Hello In this Post I will write about ICMP ( Internet Control Message Protocol ), it is mainly used to determine whether or not data is reaching its intended destination in a timely manner. it's a layer 3 packet where we can use to troubleshoot internet connections in diagnostic utilities including for example
- ping.
- traceroute.
- If a router in your packet way needs the packet to be smaller ( you need to fragment the packet first) it will send back an ICMP packet Fragmentation required.
- Routers send back packet expiration notification (TTL) when the ttl drops to zero.
ICMP packet are very useful however you can use it as a distributed denial-of-service (DDoS) attacks as you can hammer destinations with a lot of packets.
This is why you will find routers and firewalls blocks the ICMP because they don't want to be spammed by all that packets, so sometimes the distention will be available and running but ping and traceroute may fail as one of the routers in the middle may block your packet.
But when you block them you lose some useful utilities like ping and traceroute and you may also experience a weird behavior, in some cases you will find that your data does not reach your distention however your data is being sent but the server doesn't receive anything, This can happen as your packet may be large for one of the routers in the middle however the firewall blocks the ICMP packet so you will not receive anything informing you that. This is called TCP BLACK HOLE.
So when you send ICMP packet the receiver should send back and ICMP echo packet back. and this is how ping works, your pc sends a ICMP packet and the server respond with ICMP echo msg. and if the server is unreachable your ttl will reach 0 and you will get timeout msg.
ICMP usually have seq number to trace the number of the ICMP msg ( you can see it with traceroute).
so how does traceroute works?
your pc sends a ICMP with 1 ttl then sends another with 2 ttl and so on till you reach your distention. (also know that traceroute is not 100% accurate as packet with N ttl may take different route than the N+1 ttl packet.