ICMP is a network level protocol. ICMP messages communicate information about network connectivity issues back to the source of the compromised transmission. It sends control messages such as destination network unreachable, source route failed, and source quench. It uses a data packet structure with an 8-byte header and variable-size data section.
How does ICMP work?
ICMP is used by a device, like a router, to communicate with the source of a data packet about transmission issues. For example, if a datagram is not delivered, ICMP might report this back to the host with details to help discern where the transmission went wrong. It's a protocol that believes in direct communication in the workplace.
ICMP and Ping
Ping is a utility which uses ICMP messages to report back information on network connectivity and the speed of data relay between a host and a destination computer. It's one of the few instances where a user can interact directly with ICMP, which typically only functions to allow networked computers to communicate with one another automatically.
ICMP Security Concerns
Unfortunately, ICMP can be an attack vector for a network. A ping scan or sweep helps an attacker discover systems to target in future attacks. ICMP tunneling can enable a compromised device to secretly communicate with an attacker, receiving commands or exfiltrating data. An ICMP flood, a ping of death, or a Smurf attack can shut down a network through a distributed denial of service (DDoS). Even in the cloud, common cloud misconfigurations can open a window for ICMP-based attacks.