Monday, 5 June 2017

ICMP (Internet Control Message Protocol)


The Internet Control Message Protocol (ICMP) is a supporting protocol in the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating, for example, that a requested service is not available or that a host or router could not be reached.
ICMP works with IP at the network layer. It is also called as the companion of IP. The following diagram shows where ICMP is used.
ICMP is mainly used for two purposes: Error handling and Request and reply. In this post, I will give a brief overview of these two concepts. If you want to read in-depth, about these two concepts you can read about them here (about ICMP-Error handling) and here (about ICMP- request and reply).

Error handling or feedback messaging:

Error handling or feedback messaging is used to find fault in the network or to get the feedback about the packets travelling on the network or which have already reached the destination. Feedback messages are one-way messages. That means they are generated at source and they die at the destination or at intermediate routers. No reply is sent for the feedback messages.

To make it more clear let's take an example. Consider the figure given below, where we have 2 intermediate routers between S and R. If we send an IP packet from  S to R and if it's discarded at second router because of buffer overflow then, there has to be some mechanism by which you should be able to convey this message to source that its packet is discarded and he needs to resend it. This is where ICMP - feedback messaging comes into the picture.

Whichever router discards the IP packet makes and ICMP packet, puts it inside the IP packet and then sends it back to the sender in this case S. Sender S can read the content of ICMP packet and find out what happened to its packet. ICMP is sent only when an IP packet is discarded or when an IP packet carrying some other packet other than ICMP packet is discarded. When an ICMP packet is discarded no new ICMP packet is generated for it.
To understand why this happens consider the following scenario.
Let's say IP packet of S is discarded by the second router. Imagine the second router is heavily loaded and it is not able to process the packets. So it sends back an ICMP packet to router one to pass it onto S. Let's say the ICMP is discarded by router 1. Now the question is should we generate ICMP packet for the lost ICMP packet. 
Well if you do so you can fall in an infinite loop. Let's say you generated ICMP from router 1. You will send it to router 2. Router 2 will discard this packet (as it is overloaded) and generate another ICMP for router 1. If router 1 again discards the ICMP there will one more ICMP generated which will be sent to router 2. This continues and you will fall in the infinite loop. 
So you now know that why we don't generate ICMP for ICMP.

Request and reply:

This service of ICMP is used to get information about the network through which it travels or nodes in between. You might have heard about this program called ping. It stands for Packet INternet Groper. It is a classic program implemented using ICMP echo request and reply technique.

PING is a computer network administration software utility used to test the reachability of a host on an Internet Protocol network. To check the availability of a host you need the IP address of the host and ping on your computer. Almost every OS has this program preinstalled. Whenever you type ping followed by the IP address of the target (ex: ping, your shell which is a child process created by the kernel, creates one more child process by running the program called ping. It passes the IP address of the target as the command line arguments to the ping program.

Now when ping receives the arguments it initiates an ICMP request and replies from network layer of the device. This request travels through the network, passing through many intermediate routers. Finally, it reaches the destination and comes back from the network layer of the device. Remember that it only goes till network layer, not the application layer. It is because of this the host is not able to know anything about this.

Hackers use this command to bring down the servers. They send repeated ping requests to the server, because of which the server gets busy responding to ping requests and finally comes down. And the worst about this is that the victim doesn't even come to know about this because nothing is showed at the application layer.
Point to be noted that PING is not a client server application. It is because it works only at the network layer.

So this is all about ICMP. If you liked the post, please do show your support by following the blog. And like us on facebook and google+.

Thank you!