Why icmp

The traceroute also tells you how much time it took for the data to go from one device to another. Each time data goes between routers, the trip is referred to as a hop. The information revealed by the traceroute can be used to figure out which devices along the route are causing delays.

A ping is similar to a traceroute but simpler. It reports how long it takes for data to go between two points. ICMP is also used to hurt network performance. This is done using an ICMP flood, a Smurf attack, and a ping of death attacks that overwhelms a device on the network and prevent normal functionality. As a result, there is no need for a device to connect with another prior to sending an ICMP message. For example, in TCP, the two devices that are communicating first engage in a handshake that takes several steps.

After the handshake has been completed, the data can be transferred from the sender to the receiver. This information can be observed using a tool like tcpdump. ICMP is different.

No connection is formed. The message is simply sent. Also, unlike with TCP and UDP, which dictate the ports to which information is sent, there is nothing in the ICMP message that directs it to a certain port on the device that will receive it. A ping of death attack involves an attacker sending an extremely large ping to a device that cannot handle pings of that size. The machine may then crash or freeze up. The packet of data is fragmented as it heads toward the target, but during the reassembly process, it is put back together.

When it reaches the target, there is a buffer overflow, causing the device to malfunction. Ping of death attacks are more a danger for older equipment within the network. When the equipment on the network replies, each reply gets sent to the spoofed IP address, and the target is flooded with a ton of ICMP packets. This kind of attack is also typically only a problem for older equipment. ICMP is used by a device, like a router, to communicate with the source of a data packet about transmission issues.

For example, if a datagram is not delivered, ICMP might report this back to the host with details to help discern where the transmission went wrong. It's a protocol that believes in direct communication in the workplace. ICMP and Ping. Ping is a utility which uses ICMP messages to report back information on network connectivity and the speed of data relay between a host and a destination computer. It's one of the few instances where a user can interact directly with ICMP, which typically only functions to allow networked computers to communicate with one another automatically.

Unfortunately, ICMP can be an attack vector for a network. A ping scan or sweep helps an attacker discover systems to target in future attacks. Time exceeded message : When some fragments are lost in a network then the holding fragment by the router will be dropped then ICMP will take the source IP from the discarded packet and informs the source, of discarded datagram due to time to live field reaches zero, by sending time exceeded message.

Destination un-reachable : Destination unreachable is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.

Skip to content. Change Language. Related Articles. Computer Network Fundamentals. Physical layer. Data Link layer. Network layer. Transport layer. Application layer. Network Security. Computer Network Quizes.