies responsible for searching for the missing were founded, and their efforts were first focused on searching for missing people from one side or the other. Bosnia and Herzegovina, which had suffered the most physical devastation and where the instances of missing persons were the most numerous, had embryonic post-war institutions that often lacked the capacity and the motivation to address the issue of missing persons efficiently and inclusively.
ICMP operates on a simple principle as a core component of the Internet Protocol (IP) suite. However, unlike protocols like Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), ICMP does not belong to the transport layer (UDP). There is no need to establish a connection between the sending and receiving devices with this protocol. This is in contrast to TCP, where a link must be found before a message can be sent; the TCP handshake verifies the readiness of both devices before the message is transmitted.
The ICMP data is encapsulated within an IP header and sent as a datagram. A datagram, like a packet, is a discrete unit of information. Imagine it as a parcel transporting a section of a larger message across the Internet. Packets that include the ICMP protocol in their IP data are called ICMP packets. The original IP header is also included in ICMP messages, so the receiving system may determine which packet was lost.
Following the IPv4 or IPv6 header, the ICMP header follows IP protocol 1. You'll find an explanation of the three protocol parameters below. Once those three items have been specified, the original IP header and ICMP data will indicate which packet failed.
How does it work?
Unlike IPv6, ICMP is not part of the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) (UDP). Therefore, ICMP messages can be sent between devices without establishing a connection.
If we take TCP as an example, a multi-step handshake must occur between the connecting devices before any data can be exchanged. After the handshake is complete, the information can be sent to the recipient. The ICMP protocol is unique. There is no bond created. Just like that, the message is on its way.
Advantages of ICMP:
-
Usefulness in Diagnosis
ICMP helps admins locate connectivity issues. Most problems, such as server downtime or hardware failure, can be diagnosed with just two simple commands. PING and TRACERT are the names of these processes. PING is a command used by administrators to query remote computers or servers from their primary workstations.
When the other computer receives this request across the network, it will send a response back to the first to confirm receipt and alert the administrator. Similar to how PING operates, TRACERT does the same thing. This utility will show the administrator where the network failure occurred by tracing the request's journey across the network.
-
The quickness of the Connection:
Access on demand is made possible by a fast network, which is essential for users to complete their job over a network or the Internet. Administrators frequently face circumstances in which users complain that web pages and other network services take too long to load.
Through the ICMP protocol, managers can test whether or not the network is experiencing a bottleneck by sending timed requests throughout the system. In most cases, response times below 100 ms are considered acceptable, and anything above that usually indicates a problem with the network or the requested resource. We call this slowing down, or throughput, slowing.
-
Network:
Several components work together to form a network, from the visible computers and servers to the invisible Network layer that makes the ICMP protocol possible. The network layer is the framework upon which the Internet and other data-transferring networks are built. Due to its critical role, the ICMP protocol resides in the network layer.
Functions OF ICMP:
It's not uncommon for DDoS attacks to use ICMP in one of three distinct forms: a flood attack, a ping of death, or a Smurf attack.
-
ICMP Flood Attack:
An attacker's goal in an ICMP flood attack is to overwhelm the targeted device with so many ICMP echo request packets that it fails to function properly. This prevents the device from serving legitimate users because each box necessitates processing and response.
-
Deathly Ping:
An attacker launching a Ping-of-Death assault does so by delivering a massive ping to a system incapable of responding to such a signal. As a result, the computer can crash or become unusable. As the data travels, it is broken up into smaller pieces, but once it reaches its destination, it is pieced back together.
-
Smurfs Assault:
During a Smurf assault, an adversary sends out an ICMP packet with a forged IP address. As the network's devices send their responses to the faked IP address, the intended victim receives a deluge of ICMP packets. The majority of the time, this type of assault primarily affects older machines.